How does the Devops team defend against API attacks?

​ Remember when blackmail software was DevOps Are the main security threats the team needs to worry about ？

Those days have passed . Of course , Ransomware attacks are still happening , But according to Gartner The data of ,API Security vulnerabilities (2021 Years increased 600%) Now it is ready to become the number one attack medium of threat actors .

That's the bad news . The good news is , in many ways ,DevOps The security practices that the team has in place to prevent extortion software can also be reused to provide API Security ーー Just make some adjustments .

Please continue to read today's API Safe state , And extension DevOps Existing blackmail software defense technology to protect API A hint of .

API The advantages of

Even though API It seems surprising to suddenly become the attacker's best friend , But when you step back and think about the past five years, we have been right API How dependent is it , You will find that this is not the case .

API It's been around for a long time . But until recently ,API Mainly used for specific types of applications 、 B2B Or infrastructure integration . Until we turn to microservices and distributed architecture , Inside ( Or East and West ) API To become the glue that binds the application environment together , And pass information between the components and micro components of the application ( Sometimes it's sensitive ).

As for the outside API, Publish public API It has become the basic expectation of almost all software product enterprises ーー At present, there are about 2.2 Ten thousand public API, And several orders of magnitude more internal API.

As a result, API Create potential attack vectors against almost all applications or services . therefore , Bad people are increasingly focusing on using API As a means of accessing what you don't want them to have , That's what makes sense .

From blackmail software protection to API Protect

You may think that protection API Need new safety tools and practices . But actually , In reducing the risk of blackmail software and reducing API There are broad similarities between security risks .DevOps The team is the main defense against these .

Here is how to extend the anti extortion software strategy to anti API Use strategy .

Prevent lateral movement

It is the same as blackmail software that spreads horizontally from endpoint to endpoint by exploiting defects and vulnerabilities ,API Utilization also usually spreads horizontally to the whole environment .

T

It means , Even if you can't stop all API ( Or blackmail software ) Attacks break through your borders , You can take measures , Make it difficult to expand the damage . Through early detection of malicious activities in the environment , The threat can be prevented from spreading horizontally before it causes large-scale harm .

Pay attention to data security

Blackmail software attacks and API The attacks are all aimed at destroying the gem on the same crown : Your data . Blackmail software attackers want to use this data in exchange for ransom .API The attacker —— For example, those attacked from Peloton The person who steals sensitive information in the account , Or those through intrusion LinkedIn Of API To get about 7 People with billion user data —— You usually want to extract it , Probably for resale , Maybe it's just to damage your corporate reputation .

therefore , Reduce the risk of blackmail software and API Security risks are ultimately about protecting your data . Through internal and public API Implement strong access control and segmentation , Can reduce due to API The risk of data leakage caused by digital certificate authority .

Use the behavioral security model

Put all signature based security controls into attack prevention , For ransomware or API Attacks will not have a good effect , Especially when they are zero day attacks or unknown attacks . Although you should certainly strengthen the environment as much as possible , But it is impossible to guarantee that the vulnerability will not cross your defense .

This is why deploying a behavior based security model is to prevent extortion software and API The key to the attack . Behavioral security model detects abnormal activities in the environment , For example, abnormal requests or strange request patterns . By modeling and baselining behavior , And detect exceptions according to your model , You can prevent the attack from spreading in the process .

Don't rely on perimeter defense

Similarly , Trying to protect the surrounding environment is not necessarily able to resist blackmail software or API attack . contrary , You need to be at all endpoints 、 Applications 、 Distributed protection among services .

Again , There is no guarantee that the attacker will not come in . The success of your defense largely depends on your ability to make it difficult for them to upgrade attacks from small-scale gaps to attacks that affect a wide range of resources .

Look beyond the surface

Blackmail software and API Attacks are similar , Because they usually involve attack methods designed to avoid common security monitoring tools .

for example , An attacker may try to exploit the port 80 or 443( default HTTP/HTTPS port ) , These ports are almost always open on the firewall . therefore , You must avoid relying solely on standard ports or encryption for protection API signal communication . contrary , You must delve into payloads , Then analyze and understand the Protocol . Monitor and collect data from multiple sources , Then connect them and analyze , In order to have a deeper understanding of what actually happens in the environment , It's also important .

Conclusion

One thing is for sure , Blackmail software attacks and API Security attacks are completely different in some ways . They involve the use of different protocols , The target of the attacker is usually different .

But how the attacker operates 、 What they want to steal ( Your data ) And perimeter based defense 、 Blackmail software attacks and API In terms of the limitations of the attack , They are actually very similar .

This is why developers and DevOps The team does not need to reconsider their entire security strategy to deal with API The proliferation of attacks . contrary , Do what you are already doing to prevent ransomware , And use these technologies to help protect your API.