Blog Posts Process Management

A Host of New and Evolving Threats Call for Smarter API Security

Blog: The Tibco Blog

Reading Time: 2 minutes

Today, enterprises face a wide variety of cybersecurity threats. As detailed in part one of this blog series, APIs have increasingly become a target of malicious hackers seeking sensitive business data. 

The terms “API management” and “API security” have become almost interchangeable as IT and business professionals depend on API management solutions to keep enterprise assets safe from unauthorized users through security measures such as authentication, encryption, and rate-limiting. However, API security protocols need to evolve to take on emerging new threats and API attacks, with expanded capabilities and tools that go beyond the established basics of API management.

Cybercriminals have a variety of tactics, including authentication system attacks through stolen tokens or API keys, Distributed Denial of Service (DDoS) attacks meant to overload APIs, or attacks on applications or data sources. Threats can also come from within the company through rogue APIs that are published without enforcing security requirements or even from API flaws that inadvertently expose data.  

Good API security means enforcing enterprise-wide API security policies throughout the API lifecycle and monitoring all API usage post-authorization for abnormalities and hacking. However, many API cyberattacks bypass traditional security measures because hackers look like normal users with valid credentials. 

Advanced organizations address this challenge by using artificial intelligence (AI) and machine learning (ML) threat detection to react faster to threats and proactively prevent problems before they occur. 

Using an AI- and ML-based solution is critical to detect abnormal behavior from:

TIBCO partners with Ping Identity to boost API security by adding an AI- and ML-driven layer on top of TIBCO Cloud™ API Management. The AI layer continuously analyzes all activity to block API hacks, stop account takeovers, and identify abnormal API behavior while providing deep API traffic visibility and reporting across all TIBCO Cloud API Management clusters. Ping and TIBCO work together to provide a smarter solution that proactively works to keep your enterprise assets safe. 

Additionally, TIBCO continually enhances its core API management capabilities to ensure your enterprise assets are protected throughout the API lifecycle. One recent example is adding support for running TIBCO Cloud API Management with the restricted security context constraints (SCC) on the Openshift platform. The restricted SCC is now used by default for all authorized users, improving overall security by running all containers and processes with a non-privileged user and by allowing the use of the arbitrary unique identifier (UID) dynamically created by Openshift. 

Other upgrades TIBCO has made this year include:

Protect Your Valuable Enterprise Assets with a Comprehensive Guide from TIBCO and Ping Identity

For API product leaders looking to defend their ecosystems, TIBCO and Ping Identity have partnered to have you navigate the quickly changing security landscape using this comprehensive guide. It provides an overview of new security threats faced by enterprises, modern security practices, and a checklist of security requirements for protecting an organization’s most valuable assets and safeguarding its customer data.

Advanced organizations address API security challenges by using AI and ML threat detection to react faster to threats and proactively prevent problems before they occur. 
Click To Tweet

The post A Host of New and Evolving Threats Call for Smarter API Security first appeared on The TIBCO Blog.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples