- Cloudflare announces new ways for securing the loose API endpoints beyond the traditional DDoS protection tools.
- APIs are easier to maintain and individual developers or teams can take charge of a single element.
There has been a boom in the API economy. But, such proliferation serves the bad actors with compromised internal systems and infrastructures. Many businesses monitor hundreds or even thousands of APIs. This is the reason behind the existence of web infrastructure and security companies. Cloudflare has introduced new ways to secure the loose and points of API beyond standard DDoS protection tools.
Cloudflare’s new API abuse detection toolset is made up of several elements. The first part relates to APL discovery along with Cloudflare developing a system that builds a trustworthy map of API. It gives businesses a clear picture of their API landscape. With the discovered APIs, Cloudflare abuse detection targets volumetric anomalies first which sets an API call threshold for the abuse management.
It should be noted that existing security tools can already set rate limits to prevent an API from being overwhelmed. This can thwart automated bad actors from repeating the same breach method. With so many potential APIs, it becomes difficult to assign a realistic threshold for every scenario automatically without creating a new set of problems. For instance, it is easy to set a threshold that blocks an IP after it reaches a limit of hundred requests. Well, what if all the requests turn out to be genuine?
Eventually, everything boils down to the purpose behind API. According to Cloudflare’s observation, the problem demands a more subjective arbiter. The company attempts with what it refers to as an adaptive rate-limiting technique.
Cloudflare can determine APIs that will likely require frequent calls from an end-user and set an appropriate threshold. For instance, a sports betting website may have an API that offers real-time soccer score updates. This will likely refresh itself frequently to ensure that the information is up to date.
Cloudfire determines a company’s API:
The same website may have an API to reset passwords. As Cloudflare maps out a company’s API it has established unique baselines for each API and determines the intent of the request as they are encountered.
“If we see 150 sudden attempts to reset a password, our systems immediately suspect an account takeover,” the company wrote in a blog post. Cloudflare says that it can alter thresholds if it detects that there is a good reason for a sudden spike in traffic such as a major sports event. In addition to the detection of volumetric anomalies, Cloudflare has also applied an additional layer of security which refers to sequential anomaly detection. This is where it figures out the common parts a user might take through a website and flags any deviation from that path.
A typical sequence that involves a user log-in, verification, and successful entry to the website. But if any steps of this process fall out of sync, then Cloudflare raises an alarm.