Product
Hosting Environment
Operating System
Capability
Task Type
Close

PingIntelligence for APIs - API Behavioral Security Engine

Updated 35

Add to MyDocs | Hide Show Table of Contents

ABS Introduction

API Behavioral Security Engine (ABS) is a Java-based distributed system which analyzes API traffic to provide API traffic insight, visibility, and security. API traffic information is received from ASE nodes in log files containing:

  • Client details such as device, browser, IP address, and operating system
  • Session information including HTTP or WebSocket connections and methods.

These logs are periodically, that is, at every 10 minutes forwarded to ABS nodes for processing. Using machine learning algorithms, ABS generates API traffic insight, anomaly data, and attack insight which identifies clients responsible for attacks. To prevent future attacks, ABS can automatically program inline devices (such as API Security Enforcer) to block clients based on attack lists. PingIntelligence for APIs Dashboard provides visualization of API attack, deception, and metrics.

ABS provides the following functionality:

  • Collection and consolidation of access logs from API Security Enforcer nodes
  • Machine learning algorithms to identify anomalies and attacks
  • Detection of attacks from HTTP(s) and WebSocket(s) traffic
  • Optional sending of attack lists to API Security Enforcer which blocks client access
  • Centralized database for storing machine learning output
  • Stateless cluster for scalability and resiliency
  • REST APIs for fetching traffic metrics, anomalies, and attack information
  • Email alerts
  • Data visualization

Configuring ABS consists of setting up three entities:

  1. Database system: ABS uses a MongoDB database to store metadata and all Machine Learning (ML) analytics. The MongoDB database system is configured in a replica set for production deployments. MongoDB is separately installed before starting ABS.
  2. ABS: One or more ABS instances are configured to receive and process logs and to store results in MongoDB. Ping Identity recommends installing ABS in a cluster for high availability deployments.
  3. PingIntelligence for APIs Dashboard: The Dashboard uses Elasticsearch and Kibana to render reference graphs for attack types, traffic metrics, and anomaly data. Please refer to ABS Dashboard Admin Guide for installation and configuration information.

Tags Product > PingIntelligence; Product > PingIntelligence > PingIntelligence 3.2