INDUSTRY WATCH
DDoS protection : APIs need to be protected against attacks using a flood of requests to slow or disrupt a service or to gain access to databases . Many DDoS attacks , frequently using SSL , focus on rendering the web application layer unreachable , causing a denialof-service state . A maliciously designed HTTP request can lead the web or application server to execute a large number of internal requests that can consume all its resources .
Defense and cloud DDoS applications : Guarding against ever-evolving cyberthreats requires comprehensive automated DDoS protection that continuously adapts to offer the fastest threat detection and mitigation .
Cloud security posture and cloud infrastructure entitlement management : Migrating application workloads to the public cloud creates new threat surfaces that if left unsecured can be exploited by attackers and lead to theft of customer data .
A sound security strategy must provide full support for the OWASP Top 10 , bot management , API security , DDoS protection , solution scalability and availability , and threat intelligence . Each component has an important role to play .
Multi-layered protection for application infrastructure and workloads : It ’ s important to secure the cloud environment against identity and access abuse and malicious user behavior , as well as protect the overall security posture of the public cloud environment .
OWASP Top 10 : OWASP Top 10 is an online document that provides ranking of and remediation guidance for the top 10 most critical web application security risks . The report , which is based on a consensus among security experts from around the world , helps organizations prioritize which risks to focus on and which vulnerabilities to fix in their technology .
Bot management : A bot manager defends APIs against automated attacks and ensures that only legitimate users and devices can access the APIs while blocking any attempt to reverse engineer mobile software development kits .
APIS SPEED-UP APPLICATION DEVELOPMENT WHILE ENABLING THE SHARING OF SENSITIVE DATA BETWEEN SYSTEMS .
Reverse proxy or application delivery controller ( ADC ): In an API-driven world , ensuring application SLAs is critical for ensuring the digital experience . ADCs are the foundation for keeping applications and their environments secure , scalable and available . ADCs enable support for the mutual transport level security ( mTLS ) requirement to securely connect banks to authorized third party applications .
Web application and API protection ( WAAP ): As modern applications are built on REST APIs , a layered approach is needed for complete protection of APIs against injections , scripting , parameter manipulations , protocol attacks and data theft . The same capabilities used for applications apply to APIs as well . WAAP helps in safeguarding both applications and APIs from data leakage , API vulnerabilities and API manipulations while protecting undocumented APIs .
Ultimately , the benefits of open banking , shared by both banks and customers , are dependent on comprehensive security strategies . Only with a multilayered safety net will banks and fintech be able to thrive in this environment and deliver solutions that build customer trust – while keeping cybercriminals at bay . p
74 INTELLIGENTCIO APAC www . intelligentcio . com