Driven by demands for tighter integration with their platforms, banking institutions are developing open APIs which enable partners to directly integrate and provide financial services to their customers. A key concern is ensuring the security of customer data when accessed via these APIs. Many banks use in-house systems to manage API access and deliver foundational security—including managing API keys and providing granular access control services. However, these banks also require strong protection against cyberattacks which could compromise the API service and expose customer data.
Elastic Beam API Behavioral Security (ABS) is deployed to monitor API transactions and report any suspicious activity, including attacks on the banking applications and data systems. ABS delivers an API security overlay on top of the deployed API management platform for complete visibility into API sessions to stop cyberattacks and show compliance. Protection is provided from:
- Extraction of data which could include customer accounts or other sensitive information.
- Malicious activity on customer accounts
- Abnormal insider activity
- Portal service downtime due to API DDoS attacks
ABS protects APIs from hackers’ malicious actions including data injection or extraction. Using AI techniques to analyze API transactions, ABS automatically blocks malicious activity and provides security analysts deep insight into API activity– at scale. Login services traffic is controlled to stop botnets from disrupting access or performing credential stuffing to compromise accounts. The self-learning ABS engine automatically discovers all active APIs, builds an understanding of expected per API activity, and then detects and stops malicious activity.