CRYSTAL CLEAR CYBERSECURITY

Ammune™ Actively Protects APIs in Real Time

Centralized Vision

Ammune™ is

a Fully Automated AI-Based API Security Solution

About L7defense

Transforming How Companies Operate Their Cybersecurity

L7 Defense helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks. APIs have become critical for data sharing and applications integration and are therefore an attractive path for malicious attacks that expose organizations to new, continuously evolving threats.

With a team of experienced leaders and innovators, L7 Defense revolutionizes the way organizations protect their APIs using its advanced AI-based technology.

Ammune™, L7 Defense’s platform technology, received in 2020 a Product Leadership Award by Frost & Sullivan for protecting APIs thanks to its novel unsupervised learning AI approach of protecting APIs.

Technology Alliances

L7 Defense operates at leading public clouds, collaborating with major tech vendors, to provide organizations with top-notch inline API security.

 

API-WAF Module

The API-WAF module protects from malicious content-based (“classical”) attacks that appear in the “OWASP Top 10”- APIs and Applications security lists. Performing in real time, the module conducts full deep packet inspection (DPI), followed by AI/ML analysis of requests and replies that are passing through, making it the ultimate first line of API protection

“OWASP Top 10 Web Application
Security Risks”

# Attack Type
A-1 Injection
A-2 Broken Authentication
A-3 Sensitive Data Exposure
A-4 XML External Entities (XXE)
A-5 Broken Access Control
A-6 Security Misconfiguration
A-7 Cross-Site Scripting (XSS)
A-8 Insecure Deserialization
A-9 Using Components with Known Vulnerabilities
A-10 Insufficient Logging & Monitoring

“OWASP Top 10 API Security Risks”

# Attack Type
API-1 Broken Object Level Authorization
API-2 Broken User Authentication
API-3 Excessive Data Exposure
API-4 Lack of Resources & Rate Limiting
API-5 Broken Function Level Authorization
API-6 Mass Assignment
API-7 Security Misconfiguration
API-8 Injection
API-9 Improper Assets Management
API-10 Insufficient Logging & Monitoring

API 1,2,5,6 are crossed out as they are listed under the Business Logic (BL) type attacks

API-BL Module

The API-BL module protects APIs from Business Logic (BL) attacks that can lead to forbidden data or functionality access, or to abused business processes and fraud. These attacks partially appear in the “OWASP Top 10 – API security list”, while additional attack types were added by L7Defense. Ammune™ performs in-session traffic analysis to identify these attack patterns in real time, including session as well as historical data points. Together with the API-WAF module, this module completes the first line of protection

“OWASP Top 10 API Security Risks”

# Attack Type
API-1 Broken Object Level Authorization
API-2 Broken User Authentication
API-3 Excessive Data Exposure
API-4 Lack of Resources & Rate Limiting
API-5 Broken Function Level Authorization
API-6 Mass Assignment
API-7 Security Misconfiguration
API-8 Injection
API-9 Improper Assets Management
API-10 Insufficient Logging & Monitoring

API 3,4,7,8,9,10 are crossed out as they are listed under the WAF type attacks

More API Security Risks

# Attack Type
L7B-1 Broken payment flow – missing bind between payment and order
L7B-2 Broken payment flow – insufficient input validation
L7B-3 Broken credentials restore flow
L7B-4 Broken credentials revoke flow
L7B-5 JWT Token tampering
L7B-6 Insufficient 3rd party application trust

Those are new attack types currently not part of the OWASP list

API-BOT Module

The API-BOT module protects APIs from business-related bot attacks as they appear in the “Automated Threats to Web Applications” list, also known as “OWASP Top 20”. The module performs real-time full deep packet inspection (DPI), followed by near real-time AI/ML analysis of the API(s) traffic, content, context, and metadata, using specific bot activity measurements that are made according to bot type activity characteristics

“OWASP Top 20 Automated Threats to Web Applications”

# Attack type
OAT-1 Carding
OAT-2 Token Cracking
OAT-3 Ad Fraud
OAT-4 Fingerprinting
OAT-5 Scalping
OAT-6 Expediting
OAT-7 Credential Cracking
OAT-8 Credential Stuffing
OAT-9 CAPTCHA Defeat
OAT-10 Card Cracking
# Attack type
OAT-11 Scraping
OAT-12 Cashing out
OAT-13 Sniping
OAT-14 Vulnerability Scanning
OAT-15 Denial of Service
OAT-16 Skewing
OAT-17 Spamming
OAT-18 Footprinting
OAT-19 Account Creation
OAT-20 Account Aggregation

API-DDoS Module

The API-DDoS module protects from DDoS attacks tailored against specific API(s). These attacks may use camouflage techniques, such as rotating source IPs or requests content randomization while using optimization algorithms to decide on the next wave of attack. Ammune™ API-DDoS module performs real-time deep packet inspection (DPI), followed by AI/ML analysis of the API(s) traffic in order to find exceptional API-related resource consumption within seconds

Top API-DDoS Security Risks (HTTP/s)

# Attack type
L7D-1 Classical botnets flood attack
L7D-2 Human mimicking attack
L7D-3 AI-based optimization attack
L7D-4 Heavy file downloads attack
L7D-5 Rotating IP’s attack
L7D-6 IoT source IP’s / anonymous proxies attacks
L7D-7 Multiple vectors attacking simultaneously
L7D-8 Request content randomization attack
L7D-9 “Out of scheme” parameters and contents attack
L7D-10 Cache evading attack
# Attack type
L7D-11 Hit & run / randomly changing traffic volumes attack
L7D-12 Baseline poisoning attack
L7D-13 Flash crowding mimicking event attack
L7D-14 Attack occurs through flash crowding event
L7D-15 Asymmetric requests attack
L7D-16 Brute force attack
L7D-17 SlowLoris and slow-post attack
L7D-18 Slow read attack
L7D-19 SSL re-negotiation attack
L7D-20 SSL session exhaustion attack

Use Cases

Blocking “Under the Radar” API Attacks

“We found out very quickly that we can truly rely on L7 Defense’s Ammune to detect Applicative DDoS threats on APIs with no additional overhead – Well done!”

The Customer: A large bank

The Challenge:
The bank’s web systems were constantly under applicative DDoS attacks targeting web systems APIs, causing severe maintenance overhead and significant degradation in service quality. High false positive / negative alerts rate of the existing applicative defense solutions led to an unacceptable workload for the SOC. The incumbent applicative solutions also required significant maintenance and were unable to block under the radar API DDoS attacks.

The Solution:
L7Defense’s Ammune™ API-DDoS solution was installed within two hours and became operational within the next hour. It was deployed in TAP mode – behind the incumbent solution and integrated into the upstream FW system, which performed the actual mitigation process as its proxy.

The Outcome and Benefits:

The DDoS protection is now highly improved, service quality has been restored, and security and IT overload due to DDoS attacks has been contained. A week after installation, Ammune™ detected and mitigated a major multi-APIs DDoS attack, targeting the bank’s main website. The bank’s web domains are now monitored by Ammune™ API-DDoS and the bank is evaluating additional API security modules from L7 Defense.

Protecting APIs in Legacy Environment

“We had a gap in our applicative security measures, and the constant maintenance and updates overloaded our SOC staff. L7 Defense’s Ammune was the solution chosen to best remedy the situation – and it plugged the gap.”

The Customer:

Financial Institution Data Center

The Challenge:

The on-premise data center is processing a high volume of critical financial transactions for large banks. Systems availability was impaired by constant low-frequency applicative DoS attacks targeting specific APIs. In addition, high SOC team overhead was caused by the need to constantly update and maintain the legacy application defense WAF solution.

The Solution:

The full AmmuneTM solution suite (API-WAF, API-DDoS, and API-Bot) was installed at the customer’s data center.

The Outcome and Benefits:

AmmuneTM is mitigating various attacks on APIs that are usually missed by the WAF defense. It also provides extensive reporting and analysis functionality that increases the APIs visibility. As a result, the workload of the SOC staff was significantly reduced.

Protecting APIs in AWS Cloud

“L7 Defense Ammune was installed in less than an hour by our in-house team. It was very easy to implement, and it required no further system updates. L7 Defense’s support team was available to us at all times.”

The Customer:

Cloud-native Corporation

The Challenge:

Assets on Amazon AWS were constantly under hostile API attempts – impacting the marketing website and hurting reputation and operations. The need called for a fully cloud-native solution.

The Solution:

The full AmmuneTM solution suite (API-WAF, API-DDoS, and API-Bot) was installed at the customer’s Virtual Private Cloud (VPC) .

The Outcome and Benefits:

Full APIs visibility as well as mitigation capability were achieved within one hour after installation, including an extensive blocking capability. Only marginal subsequent tuning and maintenance was required. As a bonus, zero false alerts are now the norm.