API Security: Who’s Knocking at Your Door?
Web services are one of (if not) the most fundamental, enabling technologies of the digital age. Around the globe at this very moment, hundreds of millions of server and software calls are being made to hundreds of thousands of APIs. Modern business runs on APIs.
But not all of the client callers are friendly. Many want to do harm to the business behind the web service, their partners, and their clients.
Whether your API is used primarily for B2B exchanges, in your own apps, or is used by consumer developers to build their apps and sites, most companies that provide APIs really don’t know who’s communicating with their endpoints. As well, most companies have little to no clue if those calls are being made from unexpected places that may themselves be posing big security risks.
So, what are the top threats posed by APIs?
A recent research survey conducted by cybersecurity platform provider Imperva found that while almost 70% of businesses have APIs, few have robust security baked in or were not designed with security in mind. These insecure APIs are thus very easy targets for one of the scourges of the modern digital world: botnets.
Botnets (and their participation in things like DDoS attacks) are the number one threat to business APIs. Besides just jamming APIs so they can’t be used for short periods, botnets can also simply slowly strain them or attempt to put them out of business by frustrating their operations in a variety of ways a little bit over time, harming your partners, clients, profits and reputations.
They can also be used for a much wider variety of attacks and compromises often all at once in coordinated attacks that include your APIs and other network endpoints, such as:
- Spamming
- Sniffing Traffic
- Spreading Malware
- Installing Advertisement Add-ons and Browser Helper Objects (BHOs)
- Google AdSense Distro Disruption
- Large-Scale Identity Theft
Getting Rid of Unwanted Visitors
Rather than spend a small fortune on a big, bloated cybersecurity, endpoint, or threat intelligence platform, most companies can quickly and affordably improve the security of their APIs in a big way by just knowing who’s reaching out to talk to their endpoints, finding out which ones of them are potentially risky, and blacklisting or limiting access to those server clients.
How you may ask?
By using our Musubu IP data and cyber threat information APIs, it’s easy for developers to build IP checks right into their existing systems. Our APIs not only provide core IP data that shows you things like company and geolocation info for the calling IP address, we also use our internal data sets and special algorithmic special sauce to score each IP for it’s riskiness. From there, it’s easy to block potentially risky IPs.
When you query one or more IP addresses with our API, we give you back:
| VERBOSE OUTPUT | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ipaddress | IPv4 address in 4-octet dot notation, from 0.0.0.0 to 255.255.255.255 | ||||||||||||||||||||||||||||||||
| ipint | IPv4 address as 8 byte integer representation. Integer 0-4294967295. | ||||||||||||||||||||||||||||||||
| threat_potential_score_pct | Numeric threat score. Integer 0-100. | ||||||||||||||||||||||||||||||||
| threat_classification | Overall characterization of threat. String, with one of the following values: High Medium Low Nuisance |
||||||||||||||||||||||||||||||||
| blacklist_class | String, with one of the following values: apache blacklisted botnet botnetcnc bruteforce compromised ftp http imap malware phishing ransomware shunned sips ssh tor worm zeus |
||||||||||||||||||||||||||||||||
| blacklist_class_cnt | Count of distinct sources which have identified the address as malicious. Integer. | ||||||||||||||||||||||||||||||||
| blacklist_network_neighbors | Count of addresses present on the same subnet which have been identified as malicious. Integer. | ||||||||||||||||||||||||||||||||
| blacklist_observations | Count of observations in the last 90 days. Integer. | ||||||||||||||||||||||||||||||||
| country | Two character country designation based on ISO 3166-1 alpha-2. String. | ||||||||||||||||||||||||||||||||
| stateprov | State or province. String. | ||||||||||||||||||||||||||||||||
| district | String. | ||||||||||||||||||||||||||||||||
| city | String. | ||||||||||||||||||||||||||||||||
| zipcode | String. | ||||||||||||||||||||||||||||||||
| latitude | Latitude. Float. | ||||||||||||||||||||||||||||||||
| longitude | Longitude. Float. | ||||||||||||||||||||||||||||||||
| timezone_offset | Timezone offset in hours. Float. | ||||||||||||||||||||||||||||||||
| timezone_name | String. | ||||||||||||||||||||||||||||||||
| ispname | Internet Service Provider (ISP) or associated organization. String, alphanumeric and punctuation. | ||||||||||||||||||||||||||||||||
| network_type | The service classification for the associated network. String, with one of the following values:
|
||||||||||||||||||||||||||||||||
| network_group | String. | ||||||||||||||||||||||||||||||||
| network_name | String, alphanumeric plus punctuation. |
Sign in to our simple user interface app, MusubuApp, at https://musubuapp.co/. It’s free to search up to 50 comma-separated IPs per day. Just register, then paste in your CSV list and away you go. It’s a great tool for checking your own endpoints too, along with dozens of other use cases.
Contact Us Now with Any Questions and for More Info