API Security: Who’s Knocking at Your Door?

Web services are one of (if not) the most fundamental, enabling technologies of the digital age. Around the globe at this very moment, hundreds of millions of server and software calls are being made to hundreds of thousands of APIs. Modern business runs on APIs.

But not all of the client callers are friendly. Many want to do harm to the business behind the web service, their partners, and their clients.

Whether your API is used primarily for B2B exchanges, in your own apps, or is used by consumer developers to build their apps and sites, most companies that provide APIs really don’t know who’s communicating with their endpoints. As well, most companies have little to no clue if those calls are being made from unexpected places that may themselves be posing big security risks.

So, what are the top threats posed by APIs?

A recent research survey conducted by cybersecurity platform provider Imperva found that while almost 70% of businesses have APIs, few have robust security baked in or were not designed with security in mind. These insecure APIs are thus very easy targets for one of the scourges of the modern digital world: botnets.

Botnets (and their participation in things like DDoS attacks) are the number one threat to business APIs. Besides just jamming APIs so they can’t be used for short periods, botnets can also simply slowly strain them or attempt to put them out of business by frustrating their operations in a variety of ways a little bit over time, harming your partners, clients, profits and reputations.

They can also be used for a much wider variety of attacks and compromises often all at once in coordinated attacks that include your APIs and other network endpoints, such as:

  • Spamming
  • Sniffing Traffic
  • Spreading Malware
  • Installing Advertisement Add-ons and Browser Helper Objects (BHOs)
  • Google AdSense Distro Disruption
  • Large-Scale Identity Theft

Getting Rid of Unwanted Visitors

Rather than spend a small fortune on a big, bloated cybersecurity, endpoint, or threat intelligence platform, most companies can quickly and affordably improve the security of their APIs in a big way by just knowing who’s reaching out to talk to their endpoints, finding out which ones of them are potentially risky, and blacklisting or limiting access to those server clients.

How you may ask?

By using our Musubu IP data and cyber threat information APIs, it’s easy for developers to build IP checks right into their existing systems. Our APIs not only provide core IP data that shows you things like company and geolocation info for the calling IP address, we also use our internal data sets and special algorithmic special sauce to score each IP for it’s riskiness. From there, it’s easy to block potentially risky IPs.

When you query one or more IP addresses with our API, we give you back:

VERBOSE OUTPUT
ipaddressIPv4 address in 4-octet dot notation, from 0.0.0.0 to 255.255.255.255
ipintIPv4 address as 8 byte integer representation. Integer 0-4294967295.
threat_potential_score_pctNumeric threat score. Integer 0-100.
threat_classificationOverall characterization of threat. String, with one of the following values:
High
Medium
Low
Nuisance
blacklist_classString, with one of the following values:
apache
blacklisted
botnet
botnetcnc
bruteforce
compromised
ftp
http
imap
mail
malware
phishing
ransomware
shunned
sips
ssh
tor
worm
zeus
blacklist_class_cntCount of distinct sources which have identified the address as malicious. Integer.
blacklist_network_neighborsCount of addresses present on the same subnet which have been identified as malicious. Integer.
blacklist_observationsCount of observations in the last 90 days. Integer.
countryTwo character country designation based on ISO 3166-1 alpha-2. String.
stateprovState or province. String.
districtString.
cityString.
zipcodeString.
latitudeLatitude. Float.
longitudeLongitude. Float.
timezone_offsetTimezone offset in hours. Float.
timezone_nameString.
ispnameInternet Service Provider (ISP) or associated organization. String, alphanumeric and punctuation.
network_typeThe service classification for the associated network. String, with one of the following values:

ACADEMIA(universities, schools, labs, and institutes)
BROADBAND(residential and small business)
CDN(commercial, P2P, and free content delivery networks)
CLOUDHOSTING(cloud and web hosting environments)
ENTERTAINMENT(music, TV, video sharing, and gaming)
FILESHARING(commercial and free)
GOVERNMENT(federal, state & local, and foreign governments)
HEALTHCARE(commercial)
INTERNETAUTHORITIES(government, non-profit, and international authorities)
INTERNETSECURITY(commercial internet security firms)
SEARCHENGINE(commercial)
SOCIALNETWORKING(commercial social networking sites)
SOFTWAREDOWNLOADS(commercial and free)
CRYPTOCURRENCY
NODES(public and hidden TOR services)
COUNTRY
network_groupString.
network_nameString, alphanumeric plus punctuation.
So, not only can you pinpoint the location of IPs that are communicating with your API endpoint, you can also determine if it’s been seen in association with a cyber threat such as botnets, phishing, malware and much more. Just check out the list above.

 

In addition, we provide your engineers and analysts with a host of important data useful to a wide variety of app development and cybersecurity use cases.

 

Our Musubu API service was developed to give just this kind of edge to U.S. government and defense networks. If it’s good enough for them and their huge volume of client connections, rest assured it can help secure your web services too.

 

Wanna explore the API and data?
 
Sign in to our simple user interface app, MusubuApp, at https://musubuapp.io/. It’s free to search up to 50 comma-separated IPs per day. Just register, then paste in your CSV list and away you go. It’s a great tool for checking your own endpoints too, along with dozens of other use cases.

 

Contact Us Now with Any Questions and for More Info



About the Author

Wayne Wheeles

Wayne Wheeles is a serial entrepreneur and is most recently the CEO of Release 2 Innovations LLC. Seasoned by over two decades of experience and results in network forensics, insider threat detection, and information security, Wayne’s work spans multiple disciplines and several technology-related industries. Wayne is a proven practitioner with extensive hands-on experience in the fields of network security thought leadership, client implementation stewardship, and product development direction. Prior to establishing Release 2 Innovations, Wayne served as an industry thought leader who built three of the top cybersecurity practices in the Commercial and Federal industries. Wayne continues to serve as a developer, practitioner, and liaison between commercial and federal clients with the development and sales teams. Wayne has served in a variety of roles and has been recognized for developing and delivering solutions which have yielded measurable results for clients. He has been independently identified and recognized as a thought leader in big data, analytics, and cybersecurity. His merits would include being a member of the Cloudera Champions of Big Data and in consideration for the President’s Council on Cybersecurity. He is a tireless serial entrepreneur who has repeatedly built "future proof" process-oriented commercial and federal cybersecurity teams.

Contact Me