Summary

This page describes what Spherical is, and what it can detect.

What is Spherical Defense?

Spherical Defense is an API security solution that uses deep unsupervised learning to protect your APIs. The product is deployed onto AWS, and integrates with your API gateway to mirror your inbound API traffic.

The running Spherical Defense instance ingests this traffic, and builds an internal model of normal API behavior. After sufficient training, it will mount a model for evaluation.

Every subsequent API request will be classified as either normal or anomalous, depending on whether or not it is a threat. Additional information is included in the event, such as the part of the API request which is most suspicious, and a score which enables you to see the worst potential threats.

Any likely threats are filtered as events which can be consumed by SIEM solutions such as Splunk.

Spherical is an analytics solution to help you detect when your APIs are under attack.

Spherical has a three-stage life cycle.

Once you have deployed your Spherical instance, it will immediately start listening for API traffic.

It will stay in this mode for only as long as there is insufficient data to train the first security model.

After receiving roughly 160,000 requests, it will move to the next stage.

What can Spherical detect?

Spherical Defense can protect your APIs from malicious injection, mis-configuration, and generic misuse. Some examples of attacks that we can detect are as follows:

Excessive Data Exposure

Exposing more object-level data than necessary over API endpoints

Malicious Injection

Passing malicious instructions to databases and other services via the API. These include things like SQL injection.

Improper Assets Management

Exposing debug, administration and obsolete API endpoints.

Sensitive Information Transmission

Users passing personally identifiable information into the wrong field, resulting in a GDPR breach.

Mass Assignment

Accepting an unauthorized object update request.

Authorized Stateful Attacks

Authorized users attempting to subvert application state. These include things like Replay Attacks.

ML Attack Tools

Adversarial API fuzzing can be trained to subvert existing security systems..

How does it work?

Spherical Defense applies semi-supervised learning to the task of application-level threat detection. We train an advanced model to recreate your data and thus, learn the underlaying structure, syntax and semantics. With this insight it is then able to easily distinguish between benign and malicious requests.

Last updated