This page describes what Spherical is, and what it can detect.
Spherical Defense is an API security solution that uses deep unsupervised learning to protect your APIs. The product is deployed onto AWS, and integrates with your API gateway to mirror your inbound API traffic.
The running Spherical Defense instance ingests this traffic, and builds an internal model of normal API behavior. After sufficient training, it will mount a model for evaluation.
Every subsequent API request will be classified as either normal or anomalous, depending on whether or not it is a threat. Additional information is included in the event, such as the part of the API request which is most suspicious, and a score which enables you to see the worst potential threats.
Any likely threats are filtered as events which can be consumed by SIEM solutions such as Splunk.
Spherical has a three-stage life cycle.
Once you have deployed your Spherical instance, it will immediately start listening for API traffic.
It will stay in this mode for only as long as there is insufficient data to train the first security model.
After receiving roughly 160,000 requests, it will move to the next stage.
After sufficient data has been received, the system moves into training mode.
This mode will result in a trained security model after roughly 6 hours, which will then be mounted for evaluation.
As new data is received, the Spherical instance will train more models to account for natural changes in your API traffic over time.
Once the first security model has been trained, it is mounted for evaluation.
This means that every subsequent API request that is received by the system is given a classification (either benign or anomalous), and a score.
If you have integrated with an outbound service, these events will be filtered back.
Spherical Defense can protect your APIs from malicious injection, mis-configuration, and generic misuse. Some examples of attacks that we can detect are as follows:
Exposing more object-level data than necessary over API endpoints
Passing malicious instructions to databases and other services via the API. These include things like SQL injection.
Exposing debug, administration and obsolete API endpoints.
Sensitive Information Transmission
Users passing personally identifiable information into the wrong field, resulting in a GDPR breach.
Accepting an unauthorized object update request.
Authorized Stateful Attacks
Authorized users attempting to subvert application state. These include things like Replay Attacks.
ML Attack Tools
Adversarial API fuzzing can be trained to subvert existing security systems..
Spherical Defense applies semi-supervised learning to the task of application-level threat detection. We train an advanced model to recreate your data and thus, learn the underlaying structure, syntax and semantics. With this insight it is then able to easily distinguish between benign and malicious requests.