Summary

This page describes what Spherical is, and what it can detect.

What is Spherical Defense?

Spherical Defense is an API security solution that uses deep unsupervised learning to protect your APIs. The product is deployed onto AWS, and integrates with your API gateway to mirror your inbound API traffic.

The running Spherical Defense instance ingests this traffic, and builds an internal model of normal API behavior. After sufficient training, it will mount a model for evaluation.

Every subsequent API request will be classified as either normal or anomalous, depending on whether or not it is a threat. Additional information is included in the event, such as the part of the API request which is most suspicious, and a score which enables you to see the worst potential threats.

Any likely threats are filtered as events which can be consumed by SIEM solutions such as Splunk.

Spherical is an analytics solution to help you detect when your APIs are under attack.

Spherical has a three-stage life cycle.

Listen
Train
Secure
Listen

Once you have deployed your Spherical instance, it will immediately start listening for API traffic.

It will stay in this mode for only as long as there is insufficient data to train the first security model.

After receiving roughly 160,000 requests, it will move to the next stage.

Train

After sufficient data has been received, the system moves into training mode.

This mode will result in a trained security model after roughly 6 hours, which will then be mounted for evaluation.

As new data is received, the Spherical instance will train more models to account for natural changes in your API traffic over time.

Secure

Once the first security model has been trained, it is mounted for evaluation.

This means that every subsequent API request that is received by the system is given a classification (either benign or anomalous), and a score.

If you have integrated with an outbound service, these events will be filtered back.

What can Spherical detect?

Spherical Defense can protect your APIs from malicious injection, mis-configuration, and generic misuse. Some examples of attacks that we can detect are as follows:

Excessive Data Exposure

Exposing more object-level data than necessary over API endpoints

Malicious Injection

Passing malicious instructions to databases and other services via the API. These include things like SQL injection.

Improper Assets Management

Exposing debug, administration and obsolete API endpoints.

Sensitive Information Transmission

Users passing personally identifiable information into the wrong field, resulting in a GDPR breach.

Mass Assignment

Accepting an unauthorized object update request.

Authorized Stateful Attacks

Authorized users attempting to subvert application state. These include things like Replay Attacks.

ML Attack Tools

Adversarial API fuzzing can be trained to subvert existing security systems..

How does it work?

Spherical Defense applies semi-supervised learning to the task of application-level threat detection. We train an advanced model to recreate your data and thus, learn the underlaying structure, syntax and semantics. With this insight it is then able to easily distinguish between benign and malicious requests.