Spherical Defence

Three-stage Lifecycle Listen Once you have deployed your Spherical instance, it will immediately start listening for API traffic. It will stay in this mode for only as long as there is insufficient data to train the first security model. After receiving roughly 16,000 requests, it will move to the next stage. Train After sufficient data has been received, the system moves into training mode. This mode will result in a trained security model after roughly 6 hours, which will then be mounted for evaluation. As new data is received, the Spherical instance will train more models to account for natural changes in your API traffic over time. Secure Once the first security model has been trained, it is mounted for evaluation. This means that every subsequent API request that is received by the system is given a classification (either benign or anomalous), and a score. If you have integrated with an outbound service, these events will be filtered back. What can Spherical detect?

• Excessive Data Exposure. Exposing more object-level data than necessary over API endpoints
• Malicious Injection. Passing malicious instructions to databases and other services via the API. These include things like SQL injection.
• Improper Assets Management. Exposing debug, administration and obsolete API endpoints.
• Sensitive Information Transmission. Users passing personally identifiable information into the wrong field, resulting in a GDPR breach.
• Authorized Stateful Attacks. Authorized users attempting to subvert application state. These include things like Replay Attacks.
• Mass Assignment. Accepting an unauthorized object update request.
• ML Attack Tools. Adversarial API fuzzing can be trained to subvert existing security systems.