Categories
Problems that solves
Shortage of inhouse software developers
Shortage of inhouse IT resources
High costs of IT personnel
Shortage of inhouse IT engineers
Values
Reduce Costs
Ensure Security and Business Continuity
Spherical Defence
Spherical Defense is an API security solution that uses deep unsupervised learning to protect your APIs
About Product
Description
Three-stage Lifecycle
Listen
Once you have deployed your Spherical instance, it will immediately start listening for API traffic. It will stay in this mode for only as long as there is insufficient data to train the first security model. After receiving roughly 16,000 requests, it will move to the next stage.
Train
After sufficient data has been received, the system moves into training mode. This mode will result in a trained security model after roughly 6 hours, which will then be mounted for evaluation. As new data is received, the Spherical instance will train more models to account for natural changes in your API traffic over time.
Secure
Once the first security model has been trained, it is mounted for evaluation. This means that every subsequent API request that is received by the system is given a classification (either benign or anomalous), and a score. If you have integrated with an outbound service, these events will be filtered back.
What can Spherical detect?
- Excessive Data Exposure. Exposing more object-level data than necessary over API endpoints
- Malicious Injection. Passing malicious instructions to databases and other services via the API. These include things like SQL injection.
- Improper Assets Management. Exposing debug, administration and obsolete API endpoints.
- Sensitive Information Transmission. Users passing personally identifiable information into the wrong field, resulting in a GDPR breach.
- Authorized Stateful Attacks. Authorized users attempting to subvert application state. These include things like Replay Attacks.
- Mass Assignment. Accepting an unauthorized object update request.
- ML Attack Tools. Adversarial API fuzzing can be trained to subvert existing security systems.