Home / 2019 / June / 10

Daily Archives: June 10, 2019

WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs

New open source extension integrates the AI-powered cybersecurity of PingIntelligence for APIs with the robust, policy-based security controls in WSO2 API Manager

Mountain View, CA and Denver, CO, June 10, 2019 (GLOBE NEWSWIRE) —

The proliferation of APIs catalyzed by digital transformation initiatives is viewed as a virtual goldmine by hackers, who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. And all too often, static security controls fail to stop these attacks. Now, WSO2 and Ping Identity have partnered to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

Through the partnership, WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE) module, which can be deployed in the WSO2 API Gateway. As a result, WSO2 API Manager users can apply AI-based security analysis and threat blocking to their APIs along with static policy-based security controls.

Additionally, WSO2 and Ping Identity will co-host a webinar to discuss how enterprises can protect their API infrastructure from advanced attacks by leveraging the power of machine learning and AI in conjunction with API management. The event will be held on June 20, 2019 at 10:00 a.m. Pacific Daylight Time. To learn more and register, click here.

AI-Driven Security for API Management

“By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications,” observes Gartner in the report, How to Build an Effective API Security Strategy [1]. The report [2] further notes that, “A security strategy that manages access and protects systems from attack while still engaging digital ecosystems is essential to any API program.”

WSO2 API Manager, part of the WSO2 Integration Agile Platform, is the leading open source software for full API lifecycle management, monetization, and policy enforcement. Designed for deployment on-premises, in the cloud, as a managed cloud service, or in hybrid environments, WSO2 API Manager offers several policy-based options for security and access control. These include OAuth 2.0 authentication and authorization, API policy creation and enforcement, request and response validation, rate limiting, and the ability to set quotas, among others.

PingIntelligence for APIs is a leading solution for AI-powered API cybersecurity. By applying AI models to continuously inspect and report on all API activity, it automatically discovers anomalous API activity and threats across API infrastructures. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and stop emerging new threats that breach APIs while flying under the radar of foundational API security measures. The solution requires no policies or rules to be written, and it can recognize new and changing attacks.

Through the integrated functionality of PingIntelligence and WSO2 API Manager, organizations now have a complete solution for managing and protecting the APIs that drive their business. Examples of API attacks that can be reported and blocked using the integrated solution include attacks that use a valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user. Others include attacks that use stolen token, cookies, or API keys; attacks on login systems; remote application control; botnets scraping data; data exfiltration; API-specific denial of service/distributed denial of service (DoS/DDoS) attacks, as well as an array of attacks coming from authenticated users. To learn more and download the extension, visit https://wso2.com/ai-driven-security-enforcement-for-api-management.

“Ping Identity’s alliance with WSO2 extends our commitment to expanding our API security ecosystem,” said Bernard Harguindeguy, CTO, Ping Identity. “The advanced API security we deliver via PingIntelligence for APIs’ machine learning and artificial intelligence provides a strong complement to WSO2 API Manager in supporting the cybersecurity needs of today’s API-driven enterprises.”

“As more organizations implement internal and external API strategies to drive their digital transformation, APIs are becoming attractive targets for hackers,” said Paul Fremantle, WSO2 co-founder and CTO. “By integrating the extensive API management and control functionality of WSO2 API Manager with the AI-powered security of PingIntelligence for APIs, we can ensure that enterprises are well-equipped to detect and block attacks on their APIs—whether on-premises, across devices, or in the cloud.”

[1] Gartner, “How to Build an Effective API Security Strategy,” by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, December 8, 2017.

[2] Gartner, “How to Build an Effective API Security Strategy” December 8, 2017.

About Ping Identity

Ping Identity envisions a digital world powered by intelligent identity. We help enterprises achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, employees and partners with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Over half of the Fortune 100 choose us for our identity expertise, open standards leadership, and partnership with companies including Microsoft, Amazon, and Google. We provide flexible options to extend hybrid IT environments and accelerate digital business initiatives with multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities. Visit www.pingidentity.com.

About WSO2

WSO2 is the world’s #1 open source integration vendor, helping digital-driven organizations become integration agile. Customers choose us for our broad integrated platform, approach to open source, and agile transformation methodology. The company’s hybrid platform for developing, reusing, running and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud. Today, hundreds of leading brands and thousands of global projects execute 6 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more.

Trademarks and registered trademarks are the properties of their respective owners.

Shifali Erasmus
WSO2
650-544-6424
shifali@kineticprllc.com

Candace Flynn
Ping Identity
303-476-0019
candaceflynn@pingidentity.com

WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs

New open source extension integrates the AI-powered cybersecurity of PingIntelligence for APIs with the robust, policy-based security controls in WSO2 API Manager

Mountain View, CA and Denver, CO, June 10, 2019 (GLOBE NEWSWIRE) —

The proliferation of APIs catalyzed by digital transformation initiatives is viewed as a virtual goldmine by hackers, who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. And all too often, static security controls fail to stop these attacks. Now, WSO2 and Ping Identity have partnered to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

Through the partnership, WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE) module, which can be deployed in the WSO2 API Gateway. As a result, WSO2 API Manager users can apply AI-based security analysis and threat blocking to their APIs along with static policy-based security controls.

Additionally, WSO2 and Ping Identity will co-host a webinar to discuss how enterprises can protect their API infrastructure from advanced attacks by leveraging the power of machine learning and AI in conjunction with API management. The event will be held on June 20, 2019 at 10:00 a.m. Pacific Daylight Time. To learn more and register, click here.

AI-Driven Security for API Management

“By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications,” observes Gartner in the report, How to Build an Effective API Security Strategy [1]. The report [2] further notes that, “A security strategy that manages access and protects systems from attack while still engaging digital ecosystems is essential to any API program.”

WSO2 API Manager, part of the WSO2 Integration Agile Platform, is the leading open source software for full API lifecycle management, monetization, and policy enforcement. Designed for deployment on-premises, in the cloud, as a managed cloud service, or in hybrid environments, WSO2 API Manager offers several policy-based options for security and access control. These include OAuth 2.0 authentication and authorization, API policy creation and enforcement, request and response validation, rate limiting, and the ability to set quotas, among others.

PingIntelligence for APIs is a leading solution for AI-powered API cybersecurity. By applying AI models to continuously inspect and report on all API activity, it automatically discovers anomalous API activity and threats across API infrastructures. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and stop emerging new threats that breach APIs while flying under the radar of foundational API security measures. The solution requires no policies or rules to be written, and it can recognize new and changing attacks.

Through the integrated functionality of PingIntelligence and WSO2 API Manager, organizations now have a complete solution for managing and protecting the APIs that drive their business. Examples of API attacks that can be reported and blocked using the integrated solution include attacks that use a valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user. Others include attacks that use stolen token, cookies, or API keys; attacks on login systems; remote application control; botnets scraping data; data exfiltration; API-specific denial of service/distributed denial of service (DoS/DDoS) attacks, as well as an array of attacks coming from authenticated users. To learn more and download the extension, visit https://wso2.com/ai-driven-security-enforcement-for-api-management.

“Ping Identity’s alliance with WSO2 extends our commitment to expanding our API security ecosystem,” said Bernard Harguindeguy, CTO, Ping Identity. “The advanced API security we deliver via PingIntelligence for APIs’ machine learning and artificial intelligence provides a strong complement to WSO2 API Manager in supporting the cybersecurity needs of today’s API-driven enterprises.”

“As more organizations implement internal and external API strategies to drive their digital transformation, APIs are becoming attractive targets for hackers,” said Paul Fremantle, WSO2 co-founder and CTO. “By integrating the extensive API management and control functionality of WSO2 API Manager with the AI-powered security of PingIntelligence for APIs, we can ensure that enterprises are well-equipped to detect and block attacks on their APIs—whether on-premises, across devices, or in the cloud.”

[1] Gartner, “How to Build an Effective API Security Strategy,” by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, December 8, 2017.

[2] Gartner, “How to Build an Effective API Security Strategy” December 8, 2017.

About Ping Identity

Ping Identity envisions a digital world powered by intelligent identity. We help enterprises achieve Zero Trust identity-defined security and more personalized, streamlined user experiences. The Ping Intelligent Identity Platform provides customers, employees and partners with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Over half of the Fortune 100 choose us for our identity expertise, open standards leadership, and partnership with companies including Microsoft, Amazon, and Google. We provide flexible options to extend hybrid IT environments and accelerate digital business initiatives with multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities. Visit www.pingidentity.com.

About WSO2

WSO2 is the world’s #1 open source integration vendor, helping digital-driven organizations become integration agile. Customers choose us for our broad integrated platform, approach to open source, and agile transformation methodology. The company’s hybrid platform for developing, reusing, running and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud. Today, hundreds of leading brands and thousands of global projects execute 6 trillion transactions annually using WSO2 integration technologies. Visit https://wso2.com to learn more.

Trademarks and registered trademarks are the properties of their respective owners.

Shifali Erasmus
WSO2
650-544-6424
shifali@kineticprllc.com

Candace Flynn
Ping Identity
303-476-0019
candaceflynn@pingidentity.com

Warden dies in accident in Rompin

KUANTAN, A warden of an orphanage was killed after he was pinned beneath one of a trailer’s tyres following a crash at KM 129 Jalan Kuantan-Johor Bahru in Rompin near here at 3.45pm today.

Rompin district police chief DSP Zainal Omar Mahamud said Mohammad Zulfarhan Saidi, 22, who was riding a high-powered Kawasaki ERCF motorcycle died at the scene.

The accident was believed to have occurred when the victim was unable to avoid the trailer that was coming out of the Sungai Puteri palm oil collection centre heading to Endau, Johor, he said when contacted here, today.

Zainal Omar said the 42-year-old driver of the trailer escaped unhurt.

He said the remains of the victim, who was from Sungai Puteri, were sent to the Rompin Hospital for post-mortem and the case was investigated under Section 41 (1) of the Road Transport Act 1987.

Source: BERNAMA (News Agency)

Expert suggests periodic sampling of Orang Asli water source

KUALA LUMPUR, A water quality expert suggests that periodic sampling of the river water used by Orang Asli be conducted by the Department of Environment (DOE), particularly in light of two reported deaths from the Batek tribe due to pneumonia.

Water Quality and Modelling specialist Dr Zaki Zainuddin said although the Kelantan DOE had earlier confirmed that the river in Kuala Koh, Pos Lebir, Gua Musang was free of pollution, the periodic tests were necessary to obtain more accurate results.

He said DOE should conduct samplings after and before a rain because the results would be different.

“Water after rain involves running water and we cannot decide with one test alone. A thorough analysis should be done, like microbiological testing to detect bacterial content, which is not the problem if the Orang Asli boil the water before drinking it.

“The problem is if the river water contains chemicals and heavy metals such as arsenic, aluminium, mercury, nickel, cadmium, lead and iron as these won’t disappear even when the water is boiled,” he told Bernama when contacted here today.

He said heavy metal content could only be detected by chemical testing, which was necessary considering that a mining site and oil palm plantation were also located in the area.

Prior to the latest incident, there were media reports that some of the residents had contracted a fungal infection, which Zaki opined could have been due to polluted water.

“Skin problems are usually caused by bacteria either in the water used or for drinking and can be due to heavy metal.

“We must remember that Orang Asli have a lower body resistance and therefore more vulnerable to any disease, he said.

Meanwhile, Natural Heritage Protection Association president Puan Sri Shariffa Sabrina Syed Akil said the government must take immediate action to resettle the residents to a safer area before the situation worsens.

She said the new settlement must have treated water supply to prevent the residents from resorting to river water for their basic needs.

I visited the area yesterday and the situation they were in was pathetic, which is sad.

“The government must seriously attend to this matter, particularly the mining operation which is still continuing even though the company’s contract has already expired.

“I also hope a check-up would be done on each of the residents, especially the children and senior citizens, to find out what exactly are they afflicted with,” she said.

Source: BERNAMA (News Agency)

Zuraida accepts press-sec’s decision to resign

PUTRAJAYA, Housing and Local Government Minister Zuraida Kamaruddin said today that she accepted in principle her press secretary’s decision to resign.

In a statement, she said she received Ahmad Soffian Mohd Shariff’s notice of resignation through Whatsapp.

“As I am presently abroad for certain matters, I will deal with the issue on my return, she said.

She described her former staff as dedicated and highly committed in his responsibilities.

Ahmad Suffian informed the media through Whatsapp this morning that he had sent his letter of resignation and would be on leave for one month.

Source: BERNAMA (News Agency)

Tenun Pahang Diraja inspired by Tunku Azizah for King’s installation

KUALA LUMPUR, Kain Tenun Pahang Diraja (Royal Pahang Woven Fabric) is the choice fabric for Raja Permaisuri Agong, Tunku Azizah Aminah Maimunah Iskandariah as her outfit to be worn for the installation ceremony of the 16th Yang di-Pertuan Agong on July 30.

The fabric, designed by her is unique and special as it was handwoven by the inmates of the Penor and Bentong prisons in Pahang.

Yang di-Pertuan Agong Al-Sultan Abdullah Ri’ayatuddin Al-Mustafa Billah Shah and Tunku Azizah today were presented with four choices of the fabric for the Raja Permaisuri Agong to wear at the installation ceremony.

When met by reporters, Tunku Azizah said the Penor and Bentong prisons were picked to create the fabric as her way of showing appreciation to them. She is the patron of the Tenun Pahang Diraja Foundation and chairman of the Tenun Pahang Diraja Development Committee.

“I personally want the inmates to create the fabric for me to wear at the installation ceremony. I’m very proud to wear it. It is an honour for me and I too want to honour them.

“There are also designs that reflect the state of Pahang. Once in two weeks I would drop by at both prisons to check on the progress of the weaving work, said Tunku Azizah.

Also present at the presentation ceremony were Prisons director-general Datuk Seri Zulkifli Omar, Pahang Prisons director Datuk Ab Basir Mohamad and Comptroller of the Royal Household Datuk Ahmad Fadil Shamsuddin.

The Queen said Tenun Pahang Diraja is a heritage and legacy of the state of Pahang created 300 years ago.

Tunku Azizah who was impressed with the pieces presented to her said she drew inspiration from nature and her surroundings like coffee beans and the shadows of fences.

She said the rewards from the weaving of the fabrics would be distributed to the prison inmates and expressed hope that the skills acquired could be further developed to safeguard this Malay heritage and tradition.

Tunku Azizah’s involvement in developing Tenun Pahang began in 2005 and she was instrumental in promoting and uplifting it to Tenun Pahang Diraja in May 2006, with its development closely monitored through the Tenun Pahang Diraja Advisory Body.

Due to her passion in Tenun Pahang Diraja and to uphold it, Tunku Azizah set up the Tengku Ampuan Besar Meriam Tenun Pahang Diraja Skills Institute at the Pulau Keladi Cultural and Handicraft Complex in Pekan, Pahang, in 2010 to train youths specifically.

Meanwhile, Zulkifli said the weaving work involved 73 inmates from Penor Prison and 56 from Bentong Prison.

He said the work began three months ago in March and the level of skills of the prisoners were assessed beforehand to produce quality workmanship.

Source: BERNAMA (News Agency)

MCMM unit to focus on aid to the disabled to benefit from technology – Gobind

KUALA LUMPUR, A special unit under the Ministry of Communications and Multimedia will be set up to focus on efforts to assist the disabled group (OKU) to benefit from technology including engaging in business online.

Its minister, Gobind Singh Deo said the unit would act to coordinate any application concerning matters related to technology and the use of internet received from the disabled group in the country.

I intend to set up a special unit so that the ministry can see the problems faced by them in facing such matters and how we can resolve the problem.

Now we look at how we can use the technology, especially the infra that we have to assist the disabled group to achieve and strengthen their business, he said.

He disclosed this to reporters after presenting participation certificates for the Bengkel e-Dagang or e-Trading Workshop to 15 handicapped participants at the office of the Malaysian Chinese Handicapped People (POCCM) in Puchong, here today.

Gobind said the focus accorded to the group could resolve the problems besides assisting them to use the technology to raise their standard of living especially through online business.

“The internet can certainly strengthen the business of the public and it should be perceived as a facility that can be used by all strata of society as a basic amenity just like water and electricity.

“I want to see Malaysia’s future where everyone has access to the internet. All developments and new constructions must also be equipped with the internet because it is crucial for our future,he said.

He said the unit also acted to ensure that follow-up action on any other complaint received by the ministry would be acted upon.

Meanwhile, Gobind, who is also the Member of Parliament for Puchong, said that he too would pay attention on the requests made by the handicapped group who asked for a special package for the price of the internet to be reduced for them.

He said the matter had been submitted to several telecommunication companies but his ministry had so far not received any feedback from the parties concerned.

“So, tomorrow I will ask my office to obtain further information on the matter. If they can be implemented, we will do so. Otherwise, we will look for other alternatives,he added.

Source: BERNAMA (News Agency)