Apigee Sense
A hosted API traffic behavior detection and protection product that safeguards APIs from unwanted and malicious request traffic by analyzing API request metadata.
| Category | API Security |
|---|---|
| Last Commit | 1 year ago |
| This page updated | a month ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | API developers, security teams, and organizations using APIs. |
Apigee Sense is a hosted API traffic behavior detection and protection product designed to safeguard APIs from unwanted and malicious request traffic. It operates by collecting and analyzing API request metadata to identify suspicious patterns. The tool uses a four-component architecture: a collection engine, an analysis engine, a curation engine, and an action engine. The collection engine gathers metadata about API calls, including source and target information, request content, response status, and timing data. This data is then analyzed by the analysis engine to detect patterns indicative of malicious activity, such as automated behavior, persistent attempts from the same IP, unusual error rates, and geographical anomalies.
The curation engine presents the analysis results to users through the Apigee Sense console, where they can review and decide on actions to take against suspicious clients. The action engine enforces these decisions in real-time, allowing users to block, flag, or allow requests based on the identified patterns.
Apigee Sense is integrated with Apigee Edge and leverages statistical machine learning algorithms and BigQuery for data management and analysis, enhancing scalability and reducing latency in the analysis process.
ISO27001 Commentary
- Incident Management (5.24-5.28): Apigee Sense indirectly supports incident management by detecting and mitigating API-related security incidents. It analyzes API traffic to identify malicious patterns, which can be used to trigger incident response procedures. Organizations can use the tool's analysis results to classify incidents, respond accordingly, and collect evidence for post-incident reviews. Key evidence artifacts include the detailed logs and analysis reports provided by Apigee Sense. Monitoring metrics such as the number of blocked requests, flagged IPs, and response times can help in evaluating the effectiveness of incident management processes. Training should focus on interpreting analysis results and integrating Apigee Sense with existing incident management workflows.
- Access Management (8.1-8.5): Apigee Sense supports access management by identifying and blocking malicious clients attempting to access APIs. The tool's ability to flag or block requests based on IP addresses or other criteria helps enforce access controls. However, organizations should ensure that Apigee Sense is integrated with their broader access management policies and tools, such as identity and access management (IAM) systems, to maintain comprehensive access governance.
- Security Monitoring (8.15-8.16): Apigee Sense supports security monitoring through its audit logging and security event correlation capabilities. It collects and analyzes API request metadata to detect suspicious activity, which can be used to monitor and analyze security events. Organizations should ensure that logs are adequately protected and retained to comply with security monitoring requirements.
Operational Considerations:
- Apigee Sense is not PCI or HIPAA compliant, which may limit its use in certain regulated environments.
- The tool requires integration with Apigee Edge and may benefit from being part of a larger API management strategy.
- Continuous training on interpreting analysis results and taking appropriate actions is crucial for effective use of the tool.