1.
Application to API Security
Drivers to the Shift
Dr. Doron Chema
Co Founder & CEO of L7 Defense

2.
L7 Defense | Brief Introduction
• Founded in 2015
• Series A funding
• HQ located at IL,
branches at US, UK
• BFSI
• Telco
• Internet
Sales WW, US Product Recognition (2020)
Ammune™
Fully-Automated API Security Solution
that Protects in Real Time from a Full
Spectrum of API-Related Cyber Attacks
Product
Leadership
Award
2020
Overview

3.
With its unique approach to analyzing traffic,
leveraged by its groundbreaking technology that
delivers distinct competitive advantages, L7 Defense
received Frost & Sullivan's 2020 Global Product
Leadership Award for its fully autonomous AI-based
machine leaning API security solution.
Product Leadership | Award 2020
Fully Autonomous AI-based API Security Solution
“
“
| 3

4.
New York
JULY
Australia
SEPTEMBER
Singapore
APRIL
Helsinki & North
MARCH
Paris
DECEMBER
London
OCTOBER
Jakarta
FEBRUARY
Hong Kong
AUGUST
JUNE
India
MAY
Check out our API Conferences here
50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees,
300k+ online community
Want to talk at one of our conferences?
Apply to speak here

5.
Accelerating API Security Adaptation - The SecOp Challenge
| 4
‘Comfort Zone’
Barrier
API
Security
Risk
WAF
Automation

6.
WAF or API Security? Total Value vs. Habits
API Security
WAF
Protection Demand
Protecting

×
• API Assets control
API Assets & Policy
Management 
×
• security policy per API endpoint


• Protecting from web attacks
API Protection and
Data Leakage (DL) 
×
• Protecting from BL attacks & DL

+/-
• Protecting from Bot attacks

+/-
• Performing full DPI analysis
Advanced Analysis
Capabilities 
×
• Performing contextual analysis

×
• Performing campaign analysis
The customer
choice by
value
The customer
choice by
habit

7.
Protecting Service-Based Applications (Started at 2010?)
WAF Breaking Points - #1 Services
• No API assets transparency & control
• No API-centric protection policy auto-setting
• Weak protection from Bot based BL attacks
• No protection from Users based BL attacks
WAF or API
Security?
Web
Browser,
Apps
Web
Services
Business
Logic Services
Databases
Attack Surfrace grows by:
• uncontrolled data exposure
• Rapid versions realeasing

8.
Protecting ‘3rd Party’ (B2B2C) Attack Scenarios
Partner
Web
Servers
WAF Breaking point - #2 Context matters
• Identity analysis (Source-IP & Client side
biometric) are useless
• Post-login attacks demand DPI
• Context analysis is essential (FP)
• Trusted partners as source for mass data
leakage and fraud
Web
Browser,
Apps
Web
Services
Business
Logic Services
Databases
WAF or API Security?
WAF or API Security?

9.
API attacks can initiate
from:
• Compromised nodes
• User apps
• Direct from the
outside
User
APP
User
APP
User
APP
User
APP
API-GW’s
LB’s
Data Center Decentralized Architecture
App Service Nodes
Infra Service Nodes
Infra App Service Nodes
Protecting Kubernetes Applications - The Emerging Risk
WAF Breaking point - #3 Nodes
• Accelerating time to damage (TTD)
• Any internal API can shift into
external at any time
• Dynamic protection is a must
• Node-based protection
• Seperated & scaled Analytics
unit
• Advanced analysis is a must
• Context based analysis
• Full DPI (zero trust)

10.
What Next?
API security needs mostly to beats customers habits
• More inline & active enforcement installations
• Concord more “nowhere lands”
• Functional use cases
• UpToDate architectures
• Continuous market education with all the above
• Upgrade traditional app sec sales channels
• More presence at the marketplaces (self-services)
| 9

11.
10
The Artificial Intelligence (AI) in banking market was valued at US$10.096 billion in 2019, with CAGR of 42.9%
https://www.emergenresearch.com/industry-report/ai-in-banking-market
Expected Global Adaptation of AI in Banking
Including
API
Security?

12.
Confidential |2021
For more information, please
contact me at:
doron@l7defense.com

13.
New York
JULY
Australia
SEPTEMBER
Singapore
APRIL
Helsinki & North
MARCH
Paris
DECEMBER
London
OCTOBER
Jakarta
FEBRUARY
Hong Kong
AUGUST
JUNE
India
MAY
Check out our API Conferences here
50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees,
300k+ online community
Want to talk at one of our conferences?
Apply to speak here