L7 Defense

L7 Defense is a cybersecurity company developing solutions for web application security, API and API-based application security, and DDoS protection solutions. The company works to help protect organizations' infrastructures, applications, customers, employees, and partners from API-borne attacks and other cybersecurity attacks. These systems use artificial intelligence-based technology in the Ammune platform.

Ammune is L7 Defense's platform technology for protecting APIs, which uses an unsupervised learning artificial intelligence approach for the protection of APIs. The platform has been deployed at a Tier-1 US telecommunications company to protect the company's APIs and applications. As well, the platform has contributed to the Energy Shield project in the European Union to help protect the project's smart grid development from DDoS attacks.

The API-WAF module works to protect from malicious content-based attacks or more classic cybersecurity attacks. The module performs in real time to conduct deep packet inspection (DPI), with an artificial intelligence or machine learning analysis of requests and replies that pass through an API, making it the first line of API protection. The module works to protect against a variety of types of security risks:

• Injection
• Broken authentication
• Sensitive data exposure
• XML external entities (XXE)
• Broken access control
• Security misconfiguration
• Cross-site scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring

The API-BL module works to protect APIs against business logic (BL) attacks that have led to forbidden data or functionality access, or the attacks can lead to abused business processes and fraud. Protection is offered through the platform's ability to perform in-session traffic analysis to identify the attack and related patterns in real time, including in sessions and with historical data points. The types of attack this module works to protect against include the following:

• Broken object level authorization
• Broken user authentication
• Broken functional level authorization
• Mass assignment
• Broken payment flow - missing bind between payment and order
• Broken payment flow - insufficient input validation
• Broken credentials restore flow
• Broken credentials revoke flow
• JWT token tampering
• Insufficient 3rd party application trust

The API-BOT module of the platform works to protect APIs from business-related bot attacks. The module works to perform real-time full deep packet inspection (DPI), followed by artificial intelligence and machine learning analysis of the APIs traffic, content, context, and metadata, using specific bot activity measurements according to bot type activity characteristics. The type of attacks this module works to protect against include:

• Carding
• Token cracking
• Ad fraud
• Fingerprinting
• Scalping
• Expediting
• Credential cracking
• Credential stuffing
• CAPTCHA defeat
• Card cracking
• Scraping
• Cashing out
• Sniping
• Vulnerability scanning
• Denial of service
• Skewing
• Spamming
• Footprinting
• Account creation
• Account aggregation

The API-DDoS module of the Ammune platform works to protect APIs against DDoS attacks, especially any attacks that could be tailored against a specific API or APIs, and even with attacks that use rotating source IPs or request content randomization while using optimization algorithms to decide a next wave of attack. This module also performs deep packet inspection (DPI) and uses the same artificial intelligence and machine learning systems to analyze the traffic of an API. This module works to protect against a variety of types of attack:

• Classical botnets flood attack
• Human mimicking attack
• AI-based optimization attack
• Heavy file downloads attack
• Rotating IP's attack
• IoT source IP's/anonymous proxies attacks
• Multiple vectors attacking simultaneously
• Request content randomization attack
• "Out of scheme" parameters and contents attack
• Cache evading attack
• Randomly changing traffic volumes attack
• Baseline poisoning attack
• Flash crowding mimicking event attack
• Attack occurs through flash crowding event
• Asymmetric requests attack
• Brute force attack
• SlowLoris and slow-post attack
• Slow read attack
• SSL re-negotiation attack
• SSL session exhaustion attack

Example of the Ammune API security platform.

The technology underlying the Ammune platform uses a bottom-up approach to API security, in which each protection layer is protected by one of the modules of the platform, and each module uses a separate artificial intelligence or machine learning platform. These modules are then supported by a separate module that protects an API throughout, based on micro-machines output.

L7 Defense's platform has been used in industries including API internet companies, financial institutions, financial technology companies, telecommunication companies, and industrial companies. For each of these industries, the Ammune platform works to protect the APIs and applications of these different institutions.