Developing MuleSoft Policies for ML-Based 3 Layer API Security

MuleSoft
The Challenge

MuleSoft customers that develop and deploy API-led solutions must address API security. It’s no secret that the rise in API usage has increased. Unfortunately, that has also increased the desire of bad actors to exploit unsecured (or minimally secured) APIs. Gartner predicts that in 2022, APIs will become the most frequent attack vector.

Big Compass’ recommendation is a 3-layered approach. These layers include an API Gateway, Web Application Firewall (WAF) or Runtime Application Self Protection (RASP), and a Machine Learning (ML) solution for “Zero Trust”

Third-party ML-based API security vendors want to extend their solutions to MuleSoft customers as part of their 3-layer security approach. This desire to serve MuleSoft customers presented a challenge to two vendors (and Big Compass partners) in the ML-based security area. They either did not have a ready-made, proven policy or had had an outdated policy that needed to be updated to align with MuleSoft 4.

The vendors wanted a custom policy for their security solution that:

  • Would be used with MuleSoft 4 
  • Could be used with MuleSoft 3 (a separate policy)
  • Work with JSON and other payload types 
  • Support synchronous and asynchronous communication with the ML server
  • Support API request metadata (e.g., headers and query parameters)
  • Be easy to maintain, enhance, and debug
  • Configuration option to trust self-signed certificates
The Solution

Big Compass utilized the MuleSoft provided archetype as a starting point to build the custom policies. We used a configuration YAML file to permit the users to configure their policies in API Manager. Finally, where appropriate, we enabled ML server failover, which increases the reliability of the ML solution. 

The Results

MuleSoft customers now have the ability to enable “Zero Trust” security by adding this custom policy to their API Manager instance. This custom policy integrates with the ML vendors’ server to analyze HTTPS payloads and other elements (source IP, headers, query parameters, and other metadata). The custom policy, when applied with other API Manager policies and a WAF/RASP, enables MuleSoft customers to implement the recommended  3-layer security approach.

Ben Stone
Connor Fitzgerald

Sign up to stay on top of the latest news.

We've added you to the list!
Something went wrong. Please try again.
recent Case Studies
From Mule 3 to Mule 4: A Government Agency's Journey Towards Secure Integrations to Ensure Safe Water and Flood Control
Leader in Children’s Play Kits Integrates NetSuite, Shopify, and Boomi to Modernize and Support International Operations
MuleSoft Migration Streamlines and Simplifies ERP Business Processes for Manufacturing Client
View All
No items found.

BUILDING CONNECTIONS IN A DISCONNECTED WORLD

Company
What We DoWho We AreEventsCareersContact us
technologies
AWS
Azure
Boomi
Confluent
MuleSoft
Snowflake
Software AG
insights
Blog Posts
Case Studies
Offerings
White Papers & eBooks
Welcome to the Big Compass family!
Oops! Something went wrong while submitting the form. Please try again.
© 2020 Big Compass
  |  
Privacy Policy
  |  
Terms of Service