Written by: Gábor Marosvári, Product marketing lead, Balasys
Today’s API attacks are increasingly complex, targeted, and easily bypass traditional security solutions. Even Web Application Firewalls (WAFs) and API management tools are unable to block these attacks as they are not optimized for deep inspection of API traffic. API security is not the main scope of these solutions, but a "checkbox feature" in many cases. Without targeted protection, you may be exposing your core systems data with a false sense of security. The following post highlights the key limitations of WAFs and API management tools and suggests a purpose-built complementary solution against API-specific threats.
A web application firewall (WAF) filters, monitors, and blocks HTTP traffic to and from a web application. However, WAFs are unable to block targeted API attacks as they are not optimized for deep inspection of API traffic. WAF products are typically optimized for signature-based filtering of HTTP traffic. They are not suitable for controlling data flow embedded in API communication. They lack traffic validation, detailed logging and the ability to implement customized security policies. Enterprises using traditional WAFs should need a specific solution that explicitly addresses these limitations.
Proxedo API Security (PAS) is a specific web application firewall exclusively for protecting API-endpoints. It's a highly flexible network security solution that helps your enterprise gain control over the application communication to prevent API breaches. Based on our Deep Packet Inspection (DPI) technology, you can validate, encrypt and analyze API traffic in detail and implement a signature-based protection. Thanks to our flexible architecture, you can enforce custom security policies without compromise. PAS focuses exclusively on security by offering a killer combination of enforcement and insight of API traffic, supplemented by generic WAF functions. Proxedo API Security perfectly complements traditional WAF solutions.
The following table summarizes the key differentiators of Proxedo API Security compared with traditional web application firewalls:
|Web Application Firewalls||Proxedo API Security|
|Focus only on web application protection||Focus on web application and B2B application integration protection|
|Inspection only on HTTP protocol||Inspection on API layer|
|No DPI (Deep Packet Inspection)||Advanced DPI|
|No API call validation||API call validation|
|Limited logging capabilities||Customizeable traffic- & security logging|
|No flexible policy configuration||Flexible policy configuration|
|Pattern matching based on URL database (black list)||Policy and rule implementation based on the protected service ("white listing")|
The main scope of API management tools is creating, deploying, and managing APIs. Security is not the main scope of these tools. API management tools typically focus on:
Proxedo API Security is NOT a management tool, but a dedicated solution with clear focus on security. In contrast to API management vendors where security is just a checkbox feature, PAS focuses exclusively on API endpoint protection by offering a killer combination of validation, transformation, encryption and insight of API traffic. From security standpoint, Proxedo API Security adds great value to API management solutions, as well. As an extra layer, PAS supports:
A digitális átalakulás korában kiemelt szerepet kap az ügyfelek, a cégek és a partnerek közötti gyors kapcsolattartás és adatcsere.
Key new features that have been added to the product since the 6.0. release
The benefits of Zorp GPL when used as an ingress controller in Kubernetes