PROXEDO
API Security

API Security Beyond WAF

Proxedo API Security (PAS) is a specialized security gateway exclusively for protecting API-endpoints. It's a highly flexible network security solution that helps your enterprise gain control over the application traffic to prevent API-related breaches. Based on our deep packet inspection (DPI) technology you can validate, encrypt and analyze API traffic in detail. Thanks to our flexible architecture, you can enforce custom security policies without compromise.

PAS focuses specifically on API security, adding value even to your traditional WAF and API management tool.

Key Features

We are a leading developer of proxy-based gateway technologies

TRAFFIC ENFORCEMENT

  • Authentication of API clients

  • Validation of incoming/outgoing API calls

  • Deep inspection of API messages

ENCRYPTION

  • TLS/SSL encryption of API traffic

  • Enforced data encryption

  • Customizable encryption policy towards communicating parties

TRAFFIC INSIGHT

  • Detailed debugging, security & audit logging

  • Customizable data extraction from traffic content

  • Forwarding to big data tools, log analyzers and SOCs/SIEMs

Use Cases

Authentication, validation and deep inspection

Protecting your organization from API breaches is the ultimate goal of Proxedo API Security. It extends security best practices to focus on attacks specific to APIs. The solution ensures that only permitted data is ever transmitted through your perimeter and prevents incorrect or potentially malicious data reaching your systems or sensitive data from being leaked.

Authentication, validation and deep inspection
Monitoring and Analysis of API Traffic

Monitoring and Analysis of API Traffic

PAS helps you understand what is going through your APIs. Your security team can improve security monitoring capabilities. IT operations can understand how APIs are being used, and how APIs can be improved. Your developers can check how their applications are performing. And business managers can analyze API transactions and make more informed decisions.

Protecting Legacy Applications

PAS can hide information about security risks and treat the vulnerabilities of your legacy applications. Your IT teams benefit from a proper perimeter protection in front of the APIs exposing your legacy system data. PAS can help you reduce the risks that arise when updating or patching a system is simply not an option.

Protecting Legacy Applications
API Compliance and Audit

API Compliance and Audit

All the regulations have one key requirement in common: they require regulated companies to protect customers’ data at rest and in transit. Proxedo API Security helps streamline your compliance efforts in your API environment through its comprehensive access control, encryption and logging capabilities.

Additional Security Layer over WAF and API Management

PAS focuses exclusively on API security by offering a killer combination of enforcement, encryption and insight of the API traffic. As an extra security layer, it perfectly complements traditional WAFs and API management tools.

Additional Security Layer over WAF and API Management

Benefits

FOCUS ON API SECURITY

In contrast to API management providers where security is just a checkbox feature, Proxedo API Security focuses exclusively on API security by offering a killer combination of validation, transformation, encryption and analysis of API traffic.

UNLIMITED CONFIGURATION POSSIBILITIES

Proxedo API Security offers high flexibility to adjust connection or logging parameters, making it easy to avoid bad trade-offs between productivity and the desired level of API security. Your administrators can implement custom API security policies without the slightest compromise.

HIGHLY FLEXIBLE & HIGHLY SKILLED SERVICES TEAM

Balasys has a flexible professional services team that helps you design, deploy, customize and support Proxedo-based solutions on-site. We can help you tailor your Proxedo API Security – we can configure the tool, customize data schemes, integrate with third-width-party tools and even develop custom modules.

BEST VALUE FOR MONEY

Proxedo API Security is a highly customizable, reliable and resource-efficient security tool available at an affordable price. Combined with flexible integration services, engineer-to-engineer access, trainings and direct vendor support, the product represents one of the best value offerings on the API security market today.

CLEAN CODEBASE

Proxedo API Security is made in the EU and developed by a private Hungarian IT security company, Balasys.

Functions

Traffic Enforcement

Traffic validation ensures that traffic flowing to and from API endpoints adhere to the specifications. Not only is conformance to the HTTP protocol enforced, but each request and response is validated down to the field level against the schema describing the API.

  • Authentication of API clients

  • Validation of incoming/outgoing API calls

  • Deep inspection of API messages

  • Full interpretation of JSON and XML file formats

Traffic Insight

Proxedo API Security provides unparalleled means for extracting data of interest from API traffic and transferring them to various data warehouses and analytic tools. The deep understanding of calls and flexible configuration helps you extract all relevant data, in real time right from the source.

  • Detailed debugging, security & audit logging

  • Customizable data extraction from traffic content

  • Forwarding to big data tools, log analyzers or SOCs/SIEMs

Traffic Encryption

Proxedo API Security can handle the TLS protocol (the secure layer of HTTP) in the traffic to ensure a consistent implementation of encryption in front of your back-end systems that don’t necessarily support TLS. This setup also allows flexible configuration of TLS towards various communicating parties.

  • TLS/SSL encryption of API traffic

  • Enforced data encryption

  • Customizable encryption policy towards communicating parties

Traffic control

Located in front of your backend servers, Proxedo API Security can also act as a load balancer for the servers. Thanks to its deep inspection capabilities, the gateway can apply versatile security enforcement policies.

  • Granular or default-deny security policies

  • Load-balancing between back-end services

Signature-based Protection

Proxedo API Security can inspect HTTP(S) traffic against a signature database to detect attack patterns. This is a reliable tool for protecting your web services from known web threats.

  • Inspection of HTTP(S) traffic against a signature database

  • Detection of known attack patterns