Wallarm Platform Overview¶
In today's digital world, applications, particularly APIs, face growing threats. Traditional security can overlook API vulnerabilities or have deployment issues. With Wallarm, you get a singular platform for Web Application and API Protection, suitable for cloud-native and on-prem environments.
Enterprises prefer Wallarm for its enhanced application and API security, easy deployment, and value. It combines top API discovery, risk management, protection, and testing with next-gen WAF and API security capabilities.
Discover¶
You need to know it to protect it. Wallarm offers comprehensive API discovery capabilities to identify APIs in your environment and evaluate their security risks. Here is what Wallarm's API discovery does:
-
Detects your API endpoints and their parameters, and continually updates the API view through consistent traffic analysis.
-
Identifies rogue endpoints, including shadow, orphan, and zombie APIs.
-
Spots endpoints that could expose sensitive data, like PII.
-
Assesses each endpoint for security risks, vulnerabilities, and provides a risk score.
Protect¶
Wallarm extends discovery to deliver real protection by detecting and blocking application and API attacks in traffic. Wallarm’s proprietary detection techniques deliver highly accurate results, including detection of attacks against OWASP Top 10 and OWASP API Top 10 vulnerabilities. Here is how Wallarm ensures protection:
-
Detects attacks both inline and out-of-band.
-
Combats various threats, from web-based to API-specific ones, like code injections, remote code execution, brute force, BOLA, and more.
-
Identifies API specific malicious bot abuse.
-
Counters Layer 7 Denial of Service attacks with customizable rate limiting.
-
Allows users to create custom defenses by setting their own threat definitions, complementing the built-in measures.
-
Maps attacks with your system's vulnerabilities to highlight critical incidents.
-
Detects credential stuffing attempts.
Respond¶
Wallarm gives you the tools to effectively respond to security threats, offering in-depth data, broad integrations, and blocking mechanisms. It first presents detailed information, helping security analysts gauge the threat's nature and severity. You can then tailor responses, act on threats, and send alerts to relevant systems. Here is how Wallarm backs you up:
-
Deep attack inspection, which includes unpacked encoded requests, detailing every aspect of an attack, from headers to the body.
-
Geolocation-based controls to block suspicious traffic sources like VPNs and Tor networks.
-
Attack blocking measures to prevent malicious activities from reaching your APIs.
-
Integrations with the most widely used security, operational, and development tools to create tickets, notifications, and deliver data on detected security threats. Compatible platforms include Slack, Sumo Logic, Splunk, Microsoft Sentinel, and more.
-
Virtual patches for urgent issues highlighted by Wallarm's vulnerability detection.
Test¶
Managing deployed risk is the first line of defense, but reducing the risk exhibited by product applications and APIs is the most effective way to reduce incidents. Wallarm closes the loop on application and API security by providing a suite of testing capabilities to find and eliminate vulnerability risk as follows:
-
Identifies vulnerabilities through passive traffic analysis.
-
Examines identified APIs for weak points.
-
Tests APIs for vulnerabilities based on OpenAPI specifications.
-
Dynamically creates API security tests from observed traffic.
How Wallarm works¶
Wallarm's platform is primarily built upon two main components: the Wallarm filtering node and the Wallarm Cloud.
Filtering node¶
Positioned between the Internet and your APIs, the Wallarm filtering node:
-
Analyzes the company's entire network traffic and mitigates malicious requests.
-
Collects the network traffic metrics and uploads the metrics to the Wallarm Cloud.
-
Downloads resource-specific security rules you defined in the Wallarm Cloud and applies them during the traffic analysis.
-
Detects sensitive data in your requests, ensuring it remains secure within your infrastructure and is not transmitted to the Cloud as to a third-party service.
You can set up the Wallarm filtering node within your own network or opt for a third-party hosted node via the available deployment choices.
Cloud¶
The Wallarm Cloud does the following:
-
Processes the metrics that the filtering node uploads.
-
Compiles custom resource-specific security rules.
-
Scans the company's exposed assets to detect vulnerabilities.
-
Builds API structure based on the traffic metrics received from the filtering node.
-
Houses the Wallarm Console UI, your command center for navigating and configuring the Wallarm platform, ensuring you have a comprehensive view of all security insights.
Wallarm offers cloud instances in both the US and Europe, enabling you to select the best fit considering your data storage preferences and regional service operation requirements.