Skip to content

Wallarm Platform Overview

In today's digital world, APIs face growing threats, especially with the rise of AI. Traditional security can overlook API vulnerabilities or be difficult to deploy. With Wallarm, you get a single platform for API protection and inventory observability across cloud-native and on-prem environments.

Enterprises prefer Wallarm for its enhanced API security, easy deployment, and value. It combines API discovery, risk management, real-time protection, and testing with advanced API security capabilities.

Diagram

Wallarm's functional areas align with NIST cybersecurity framework (CSF), ensuring comprehensive protection for our customers.

Discover

You need to know it to protect it. Wallarm offers comprehensive API discovery capabilities to identify APIs in your environment and evaluate their security risks. Here is what Wallarm's API discovery does:

Endpoints discovered by API Discovery

Protect

Wallarm extends discovery to deliver real protection by detecting and blocking application and API attacks in traffic. Wallarm’s proprietary detection techniques deliver highly accurate results, including detection of attacks against OWASP Top 10 and OWASP API Top 10 vulnerabilities. Here is how Wallarm ensures protection:

Respond

Wallarm gives you the tools to effectively respond to security threats, offering in-depth data, broad integrations, and blocking mechanisms. It first presents detailed information, helping security analysts gauge the threat's nature and severity. You can then tailor responses, act on threats, and send alerts to relevant systems. Here is how Wallarm backs you up:

  • Deep attack inspection, which includes unpacked encoded requests, detailing every aspect of an attack, from headers to the body.

  • Geolocation-based controls to block suspicious traffic sources like VPNs and Tor networks.

  • Attack blocking measures to prevent malicious activities from reaching your APIs.

  • Integrations with the most widely used security, operational, and development tools to create tickets, notifications, and deliver data on detected security threats. Compatible platforms include Slack, Sumo Logic, Splunk, Microsoft Sentinel, and more.

  • Virtual patches for urgent issues highlighted by Wallarm's vulnerability detection.

Events

Test

Managing deployed risk is the first line of defense, but reducing the risk exhibited by product applications and APIs is the most effective way to reduce incidents. Wallarm closes the loop on application and API security by providing a suite of testing capabilities to find and eliminate applications' and APIs' security issues (vulnerabilities):

  • With the installed Wallarm filtering node:

    • Your security issues are found by default without any further configuration, just by working Wallarm filtering node based on its analysis of the actual traffic, including both requests and responses. As no special test requests are sent, this is called passive detection.
    • For a single attack, passive detection checks only one request/response pair. By configuring Threat Replay Testing (TRT), use this data from the traffic as a start point to create multiple attack modifications to try all of them on a test server.
  • Even without node (agentless solutions):

    • Discover your external hosts, their APIs and security issues and further manage the discovered vulnerability mitigation with API Attack Surface Management (AASM).
    • Use Schema-Based Testing (SBT) Wallarm's dynamic application security testing (DAST) solution that enables "shift-left" security - proactively identifies a wide range of vulnerabilities early in the development process. SBT starts as Docker container and is tailored to your specification.

Explore and manage all found security issues, regardless of the detection method, in one unified management center in Wallarm Console - the Security Issues section.

Security Issues

How Wallarm works

Wallarm's platform is primarily built upon two main components: the Wallarm filtering node and the Wallarm Cloud.

!Arch scheme1

Filtering node

Positioned between the Internet and your APIs, the Wallarm filtering node:

  • Analyzes the company's entire network traffic and mitigates malicious requests.

  • Collects the network traffic metrics and uploads the metrics to the Wallarm Cloud.

  • Downloads resource-specific security rules you defined in the Wallarm Cloud and applies them during the traffic analysis.

  • Detects sensitive data in your requests, ensuring it remains secure within your infrastructure and is not transmitted to the Cloud as to a third-party service.

You can set up the Wallarm filtering node within your own network or opt for Wallarm Security Edge.

Cloud

The Wallarm Cloud does the following:

  • Processes the metrics that the filtering node uploads.

  • Compiles custom resource-specific security rules.

  • Scans the company's exposed assets to detect vulnerabilities.

  • Builds API structure based on the traffic metrics received from the filtering node.

  • Houses the Wallarm Console UI, your command center for navigating and configuring the Wallarm platform, ensuring you have a comprehensive view of all security insights.

Wallarm offers cloud instances in both the US and Europe, enabling you to select the best fit considering your data storage preferences and regional service operation requirements.

Proceed to signup on the US Wallarm Cloud

Proceed to signup on the EU Wallarm Cloud

Where Wallarm works

The described Wallarm components: filtering node and Cloud - can be deployed in one of three forms:

  • Security Edge: complete cloud-based deployment. Both Wallarm filtering nodes and Wallarm Cloud components are managed by Wallarm.

  • Hybrid: Wallarm clients deploy and manage the Wallarm filtering nodes, and Wallarm manages the Wallarm Cloud component.

  • On-Premise: both Wallarm filtering node and Wallarm Cloud components are hosted and managed by the client.