Microservices + API Traffic Security

API THREAT LANDSCAPE
DDoS Attacks

53.25%

Malicious Code

42.86%

Brute Force & Phishing

25.97%

APIDefender

An API security gateway designed to block unauthorized access to APIs and prevent system attacks through proactive threat management in real-time.

We’re perfect for
Online
Protect web services and REST APIs against malicious attacks, including Denial of Services and code injection.
Public API’s
Frontline API security for cloud storage, communication, and collaboration providers.
Healthcare
HL7 FHIR API Interface protection secure interoperability between healthcare providers.
APIDefender Editions
OPEN SOURCE EDITION
API Inspection Engine
OWASP top-10 Threat Protection
Public Cloud-ready
Extensible
Splunk-enabled
ENTERPRISE EDITION
Open source edition features
Managed Cloud Service
Big Data Dashboard
Rules Configurator
Overlay-ready
APIDefender Features
Secure
Realtime API Inspection
Threat Intelligence Repositories
Future Proof Architecture
Enforce
OWASP-10 Threat Protection
Circuit Breakers & Rate Limits
Configurable Security Policies
Manage
On-premise, Public Cloud, VPS
Cloud Scale Clustering
Realtime Risk Insights
How it works
Public API's
Enterprise API's
Compare us…
API Threat Protection Feature API Managers (e.g Apigee) CASB (e.g. Skyhigh) DDoS (e.g. CloudFare) Firewalls (e.g. CloudFare)
Realtime in-line API Protection
Point in time static snapshot
HTTPs Traffic Inspection in real-time Payload, Headers, Cookies, Body
OWASP-10 XSS / SQL /JSON Injection/Brute force attacks
Circuit breakers and rate limits
Geolocation blocking and Blacklisted Origins
Threat Intelligence - Public Repos Support (e.g., CAPEC, XForce, Surbl. )
Going beyond RESTful HTTPs/XML/JSON - future-proofed for IoT protocols
Complementary to API managers, firewalls, DDoS services
APIDefender vs Modesec & other DDoS Solutions
APIDefender Modsec (open source) DDos Solutions (Cloudflare,Imperva)
Purpose-built API security gateway with protection against SLQ, cross script,brute force, DDoS, rogue location, and other threats General-purpose Web application firewall targeted at preventing DDoS type attacks General-purpose Web application firewall designed to mitigate DDoS type attacks
APIDefender’s “Inspection Slot” architecture is extensible to support newer protocols, including IoT HTTP Payloads only HTTP Payloads only
Application-aware (and APIs called within); extensible to schema checks on inbound payload Very limited support via virtual host concept No Application context
All-inclusive rule set not limited to just OWASP-10; leverages best-of-open source OWASP-10 focus OWASP-10 focus
Designed to complement API Managers such as Apigee
Works with
API Management Gateways
Cloud Deployments
API Ecosystems