Innovative Technology for Securing APIs
Wallarm's industry-leading capabilities are built on key technology innovations. Our strong technical foundations drive more accurate and effective protection for APIs.
Join us at Atlanta API Security Summit 2024!
Join us at Atlanta API Security Summit 2024!
Join us at Atlanta API Security Summit 2024!
Join us at Atlanta API Security Summit 2024!
Join us at Atlanta API Security Summit 2024!
Join us at Atlanta API Security Summit 2024!
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Privacy-First Architecture
The principle of least privilege is a well-understood best practice in cybersecurity, but too many cybersecurity products don’t follow this principle when it comes to collecting customer data. At Wallarm, we strive to find ways to deliver value without compromising our customers’ data. Our privacy-first approach to platform architecture enables the analysis of traffic and detection of events with minimal data collection and storage.
Build Conclusions, Not Data Lakes
Many tools are built to aggregate data into data lakes for complex analysis, but these collections of sensitive data can be targets for attackers. Wallarm performs all the analysis possible on the distributed filterings, and then stores the conclusions, not the data. When an attack is detected, we collect the full request for evidence, but requests and responses for normal traffic aren’t collected and stored. This practice reduces the risk of exposure while maintaining highly accurate detection.
Collect What You Want, Mask What You Don’t
We all know that APIs process sensitive data. Wallarm provides the ability to detect sensitive data in API traffic, but doesn’t share the data itself. Customers can also create specific data masking rules to obfuscate any sensitive data that is transferred to the cloud, even when an attack is detected. The Wallarm platform essentially allows you to tune the data shared to your risk tolerance and requirements.
Go All In with On-Premise
Fully hosted and hybrid deployments offer the advantage of simplicity and lower cost of ownership, but when full data privacy is required, Wallarm supports a fully on-premises deployment. There’s no need for your data to ever exit your control.
Deep Request Inspection
At the core of any traffic analysis system is the ability to parse requests and responses in order to detect attacks. While this may seem like a simple task on the surface, the complexity of accurately parsing real-world data, especially when an attacker is working to evade detection, quickly illustrates how difficult it is to do this right. Wallarm has designed a highly accurate detection methodology to address these challenges.
Multi-stage Parsing
Simple pattern matching isn’t effective for attack detection, resulting in false positives and false negatives. Wallarm's multi-stage parsing approach addressed the shortcomings of more traditional pattern matching. Wallarm recursively breaks down and analyzes HTTP requests and responses in multiple, sequential phases. Initially, raw data is parsed to extract basic elements, such as headers and parameters. In subsequent stages, these elements are subjected to deeper analysis where various encoding methods, payload structures, and context-specific patterns are examined. The process is repeated recursively until all elements are decoded and data structures examined. This layered and in-depth approach allows Wallarm to accurately resist complex and obfuscated attack methods that simple pattern matching might miss.
Linear Performance with Increasing Complexity
Attackers often design their attacks to evade detection by increasing the complexity of analysis. Hiding payloads in encoded bodies, sometimes encoded multiple times, or in parts of the request that aren’t parsed are common ways to evade detection. At the same time, detection tools are challenged to effectively parse requests and detect attacks in real-time without incurring latency for the APIs. Wallarm has addressed the challenge of performance with increasing complexity through a combination of a proprietary tokenization algorithm and detection technology called Libproton. The combination of efficient algorithms, parallel execution, and scalable architecture allows Wallarm to minimize impact on latency and operational performance while allowing the platform to handle large requests in real-time, even working in inline blocking mode. While other solutions struggle to process even relatively small payloads, such as 8kb, Wallarm provides better, more complete detection at scale.
Machine Learning for Attack Detection
While many attacks can be detected through a single request, such as SQL injection and Server-Side Request Forgery, attackers are increasingly employing more complex methods that exploit specific API protocols, business logic, or resource exhaustion. These types of attacks are generally categorized as API Abuse, and require detection methods that look beyond a single request. Wallarm uses a variety of methods to monitor API sessions and detect abuse.
Machine Learning
Wallarm uses machine learning to identify API abuse that employs sophisticated techniques other tools miss. Wallarm’s detectors employ methods such as linear regression, the three-sigma rule, and the isolation forest algorithm for anomaly detection.
Detectors
Request rate
Request interval
Suspicious behavior
Bad user-agent
Query abuse
Request uniqueness
Business logic
Outdated browser
Wide scope
Authentication abuse
Ready to protect your APIs?
Wallarm helps you develop fast and stay secure.