Innovative Technology for Securing APIs
Wallarm's industry-leading capabilities are built on key technology innovations. Our strong technical foundations drive more accurate and effective protection for APIs.
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Privacy-First Architecture
The principle of least privilege is a well-understood best practice in cybersecurity, but too many cybersecurity products don’t follow this principle when it comes to collecting customer data. At Wallarm, we strive to find ways to deliver value without compromising our customers’ data. Our privacy-first approach to platform architecture enables the analysis of traffic and detection of events with minimal data collection and storage.
Build Conclusions, Not Data Lakes
Many tools are built to aggregate data into data lakes for complex analysis, but these collections of sensitive data can be targets for attackers. Wallarm performs all the analysis possible on the distributed filterings, and then stores the conclusions, not the data. When an attack is detected, we collect the full request for evidence, but requests and responses for normal traffic aren’t collected and stored. This practice reduces the risk of exposure while maintaining highly accurate detection.
Collect What You Want, Mask What You Don’t
We all know that APIs process sensitive data. Wallarm provides the ability to detect sensitive data in API traffic, but doesn’t share the data itself. Customers can also create specific data masking rules to obfuscate any sensitive data that is transferred to the cloud, even when an attack is detected. The Wallarm platform essentially allows you to tune the data shared to your risk tolerance and requirements.
Go All In with On-Premise
Fully hosted and hybrid deployments offer the advantage of simplicity and lower cost of ownership, but when full data privacy is required, Wallarm supports a fully on-premises deployment. There’s no need for your data to ever exit your control.
Deep Request Inspection
At the core of any traffic analysis system is the ability to parse requests and responses in order to detect attacks. While this may seem like a simple task on the surface, the complexity of accurately parsing real-world data, especially when an attacker is working to evade detection, quickly illustrates how difficult it is to do this right. Wallarm has designed a highly accurate detection methodology to address these challenges.
Multi-stage Parsing
Simple pattern matching isn’t effective for attack detection, resulting in false positives and false negatives. Wallarm's multi-stage parsing approach addressed the shortcomings of more traditional pattern matching. Wallarm recursively breaks down and analyzes HTTP requests and responses in multiple, sequential phases. Initially, raw data is parsed to extract basic elements, such as headers and parameters. In subsequent stages, these elements are subjected to deeper analysis where various encoding methods, payload structures, and context-specific patterns are examined. The process is repeated recursively until all elements are decoded and data structures examined. This layered and in-depth approach allows Wallarm to accurately resist complex and obfuscated attack methods that simple pattern matching might miss.
Linear Performance with Increasing Complexity
Attackers often design their attacks to evade detection by increasing the complexity of analysis. Hiding payloads in encoded bodies, sometimes encoded multiple times, or in parts of the request that aren’t parsed are common ways to evade detection. At the same time, detection tools are challenged to effectively parse requests and detect attacks in real-time without incurring latency for the APIs. Wallarm has addressed the challenge of performance with increasing complexity through a combination of a proprietary tokenization algorithm and detection technology called Libproton. The combination of efficient algorithms, parallel execution, and scalable architecture allows Wallarm to minimize impact on latency and operational performance while allowing the platform to handle large requests in real-time, even working in inline blocking mode. While other solutions struggle to process even relatively small payloads, such as 8kb, Wallarm provides better, more complete detection at scale.
Machine Learning for Attack Detection
While many attacks can be detected through a single request, such as SQL injection and Server-Side Request Forgery, attackers are increasingly employing more complex methods that exploit specific API protocols, business logic, or resource exhaustion. These types of attacks are generally categorized as API Abuse, and require detection methods that look beyond a single request. Wallarm uses a variety of methods to monitor API sessions and detect abuse.
Machine Learning
Wallarm uses machine learning to identify API abuse that employs sophisticated techniques other tools miss. Wallarm’s detectors employ methods such as linear regression, the three-sigma rule, and the isolation forest algorithm for anomaly detection.
Detectors
Request rate
Request interval
Suspicious behavior
Bad user-agent
Query abuse
Request uniqueness
Business logic
Outdated browser
Wide scope
Authentication abuse
API Session Visibility
API attacks don’t occur in a vacuum. Some stateless attacks, like SQL injection and Path Traversal, can be detected in a single request, but they still occur as part of a bigger story. API abuse and business logic attacks are stateful, and can only be detected by monitoring the whole session. The Wallarm platform’s innovative approach to identifying and monitoring API sessions provides unique detection capabilities and unparalleled visibility into the story surrounding every attack.
Features:
Configurable Session Parameters
Users can configure the specific parameters that Wallarm collects for each session, providing flexible and targeted data collection to support multiple use cases.
Configurable Sessions Identification
Sessions are automatically grouped, but users can customize the parameters used for grouping in order to support different APIs.
Session Statistics
Wallarm doesn’t just display the requests in the session. The platform also displays overview statistics for each session, including detected attack types, IP addresses, request methods, and response codes.
Privacy-First
In line with our privacy-first architecture, Wallarm only transfers limited session data to the cloud. Selected parameters are transferred, and full requests for attacks. Selected parameters can be hashed to protect their contents.
Use Cases:
Attacks in Context
A single attack is just a piece of the puzzle. Wallarm sessions displays the full story for each attack, including the requests before and after.
API Abuse Prevention
Abusive behavior-based attacks cannot be detected in a single request. API sessions gives Wallarm’s API Abuse Prevention feature the ability to detect malicious activity missed by more limited tools.
Business Logic Attacks
Business logic attacks require an understanding of how the API should work. Session monitoring gives Wallarm the data necessary to profile an API’s normal behavior so that business logic attacks can be identified.
Use Patterns
Novel attacks or even simply bad API behavior require the ability for users to see and review patterns of traffic. Sessions unlocks this use case by providing the underlying data required,
Ready to protect your APIs?
Wallarm helps you develop fast and stay secure.