WAF and API Protection evaluation сhecklist

Are you looking for a solution to protect your apps and APIs? What should it support in 2021? What is the criteria of a great product?

Detection Capabilities
Common Threats
(OWASP Top 10 and OWASP API Top 10)
Virtual Patching
Account Takeover (ATO)
Business Logic Attacks
API Protection
Supported Services
Single Page Applications
APIs
XML-based (like SOAP), JSON-based (like REST), GraphQL, and gRPC
Microservices
Serverless
AWS Lambdas, Azure Functions, GCP Cloud Functions
Deployment
Deployment in Cloud and Private DCs
Public, Private, Hybrid, and Multi-Cloud, Private Data Centers
Cloud-Native Deployment
Kubernetes Sidecar and Ingress Controller, Service-Mesh
Multi-Tenancy Support
Low Management Overhead
Low False Positives out-of-the-box
Signature-less attack detection
Auto-adjustment of security rules
Managed SOC team services included in subscription
Scalability
Auto-scaling capabilities with AWS/GCP/Azure
Scales w/ Clusters (horizontal scaling)
API Protection
API Protection for modern APIs
REST, SOAP, gRPC, graphQL, Websockets
API Abuse Protection
Discovery API structure on the traffic
Identify Shadow APIs
Protection w/o API schema
Observability
Understandable, Informative, Customizable Dashboards
Deep-dive on “why” of blocking
Compliance and Reporting
Regulatory Compliance Support
(like PCI DSS or GDPR)
Built-In Report Formats
SOC2 compliance
Usability
Easy Configuration and Updates
Ability to access WAF documentation
Cost
Should be within the budget
Clear pricing model
Bot Identification Tools
Identify traffic from datacenters, Tor, proxies
Bruteforce / ATO protection
Integrations
Public API
Webhooks
SIEM Integrations
Splunk, Sumo Logic, IBM QRadar, etc.
DevOps Tool Integrations
PagerDuty, OpsGenie, VictorOps, etc.
Messenger Integrations
Slack, Microsoft Teams, etc.
Smart notifications
Metrics exposed
Active Checks / Vulnerability Scanner Capabilities
Integrated Vulnerability Detection
Misconfiguration
DevOps Configuration
Via API
Via Terraform Provider
Via Kubernetes
Wallarm
Address:94107San FranciscoBrannan St, 415
(415) 940-7077,request@wallarm.com