Enterprises are increasingly opening up applications to the Internet through both Web protocols and newer, API-driven protocols. Providing a single integrated security DMZ that can protect enterprise applications shared via the Web, mobile apps and APIs gives organizations an opportunity to collapse the security edge while protecting internal information assets against any application attack or vulnerability.
Mobile and APIs introduce new attack vectors into enterprise applications. API standards like REST and SOAP create new openings into an organization. Messaging protocols like JSON and XML create new exploitation risks. Traditional Web application firewalls (WAFs) are HTML- and URL-centered in their protection regimes. They are not suited to open APIs or the message-borne risks common in mobile- and API-based interactions. As mobile and APIs overtake the Web in importance inside the enterprise, organizations will need to find security Gateways that can protect against mobile and API risks first and Web risks second.
Layer 7’s API security Gateway technology delivers perimeter defenses against API, mobile and Web attack – in a single, integrated solution. Layer 7 provides:
All of Layer 7’s API and WAF security is strongly integrated with the Layer 7 identity and access features to provide advanced user, app, site and device security capabilities.
Layer 7 API Gateways address access, federation and message security challenges associated with API/SOA-based integrations that leverage SOAP, REST and JSON application interfaces. A Layer 7 Gateway can be deployed as a secure onramp to an ESB or as a DMZ-class edge device gating access to an internal ESB or application interfaces. Hardware, virtual appliance and software deployments are available. All form factors support FIPS standards, are PCI-DSS compliant and are STIG vulnerability tested to meet rigorous US defense industry standards.
Layer 7 Gateways support a comprehensive set of API/SOA security and governance use cases spanning identity, access, threat protection, privacy, communication integrity and information assurance. Capabilities include: