Header Image

Web, Mobile & XML Firewalling

The Opportunity: Consolidated Web, Mobile & SOA Edge Security

 

Enterprises are increasingly opening up applications to the Internet through both Web protocols and newer, API-driven protocols. Providing a single integrated security DMZ that can protect enterprise applications shared via the Web, mobile apps and APIs gives organizations an opportunity to collapse the security edge while protecting internal information assets against any application attack or vulnerability.

 

The Challenge: Protect Applications Against Attack Across Web, Mobile & API

 

Mobile and APIs introduce new attack vectors into enterprise applications. API standards like REST and SOAP create new openings into an organization. Messaging protocols like JSON and XML create new exploitation risks. Traditional Web application firewalls (WAFs) are HTML- and URL-centered in their protection regimes. They are not suited to open APIs or the message-borne risks common in mobile- and API-based interactions. As mobile and APIs overtake the Web in importance inside the enterprise, organizations will need to find security Gateways that can protect against mobile and API risks first and Web risks second. 

 

The Solution: Layer 7 API Security Gateway with WAF & Mobile Security

 

Layer 7’s API security Gateway technology delivers perimeter defenses against API, mobile and Web attack – in a single, integrated solution. Layer 7 provides:

  • DoS-level protection for application interfaces
  • URL-based security
  • WAF protections against attacks like SQL injection 
  • Firewalling security for HTML5- and API-driven mobile interactions

All of Layer 7’s API and WAF security is strongly integrated with the Layer 7 identity and access features to provide advanced user, app, site and device security capabilities. 

 

The Layer 7 Value: The Leading Gateway for API & SOA Firewalling

 

Layer 7 API Gateways address access, federation and message security challenges associated with API/SOA-based integrations that leverage SOAP, REST and JSON application interfaces. A Layer 7 Gateway can be deployed as a secure onramp to an ESB or as a DMZ-class edge device gating access to an internal ESB or application interfaces. Hardware, virtual appliance and software deployments are available. All form factors support FIPS standards, are PCI-DSS compliant and are STIG vulnerability tested to meet rigorous US defense industry standards.

Layer 7 Gateways support a comprehensive set of API/SOA security and governance use cases spanning identity, access, threat protection, privacy, communication integrity and information assurance. Capabilities include:

  • SSL termination and acceleration
  • Service authentication with a wide range of credentials, tokens and cookies
  • Operation-level authorization
  • Credential validation, translation, generation or chaining
  • SAML- and OAuth-style federation
  • Identity integration with CA, Microsoft, Novell, Oracle, RSA, Sun, Ping and IBM
  • Data validation and API attack protection
  • XML data normalization and transformation
  • API versioning and transformation across SOAP, REST and JSON
  • Content- or availability-based routing
  • Message- and field-level encryption, redaction, filtering and signing
  • Throttling of access to a service endpoint, using attribute-based policy
  • Identity and message caching
  • Transaction logging and auditing
  • Payload virus scanning using leading virus scan engines
  • PKI certificate management
  • Hardware key stored either onboard or off-board