API Protection Data Sheet

Secure APIs To Protect Data And Applications

APIs have introduced new application vulnerabilities that threat actors can take advantage of.
Generic application protection solutions are no longer adequate. When combined with a constantly
evolving API landscape, unprotected APIs have become a predominant application security threat.
To address these challenges, Radware delivers comprehensive and frictionless protection for both documented and
undocumented APIs via its application protection as-a-service solutions. Radware’s API protection technology
provides the required level of visibility, enforcement and mitigation to detect and mitigate all forms of API abuse and
manipulation, whether for on-premise or cloud-hosted environments, to ensure API protection policies always remain
updated without human intervention.

COMPREHENSIVE STATE-OF-THE-ART PROTECTION

Protecting all parts of the API (header,
body, query parameters, methods)
against a broad scope of API threats,
including data leakage, denial of
service, automated threats (bots),
embedded attacks, etc.
Accurate auto-policy generation based
on both positive and negative security
models, which continuously optimizes
and eliminates false positives.

API DISCOVERY CONSISTENT SECURITY

Adaptive protection for both The same security technology
documented and undocumented engine and policies applied across
APIs based on a automated any environment and architecture –
API discovery that requires no monolithic apps, microservices
application or security expertise. and serverless.

Radware Keeps Your APIs Safe

Effective API protection requires a complete catalog of all API endpoints. For documented APIs, Radware can
import an OpenAPI document to learn API definitions, create a matching API catalog and immediately enforce a
positive security policy tailored for that specific API. It is combined with a more generic negative security policy
to protect against known attacks patterns.

FRICTIONLESS API DISCOVERY

In many organizations, not all API documentations are properly detailed, kept updated or actually created. To
tailor a dedicated API security policy for these types of APIs, Radware provides an automated API discovery
algorithm that continuously discovers APIs and their endpoints and adapts to existing API endpoints definitions.
Based on the discovered API catalogs, a tailored security policy is generated to protect these APIs. The result is
frictionless, optimized protection for documented and undocumented APIs.

SCHEMA ENFORCEMENT
Whether provided through an OpenAPI documentation file or the aforementioned auto discovery, every API
endpoint includes definitions for its parameters’ type, size and values range. All API requests content (API
parameters, headers, and body) will be scanned against the defined parameters. If a parameter’s value in the
request does not conform to the defined parameter schema, it will be blocked.

1 | Secure APIs To Protect Data And Applications

 API Protection Data Sheet

EMBEDDED ATTACK PROTECTION

Scanning allowed API requests to detect and block embedded known types of attacks in the API parameters,
including injections, deserialization attacks, JSON exploits, XML bombs and more.

SECURITY POLICY SELF-OPTIMIZATION

To ensure the security policy is accurate enough to block attacks, Radware’s API protection continuously runs
a machine-learning based security algorithm that automatically suggests and applies security policy adjustments
to correct and eliminate false positives.

API PROTECTION AGAINST AUTOMATED THREATS

Radware’s API protection also includes machine-learning algorithms to detect malicious bot activities targeting
APIs from automated attacks such as account takeover attacks (token cracking, credential staffing, account
creation), content scraping and data harvesting and fraud.

DATA LEAKAGE PREVENTION

API responses requests are inspected to detect sensitive data (CCN/SSN/ID etc.) and mask it.

API QUOTA MANAGEMENT

To ensure API usage is not abused or overused, Radware’s API protection solution can limit the number of API
calls during a configurable timeframe per API endpoint and per source.

Radware's API Protection Benefits

A frictionless security solution that requires no application or security expertise

Ð Auto-policy generation tailored per API endpoint

Ð Completely automated discovery, generating an accurate API schema and a tailored security policy
Ð Eliminate human errors; no human intervention required to complete the API discovery process
Ð Keeps documented APIs security protection up to date by automatically discovering API changes
Protect APIs with Radware’s managed security services

Ð Fully-managed onboarding process for new applications and customers

Ð Ongoing review and optimization of security policies – eliminating false positives
Ð Real-time support by Radware’s Emergency Response Team
Maximum security with minimal overhead

Ð Automated security policy generation based on both positive and negative security models
Ð Ongoing automatic security policy optimization, continuously reducing false positives
Ð Reporting and analytics to provide insight into API catalogue, documented OpenAPIs and undocumented,
attack reporting dashboard, good bot analysis, etc.

© 2022 Radware Ltd. All rights reserved. The Radware products and solutions mentioned in this document are protected by trademarks, patents and pending patent
applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are
property of their respective owners.

2 | Secure APIs To Protect Data And Applications