WAAP: Trends, Best Practices and Cloudbric
The term Web Application and API Protection (WAAP) was coined by Adam Hils and Jeremy D’Hoinne of Gartner in 2017 to refer to largely cloud-based services designed specifically to safeguard APIs and web applications.According to Gartner, “WAAP development started with cloud-delivered WAF services that were easier to deploy, and from the start bundled WAF with DDoS protection. Slowly, the WAF market evolved to offer more than basic capabilities for bot management and API protection.”WAAPs are an evolution on traditional firewall applications, and typically involve a wide range of capabilities and services, including:
- Next-Generation Web Application Firewall (Next-Gen WAF)
- Runtime Application Self-Protection (RASP)
- Distributed Denial-of-Service (DDoS) Protection
- API and microservice protection
- Bot protection
As APIs become increasingly ubiquitous — and attacks focusing on APIs grow commonplace — organizations and companies are turning to WAAPs as a solution.In fact, with web applications and APIs accounting for an ever rising share of business traffic – according to one report, more than 70 percent of web traffic comes through APIs — organizations find themselves increasingly at risk. This is especially the case as API have far more direct access to data than web applications, making API vulnerabilities especially devastating.Web application attacks, meanwhile, continue to grow in sophistication. Attackers are utilizing an ever growing variety of methods to breach networks and cause mayhem by stealing data, inserting malware, infecting servers with ransomware and other mischief.This means traditional methods such as WAFs are no longer good enough. WAAPs give businesses a comprehensive arsenal of weapons in the war against malicious activity and protect all their assets, from edge to database.
Best Practices
- API Gateways: Red Hat defines an API gateway as “API management tool that sits between a client and a collection of backend services” such as microservices. These gateways provide a range of functions, including authorization and authentication, IP whitelisting and load balancing, in addition to tracking API usage. API gateways provide defense in depth.
- Authentication and authorization: It used to be that authentication and authorization was a one-time event, such as logging in with a password. In a world of APIs, however, authentication and authorization now requires continuous monitoring.
Cloubric WAF+: Full spectrum protection for your online presence
Trusted by banks and governments, Cloudbric WAF+ is a full-spectrum web security solution that prevents attacks. WAF+ utilizes patented AI algorithms, perfected over 20 years of security R&D experience. Cloudbric WAF+ is a fully managed, smart web security service to protect any business or organization from web threats. Our Security as a Service (SECaaS) solution implements not only WAF functionality, but also four other necessary functions to make your web-based solutions secure against attack.
- WAF: Cloudbric WAF provides fully-managed web security for enterprises and SMBs. Our logic engine boasts industry-leading accuracy and a patented deep learning A.I. module for classifying and preventing new web attacks.
- DDoS: Cloudbric web security comes standard with DDoS attack protection up to 40 Gbps, blocking out L3/4 attacks on the network layer as well as L7 DDoS attacks on the application layer.
- SSL/TLS: Cloudbric encrypts all web traffic with our complimentary SSL certificate using the latest TLS protocol that complies with international security standards.
- Malicious IP: Cloudbric automatically blocks traffic originating from Malicious IPs, thanks to our threat intelligence database based on over 700,000 websites across the globe.
- Bot Control: Cloudbric’s proprietary logic engine is equipped with a Bot Control function, blocking all malicious bots including spyware, adware, spam bots, and malicious web crawlers.
Cloudbric WAF+ is equipped with a logic-based detection engine and patented A.I. module to provide best-in-class security by parsing the actual code in the traffic. This allows us to understand hacker intent and provide users with detailed security intelligence. Cloudbric WAF+ is cloud-based and can be implemented simply by changing the DNS settings of the web server. No client agents or hardware servers needed.With three registered patents and three patents pending, the in-house developed deep learning module converts web traffic into hexadecimal images using CNN (convolutional neural network) in a manner similar to Google’s image recognition engine.The incremental learning algorithm means Cloudbric’s web security will become smarter as more attack data is collected, and thus be able to handle even unknown attack patterns better than the competition. To learn more about Cloudbric WAF+, click here.