API Protection Is Business Protection

Critical business functions such as ordering, fulfilment and payment are conducted via APIs. Attacks on these business critical services can result in loss of revenue and sensitive data. On one hand, “enemy fire” attacks and exploits are getting more sophisticated and more organized. On the other hand, the proliferation of API clients is subjecting APIs to more "friendly fire" from poorly engineered or malfunctioning clients. Vordel API Server protects APIs from both enemy fire and friendly fire alike. Vordel API Server offers powerful threat prevention along with comprehensive logging and monitoring.

Message Level Security Across All API Traffic with Vordel API Server

Network firewalls do not block message level threats. Web application firewalls only protect web applications. Vordel API Server detects and prevents message level threats across all API traffic, including Cloud, web, mobile and B2B channels. Messages are scanned at the:

• Protocol header level, including HTTP Headers and HTTP QueryString parameters, as well as HTTP POST data.
• REST API methods (GET, PUT, DELETE, POST, etc.) are selectively secured, ensuring that inappropriate method usage is detected and blocked.
• SOAP header level for security tokens and timestamps.
• XML level.
• Attachment level.

Protection In Breadth And In Depth Using Vordel API Server

Vordel API Server detects and prevents all common attacks against APIs, including all attacks outlined in the NIST SP800-95 document "Common Attacks Against Web Services". Vordel API Server has integrated virus scanning of all message content, including attachments. Vordel offers out-of-the-box integrations with leading anti-virus services, including CLAM AV, McAfee, and Sophos. Threats blocked by the API Server include:

• Denial of service attacks
• Command injection attacks
• Malicious code, virus
• Sniffing
• Spoofing, tampering, and impersonation
• Data harvesting
• Privilege escalation
• Reconnaissance

Protection Against “Friendly Fire” Attacks with Vordel API Server

Cloud and mobile computing have greatly increased the usage of APIs not only in terms of volume of traffic, but also the number of different API clients. This increase in both number and variety of API clients can lead to a larger number of poorly engineered clients, as well as an increase in incidents of client malfunction. A misbehaving client repeatedly sending requests can cause as much damage as a denial-of-service attack. Vordel API Server protects APIs from potential “friendly fire” by monitoring API call volume and client behaviours. Clients exhibiting disruptive behaviours can be blocked or throttled.