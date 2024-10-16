A web application firewall (WAF) is a technology that protects web applications by monitoring and filtering web traffic, blocking malicious or unauthorized traffic. WAAP services and solutions typically include a web application firewall along with other technologies such as bot mitigation and DDoS protection.
WAAP solutions deliver protection against evolving threats
WAAP is an acronym for web application and API protection, a class of security technologies designed to protect web applications and APIs from a broad range of increasingly sophisticated cyberattacks.
In today’s interconnected world, web applications and application programming interfaces (APIs) are business-critical technologies — which makes them prime targets for cyberattacks. From malware and cross-site scripting to adversarial bots and volumetric DDoS campaigns, the threats to web apps and APIs grow more sophisticated every year, complicating efforts to protect these digital properties. Cloud journeys, modern DevOps practices, the growing number of microservices, and constantly evolving apps and APIs add additional complexities and challenges.
Akamai App & API Protector is a holistic web application and API protection (WAAP) solution that delivers intelligent, end-to-end protection against a wide range of multi-vector attacks. With automatic API discovery, adaptive detections, built-in bot mitigation, and continuous self-tuning, Akamai’s WAAP solution secures sites, apps, APIs, and infrastructure from the most dangerous cyberattacks.
The challenges of protecting web applications and APIs
Web applications are constantly evolving and becoming more complex, creating new application security challenges for organizations. Modern web applications and microservices increasingly rely on APIs for nearly every interaction, expanding the attack surface with new potential entry points for hackers. The number of known software vulnerabilities now exceeds 180,000, and thousands more are discovered each year.
As the application attack surface expands, cybercriminals have responded with increasingly sophisticated multi-vector attacks. Often using automated bots, botnets, and vulnerability scanners, attackers can successfully break into IT environments and take over user accounts to steal data, transfer funds to fraudulent accounts, disrupt business operations, and launch crippling cyberattacks.
In response, security teams have adopted web application and API protection solutions to mitigate these DDoS and API-based attacks. However, many of these technologies rely on traditional web application firewalls (WAFs), which must be constantly tuned as applications change, threats evolve, and updates become available. Manual tuning requires a great deal of time and effort from skilled operators, often making these WAF solutions essentially unscalable. As a result, WAF security controls and policies can quickly become outdated, resulting in a deluge of alerts that overwhelm security teams and make it impossible to differentiate false positives from actual attacks. As alert fatigue sets in, security teams that are unable to tune rules effectively may pull their protections out of line to avoid disrupting the business and impacting users.
In this environment, managing web applications and API protection requires more powerful functionality and automated solutions that can increase security while minimizing management tasks. That’s where Akamai’s WAAP technology can help.
WAAP solutions from Akamai
Akamai App & API Protector is a cloud-based WAAP solution designed to protect applications and APIs from a broad array of network and application layer threats with less effort and overhead. From bot visibility and mitigation to DDoS protection and self-tuning recommendations, App & API Protector solves many of the challenges that are a frequent source of friction for security teams when deploying and managing WAAP technology.
Designed for automation and simplicity, Akamai App & API Protector combines industry-leading technologies in web application firewall, API security, bot mitigation, and DDoS protection in a single solution that is easy to use. A new multidimensional, adaptive security engine provides threat-based detections by correlating intelligence across the Akamai platform with data/metadata from each web and API request. This technology enables App & API Protector to detect 2x more attacks — with a 5x reduction in false positives — than previous Akamai technology. Deploying advanced decision-making logic that is tailored to the unique traffic of an organization, Akamai’s WAAP technology stops both common and highly targeted attacks with incredible precision.
Self-tuning capabilities
Because no WAAP can be 100% accurate, App & API Protector features self-tuning capabilities that minimize operational friction and reduce administrative overhead. Using advanced machine learning, App & API Protector automatically analyzes all security triggers — including actual attacks and false positives — to develop policy-specific tuning recommendations that can be accepted by administrators with just a few clicks.
Bot protection
Akamai App & API Protector defends against the growing volume of bot attacks with technology that detects and recognizes malicious bot and botnet traffic while enabling third-party and partner bots to operate without obstruction. Real-time visibility into bot traffic empowers security teams to investigate skewed web analytics, prevent origin overload, and add customized bot definitions to Akamai’s expansive directory of more than 1,750 known bots.
API discovery and protection
Akamai’s WAAP technology automatically discovers a full range of known, unknown, and evolving web APIs across all web traffic, including endpoints, definitions, and traffic profiles. Newly discovered APIs can be easily registered with just a few clicks. Greater visibility helps defend against hidden attacks while revealing unexpected changes and errors.
Advantages of Akamai’s WAAP technology
With Akamai App & API Protector, security teams can:
Achieve broad protection. Enjoy comprehensive protection for all websites, applications, and APIs from a broad range of cyberthreats, including automated botnets, API-based attacks, injection, and volumetric denial of service attacks, among others.
Enjoy frictionless maintenance. Alleviate alert fatigue with simplified security controls including automatic self-tuning, which allows security teams to stay focused on actual attacks by reducing false positives by 5x.
Minimize the API attack surface. Automatically discover and protect APIs from vulnerabilities such as the OWASP Top 10 threats, OWASP Top 10 API threats, and more.
Accomplish more with fewer resources. Manage WAAP protections, bot visibility and mitigation, DDoS protection, SIEM connectors, web optimization, API acceleration, and more from a single solution.
Customize WAAP rules. Security teams can easily generate customized rules to manage scenarios not covered by standard protections.
Block DDoS attacks. Akamai instantly drops network-layer DDoS attacks at the edge while mitigating application-layer attacks within seconds.
Automatically update WAAP protections. Insights from over 300 TB of daily traffic data and the analysis of Akamai threat researchers are automatically updated to the adaptive security engine, improving security outcomes while minimizing administrative overhead and operational friction.
Frequently Asked Questions (FAQ)
Using data from a wide array of threat intelligence sources, WAAP technology inspects and analyzes incoming HTTP traffic at the edge of the network to identify and mitigate attacks such as SQL injection, distributed denial-of-service (DDoS), credential stuffing, API-based attacks, and many other forms of cybercrime.
