It’s no great secret that the number of applications worldwide is growing exponentially. Just look at any business, and the broad suite of workloads utilized ranges from externally facing marketing and e-commerce workloads to internally focused productivity and HRM apps. And more often than not, these hordes of apps are deeply intertwined and dependent on one another, creating a complex web of ‘chatter’ as API requests are fired back and forth between them. While these APIs enable your employees, customers, and partners to benefit from sophisticated applications, they also expand your threat perimeter, providing another surface for cyberattacks to exploit. In fact, recent breaches at Amazon, Facebook and even the Black Hat security conference all targeted vulnerable APIs—resulting in mass data loss.
At F5, our goal is to ensure the security of every app, anywhere.
Appreciating that not all apps are created equal—with mission-critical applications taking precedence over less sensitive workloads—we understand that it can be incredibly difficult and costly to secure every application interface across your entire portfolio. For this reason, many businesses turn to cloud-native security solutions to protect their less sensitive apps, while relying on an F5 Advanced WAF to secure their more critical workloads. But as many organizations have found out (the hard way), any application interface can be an entry point in to your network and data, meaning that ‘good enough’ security, really isn’t.
As you may recall, last year F5 partnered with AWS to deliver three sets of managed rules that can be layered atop AWS’ native WAF—to extend its security capabilities to include bot, OWASP and CVE (common vulnerabilities and exposures) protection. Building on this integration, we’re pleased to release another ruleset which focuses solely on protecting your APIs against existing and emerging threats, including XML external entity (XXE) attacks and server-side request forgery (SSRF).
With AWS API Gateway recently adding support for the AWS WAF, adding F5’s Managed Rules for API Protection is a quick and easy way to enhance your API security posture here without any security expertise or adopting an advanced WAF solution. In addition to supporting APIs within API Gateway, the rules also protect various other common web API frameworks.
All rules are written, managed, and updated regularly by F5 security experts, so you never need to worry about manually updating versions to protect against emerging vulnerabilities. The rules can be applied in a few clicks, to specific applications, and licensed on a pay-as-you-go utility model without contracts or other commitments.
For more information about any of F5’s Managed Rules for AWS WAF, head on over to the AWS Marketplace to check them out:
- API Security Rules
- Bot Protection Rules
- Web Exploits – OWASP Rules
- Common Vulnerabilities and Exposures
Or check out F5’s Advanced WAF which provides everything covered in the rules and much, much more:
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...