Back when Service Oriented Architectures (SOA) were all the rage and SOAP-based web services were the primary means of integration, there arose a need for SOA Gateways in the market. These solutions offered management, versioning, HTTP routing, and more. What they didn't offer - at least not comprehensively - was security. For that, we saw the rise of SOA Security Gateways.
Today, APIs are all the rage and RESTful, JSON-based services provide the backbone for mobile and cloud-native apps to exchange data. APIs need the same set of services as SOA gateways - including security. But like their predecessors, most API Gateways are focused on business and application-specific capabilities.
API Gateways like 3scale evaluate, transform, and secure messages across an organization. They provide support for versioning, rate limiting, and business-focused functions like integration with payment gateways. Dashboards offer developers a view of performance and usage.
But API Gateways don't necessarily provide comprehensive security coverage. DoS protection, ferreting out malicious content, and blocking bots is the purview of security services like an advanced WAF. By pairing the two, you raise the bar on security and increase confidence in the integrity of your APIs.
This is particularly important considering that 60% of organizations offer a public API (State of API Integration 2018, Cloud Elements) available to any developer. Any developer might be a good thing for opening up opportunity, but it also opens the business to attack by those harboring malicious intent.
F5 has teamed up with 3scale to enable customers to enjoy a comprehensively secure application environment. By layering an F5 Advanced WAF in front of a 3scale API gateway, you can benefit from additional security measures that include the use of IP intelligence to identify threats faster and more accurately, the ability to offer a secure API façade internally or externally, and protection against a variety of application layer attacks.
That's increasingly important as APIs take center stage as the primary means of integration both internally and externally. As noted in a Forbes article in 2018:
The list of high-profile companies that exposed information on customers due to API problems in just the last few months includes online retail giant Amazon, telecom T-Mobile, food retailer Panera Bread and the Black Hat security conference
This is not a list you want to find yourself on, and that's why we partnered with 3scale to bring this solution to market.
You can find out more about how F5 Advanced WAF works with 3scale to protect APIs in this solutions brief.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...