Automatically Apply Protection
at Deployment Time
API Security is rapidly becoming one of the primary cybersecurity threats. APIs are proliferating due to the wide adoption of mobile apps, rich web applications, smart devices, and microservices architectures. Combined with the use of cloud services, this radically expands the attack surface compared to traditional web application user interfaces. With so many entry points often widespread in the network architecture, the perimeter defense with WAF in front of a server is no longer enough to ensure all entry points are protected.
To address these issues, 42Crunch Platform moves the defense from the network perimeter to in-depth directly in front of your APIs. With API Protection, you can protect each API from malicious intents with an API micro-firewall. The micro-firewall is tailored to your APIs, so it can distinguish hacking API calls from legitimate API traffic, unlike a traditional WAF-based solution.
Positive Security Model for APIs
Many of the API attacks today could be avoided with proper data validation for both inbound and outbound messages. To make staying on top of security more straight-forward, API Protection uses a positive security model based on strict conformity to the API contract of the protected API. API Protection blocks unwanted requests (including bots) and prevents hackers from sending unexpected and edge-case requests to your APIs to fish for information.
API Protection creates an allowlist of the valid operations and input data based on the API contract, and API Firewall enforces this configuration to all transactions, incoming as well as outgoing responses. Transactions that do not conform to the API definition are automatically blocked.
Thanks to our technology, each of your APIs is protected individually. No more complex rules trying to catch issues across all your APIs. Instead, each time your API changes, its protection evolves.
Unlike most solutions dealing with security today, you do not need to manually create rules to configure 42Crunch’s API firewall. You can deploy our API firewall (from your CI/CD pipeline) and reconfigure it automatically each time the API changes.
Our unique technology directly interprets OpenAPI / Swagger definitions and takes advantage of all the information the definition contains to constrain the API traffic, both on request and responses.
Maximum Functionality, Minimal Latency
The API firewall was developed with performance in mind. Written in C and highly optimized, it typically only adds less than 1 millisecond of latency to the whole transaction, allowing you to deploy it at scale across your enterprise.
42Crunch API protection is compatible with different API deployment architectures including API gateways, microservices, and service meshes.
You can use our API firewall to equally protect north-south and east-west traffic. Thanks to its low footprint, it can be deployed at scale on any container orchestrator such as Kubernetes, Amazon ECS or Red Hat OpenShift(®).
Our runtime is fully compatible with existing API management solutions or API gateways and with microservices-based architectures. We support the sidecar proxy and gateway deployment models.
Are you protected from the OWASP API Security Top 10?
As a result of the growing threat landscape and increasing usage of APIs, the OWASP API Security Top 10 Project was launched to help companies address security vulnerabilities specific to APIs.
Learn more about the OWASP API Security Top 10 and how 42Crunch can help.
Want to learn more? Here are some resources to help you out!