Fastly API Security

Application programming interfaces (APIs) are critical to modern digital businesses. As the number of unmonitored shadow APIs increases, they introduce significant maintenance overhead and new security risks. Engineering teams are working hard to deliver rapidly and support the growing needs of the businesses they support without missing critical gaps or introducing new security vulnerabilities. To make matters worse, many APIs are undocumented, leaving them open for attackers to exploit.

Without visibility and control over APIs, platform engineering and security teams are left in the dark about what needs to be done to secure their applications and ensure system resilience for their customers. They need a way to understand, organize, secure, and govern the API ecosystem without adding additional work or taking their time away from shipping code and driving revenue for the business.

Make sense of your APIs with API Discovery

Fastly API Discovery uncovers your public-facing APIs and automatically detects incoming API calls within the Fastly Edge network. It leverages the resilience and performance of the Fastly Edge Cloud platform, innovative and intelligent WAF, and proven DDoS protection to help you gain control, understanding, and security of your API landscape.

API Discovery is a data aggregation service which considers all traffic through the Fastly Edge to build a list of your APIs. It takes just one step to activate the service and begin identifying and compiling a list of APIs. The list is updated automatically and continuously as Fastly continues to aggregate any additional APIs seen over the network, and can be viewed via a searchable table or via CSV download.

API Discovery provides the information necessary to know what APIs are in use, how they are called, and when they are changed. By seeing the full picture of your API landscape, you can be reassured that things are working as expected. When issues arise, you will have the information necessary to make timely targeted API abuse mitigation decisions. With API Discovery, you can maintain control, understanding, and security over the API traffic moving through the Fastly Edge and use this data to develop a plan to manage what you find:

• Identify and mitigate vulnerable or unwanted APIs with rules in Next-Gen WAF

• Identify APIs being used excessively and apply DDoS Protection or Edge Rate Limiting

• Mitigate automated credential stuffing attacks with Deception in Next-Gen WAF

• Identify and mitigate unwanted API calls from bots and crawlers with Bot Management

• Identify opportunities for performance improvement, efficiency gains, simplification, or cost savings within CDN or Compute services
  

Features

• Uncover and record your APIs continuously – even the ones you didn’t know you had

• Enable easily with one simple toggle and no added latency

• Aggregate APIs seen across Fastly Edge services by domain, path, and HTTP method, with timestamps, service_ids, and dynamic URL path variable normalization

• Get a focused catalog view of discovered APIs that filters out non-API traffic

• Export to CSV for offline audit, documentation, or development

• Pay based on the number of requests, not the number of applications or APIs protected
  

Secure APIs against advanced threats with Next-Gen WAF

The Fastly Next-Generation Web Application Firewall (Next-Gen WAF) provides comprehensive Layer 7 protection for applications and APIs everywhere, unifies visibility and decisioning for mitigation, and empowers your teams to make your applications faster, safer, and more engaging. Our simplified rule builder makes it easy to quickly get up-and-running, with the flexibility and power to build fully customized rules for more complex environments.

With our patented SmartParse contextual detection, you can easily protect commonly utilized REST and SOAP/XML as well as GraphQL, GRPC, and WebSocket endpoints. This coverage includes GraphQL inspection, which parses the contents of requests to inspect them and ensure malicious payloads are not hidden within the call.

The Next-Gen WAF runs natively in any cloud, data center, or container, with various deployment options at the code, web server, or API layer. Its flexible deployment options enable visibility to external APIs in tools like Kong or NGINX, or internal APIs like those in a service mesh. The Next-Gen WAF inspects all requests at runtime to enable automated traffic decisions like blocking, rate-limiting, and layered rulesets to secure applications from OWASP Top 10 API Security Risks, payloads targeting specific API protocols, and other API threats. It is deployable anywhere and protects your APIs everywhere, so you can scale with a single security partner that protects your applications no matter how you grow.

Empower your developers to ship quickly and securely

Platform engineering and security teams need application security that is friction-free so that it can be adopted – not rejected – by app developers. Security shouldn’t be a roadblock for your teams to implement new API functionality – it should accelerate development and enhance your overall system and business resilience.

The Next-Gen WAF offers visibility into all API requests and decisioning logic out of the box, reducing complexity associated with setup and configuration. It plugs into software delivery workflows and integrates with DevOps and security toolchains to facilitate the sharing and correlation of data. Using flexible APIs, we offer dozens of integrations with common development and operations alerting engines, chat-ops, project management, and incident tracking systems. Fastly supports the tools developers are already familiar with instead of forcing them outside of their toolchain environment to perform security testing. By supporting their native tools, we help them remediate issues faster and facilitate secure DevOps practices. 

Fastly enables your application developers to push releases faster and create better customer experiences, all while keeping your security team happy.

Ready to get your APIs under control? Contact us to get started.