Imperva is delighted to announce a new partnership with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform. Through the new partnership, Kong Enterprise customers can protect their business applications and data by deploying the Imperva API Security plugin, available in the Kong Hub. The Imperva API Security plugin enables Kong Enterprise users to add advanced API security capabilities seamlessly into their API development lifecycle.
Evaluate API Risk at the Gateway
Imperva API Security is part of the market-leading Application Security platform, of which Imperva Web Application Firewall (WAF) is a key component, offering security teams visibility into all application and business logic risks via a single dashboard. The comprehensive Imperva platform not only protects critical assets from traditional attacks such as injection and Distributed Denial of Service (DDoS) attacks, but also mitigates against more complex threats including API abuse, bad bots, and account takeover, allowing for an enhanced security posture.
As a result of the partnership with Kong to integrate API security into their Enterprise Gateway, the Imperva offering provides security teams with visibility into every API call, and the ability to assess risk exposure and take preventative measures from potential attacks.
The integrated solution delivers API security for development teams through the Imperva plugin, including:
- API Security risk assessment: Protect against the latest Open Web Application Security Project (OWASP) API Security Top 10 risks and other API design issues as developers build microservices and APIs across different environments.
- Encryption and authentication: Embedded encryption of data in motion in APIs, as well as authentication and access authorization to all APIs under management.
- Data identification and classification: Monitor APIs in production and API calls to the gateway, automatically discovering an API’s full schema while identifying and classifying the data flowing through it.
- Continuously discover APIs and schema changes: Without slowing down the developer, API inventories are automatically updated whenever a change is made in production.
Imperva API Security Provides Protection from Abuse, Business Logic Attacks, and Anomalies
APIs are an integral part of modern application development and a game changer for businesses and consumers. By connecting applications to share information — whether in the cloud, on-prem or both — APIs offer a streamlined and engaging user experience for consumers while boosting automation and generating new revenue streams for businesses. The API Management market is expected to reach USD 13.7 billion by 2027 (from USD 4.5 billion in 2022), boosted by the increase in SaaS and hybrid deployments.
While the evolution of APIs has empowered organizations to innovate in new ways, security has not kept pace. The attack surface continues to expand and cybercriminals are coming up with new and sophisticated ways to exploit APIs.
The increase in API usage coupled with the growing list of API abuse types is driving the need for more advanced API Security solutions. By partnering with Kong to offer industry-best API security, Imperva provides developers and security teams a fast route to bridging the growing API security gap.
Imperva API Security Mitigates Business Logic Attacks
Business logic attacks are a new generation of attack type and the most harmful and threatening to your API security. These attacks target gaps in an API’s business logic information as a means to gain access to critical data. Data exposure from an API breach could lead to severe financial penalties, reputational damage, and customer loss. In the last year, 17% of API attacks were business logic attacks.
Since API business logic is designed in the development phase, malicious activity targeting business logic flaws often goes unnoticed as it resembles and is considered to be legitimate behavior. As a result, this type of attack is very difficult to detect and block. Organizations with potential business logic gaps in their APIs are at serious risk for data loss.
Imperva API Security is designed to help customers protect their APIs from this type of abuse and many others.
About Imperva API Security
Imperva API Security is easy to deploy and provides continuous protection of all APIs using deep discovery and classification of sensitive data to detect all public, private, and shadow APIs.
The Imperva API Security plugin is available to download in the Kong Hub.
Learn more about Imperva API Security here.
Learn more about Kong Inc.
Try Imperva for Free
Protect your business for 30 days on Imperva.