As organizations expose more sensitive data and business-critical functions via APIs, protecting the business means protecting those APIs against the kind of attacks and security breaches that can result in brand damage, loss of revenue and compliance penalties.
Axway API Gateway provides comprehensive API security and out-of-the-box identity management integrations to deflect attacks against, control access to, and secure the data transmitted by cloud and mobile APIs, as well as traditional SOA web services. Complete auditing, monitoring, logging and reporting capabilities also help enterprises meet compliance mandates.
Protection against both enemy and friendly fire
In recent years the growing number and variety of API clients has led to badly engineered clients and incidents of client malfunction. A misbehaving client can repeatedly send requests that cause as much or more damage as a denial-of-service (DOS) attack.
Serving as the policy enforcement point (PEP) that authenticates, authorizes and audits API access, Axway API Gateway protects APIs from malicious attacks as well as potential “friendly fire” by monitoring API call volume and client behaviors. Clients exhibiting disruptive behaviors can be blocked or throttled.
Message-level security across all API traffic
Network firewalls do not block message-level threats, and traditional firewalls only protect Web applications. Axway API Gateway can detect and prevent message level threats across all API traffic, including cloud, web, mobile and B2B channels. Messages are scanned at the protocol header, SOAP header, XML and attachment levels and REST API methods (GET, PUT, DELETE, POST, etc.) can be selectively secured to ensure that inappropriate method usage is detected and blocked.
Axway API Gateway also provides integrated virus scanning of all message content and attachments, and offers out-of-the-box integrations with leading anti-virus services, including CLAM AV, McAfee and Sophos.