Posted 4/7/2016 1:06:19 PM by RICHARD HARRIS, Executive Editor
Distil Networks has released a new Distil API Security service that protects vulnerable Application Programming Interface (API) endpoints from malicious traffic. The Distil API Security solution protects all types of APIs including those serving web browsers, mobile applications, and Internet of Things (IoT) connected devices.
Distil API Security defends against developer errors and automated API scraping, as well as web and mobile API hijacking. The new platform provides companies with the ability to manage the security of APIs beyond relying on simple authentication tokens or basic IP rate limiting to guard attack vectors.
Distil API Security tracks API usage across both identification tokens and IP addresses to detect and block malicious activity, developer errors, and abuse. The solution also tracks API usage based on ID tokens in addition to IP addresses, which provides the ability to enforce partner agreements and the terms of service for APIs, even if a user tries to change tokens or dynamically changes IP addresses.
The platform offers easy configuration and multiple deployment options (Cloud CDN, Appliance, AWS) offering:
- Instant-on for existing Distil Networks customers
- Add to any API in minutes regardless of where APIs are in the development cycle
- No coding required
Distil API Security provides token-based user tracking compatibility with existing token names and locations as well as token-specific tracking enables device level granularity often lost at the IP level
Advanced rate limiting features includes multi-tiered rate limiting which provides graduated enforcement options for violations based on tokens or IP addresses. Per token and Per IP rate limiting prevents token cycling and token distribution, two common weaknesses to IP only rate limiting.
With dynamic access control list, self-deprecating ACLs and dynamic IP addresses ensure that whitelists and blacklists are never stale or affected by IP drift. Geofencing is available by country or organization/ISP
The platform provides programmatic control with full featured public API access providing integration of the Distil API Security service with existing security solutions for on the fly rule changes, event investigation, and ACL updates.
Read More http://www.distilnetworks.com/api-security...