Axway has made a number of updates to in its release of Axway 5 Suite API Management, release 7.4.1 including built-in API Firewalling capabilities.
The Axway 5 Suite API Management platform provides companies with an enterprise-grade API management and security platform offering the ability to protect against malicious attacks, including Denial of Service (DoS), code injection and other threats with built-in security and Web Application Firewall (WAF) capabilities secure and protect web services and REST APIs.
New API Firewalling capabilities with this latest release include:
- API Management Threat Protection: New threat protection allows users to refresh a rule set via standard deployment rather than restart, define policies on alerts raised by the rule set engine, process any http response, or deploy on all 7.4.1 supported operating systems.
- ModSecurity-Based Commercial Rule Sets: Companies can now use prepackaged rule sets or ModSecurity-based commercial rule sets that implement OWASP Top 10 and other recommended rules, implement their own rules, or use a combination of black or white-listing to help protect their APIs and Web services from any threats.
- Graphical Policy Development: This feature enables businesses to quickly create and enforce any fine-grained security or business policies such as preemptive blocking based on patterns, attribute-based enforcement, identity-based policy enforcement, rules-based business routing, and advanced alerting based on patterns and events.
- Built-In Graphically Configured Audit Trails: Through built-in graphically configured audit trails, organizations are able to enforce compliance or track and investigate any suspicious activity.
- Advanced API Analytics: Advanced API analytics capabilities allow users to monitor permitted or blocked traffic patterns and to track end-to-end flows across APIs from back-end systems to partners and customers.
- Other Enhancements: The release also includes additional enhancements such as support for Swagger 2.0, the introduction of password policies on API Gateway roles, an additional user audit log, and advisory banners for user authentication to the API Gateway.