Segurança de API em nuvem distribuída F5

Saiba mais sobre o recente anúncio de segurança da F5 e da Wib API›

Discover and map APIs, block unwanted traffic and connections, and prevent data leakage

Improve API Visibility and Protection

APIs change frequently. With F5, easily and continuously identify all API endpoints mapped to your applications and monitor anomalous activities or shadow APIs including blocking of suspicious requests and endpoints. Our solution helps you generate OpenAPI spec files to minimize manual tracking of API endpoints while reducing time spent configuring and deploying API security policies.

texto

Improve API Visibility and Protection

APIs change frequently. With F5, easily and continuously identify all API endpoints mapped to your applications and monitor anomalous activities or shadow APIs including blocking of suspicious requests and endpoints. Our solution helps you generate OpenAPI spec files to minimize manual tracking of API endpoints while reducing time spent configuring and deploying API security policies.

texto

Limit Data Loss

Better understand and monitor data being exposed by your APIs. Streamline the discovery, tagging and reporting on data including common PII, compliance related data types (e.g. PCI-DSS, HIPAA, GDPR etc) and customer patterns - with capabilities to limit, mask or block APIs from exposing this data.

Reduce exposure of API vulnerabilities in production

Seamlessly integrate into API code repositories to begin discovering and monitoring your APIs earlier in the development lifecycle. Helping you get visibility and understanding of your APIs and any vulnerabilities before they are released into production ensures that your APIs meet your security and/or compliance standards, APIs that don’t meet your standards can be protected while code fixes are implemented – limiting the number of unchecked vulnerabilities pushed into production.

texto

Reduce exposure of API vulnerabilities in production

Seamlessly integrate into API code repositories to begin discovering and monitoring your APIs earlier in the development lifecycle. Helping you get visibility and understanding of your APIs and any vulnerabilities before they are released into production ensures that your APIs meet your security and/or compliance standards, APIs that don’t meet your standards can be protected while code fixes are implemented – limiting the number of unchecked vulnerabilities pushed into production.

texto

Achieve full API lifecycle security

Integrate security into the CI/CD process through a comprehensive approach to protecting your APIs from design, build and test, and throughout production. Our solution ensures your APIs are secured at every stage, identifying and addressing potential vulnerabilities earlier before release and continuously monitoring and protecting against threats and misuse once released.

Visão geral do produto

Discover, govern, and protect your APIs with Distributed Cloud API Security

A segurança de API de nuvem distribuída fornece descobertas e insights profundos a partir do uso de IA/ML. Identifique APIs ocultas e bloqueie ataques de API em tempo real e elimine vulnerabilidades na origem. O portal baseado em SaaS permite que os usuários gerenciem e se aprofundem em análises de ameaças, análises forenses e solução de problemas de comunicações de API para aplicativos modernos.

Nuvem pública

Gerencie e proteja cargas de trabalho de aplicativos hospedadas em nuvens, incluindo AWS, Azure, GCP, etc.

Veja as opções de nuvem ›

No local

Gerencie e proteja aplicativos no data center e nos sites de ponta.

Veja as opções no local ›

PoPs Globais F5

Protect application workloads from any of the points of presence (PoPs) on the F5 global network.

Veja o Mapa da Rede Global ›

Capacidades Essenciais

Delivers a broad approach to API security with a combination of governance, monitoring, and enforcement functionality to help organizations detect and block Open Web Application Security Project (OWASP) API Top 10 attacks.

Automatic API Discovery

Detect and map all APIs directly from code repositories, through traffic analysis and external domain crawling including forgotten, unmanaged and shadow APIs, for a complete view into an apps ecosystem including automatic generation of OpenAPIspec (OAS) files.

Import API Schema

Automatically create and enforce a positive security model with learned or existing OpenAPI specifications.

Sensitive Data Detection and Protection

Identify and report on sensitive data being exposed including common PII, and data types relevant to critical compliance frameworks (e.g. PCI-DSS, HIPAA, GDPR etc.) – with capabilities to limit, mask or block.

ML-based traffic monitoring + AI assistant

Monitor all traffic through continuous machine learning, allowing organizations to maintain behavioral baselines, while flagging and blocking suspicious activity over time. Augmented with an AI assistant, leveraging the power of natural language queries to streamline analysis of and access to API security events, with context and actionable recommendations.

Authentication Discovery and Risk Scoring

Identify and baseline the authentication state of all APIs within an environment, allowing for automatic discovery with views into authentication status, details, and risk score.

API Protection and Enforcement

Limit, control and block API endpoints and suspicious or malicious activity through a combination of in-line app and API security capabilities with WAF, including granular L7 policy engine.

Suporte e integrações de plataforma

Amplo suporte de plataforma e provedor de nuvem
Descoberta de serviços e integrações de malha de serviços
Automação, alerta e integração SIEM

Amplo suporte de plataforma e provedor de nuvem

Distributed Cloud Services can be delivered to apps running on any platform, on any public/private cloud. Distributed Cloud Services helps connect and secure apps running in VMs, containers, bare metal, or serverless.

Descoberta de serviços e integrações de malha de serviços

Distributed Cloud Services supports multiple service discovery protocols simultaneously. Consul, Kubernetes, and DNS work out of the box. Istio or Linkerd service mesh can integrate with a Distributed Cloud Services ingress/egress gateway.

Automação, alerta e integração SIEM

O provedor Terraform nativo da F5, a ferramenta vesctl CLI e as APIs públicas atendem às necessidades de automação das equipes de aplicativos. O suporte para ferramentas como Opsgenie ou Slack para alertas, e Splunk ou Datadog para SIEM, simplifica a vida das equipes de DevOps e SecOps.