Notice
Requires the Cortex Cloud Runtime Security add-on.
Cortex Web and API Security (WAAS) capabilities offer comprehensive protection of APIs across integrated API gateways and web-based applications and APIs running on Linux-based workloads.
Use cases
API Visibility: APIs are discovered through traffic mirroring and API Gateway logs. Cortex scans and collects metadata including domains, paths, HTTP methods, authentication types, protocol schemas (HTTP/HTTPS), and request/response content types. The source of discovery comes from analyzing these key elements.
Posture Management and Risk Insights: WAAS assesses discovered APIs for internet exposure, sensitive data transmissions, weak authentication, lack of encryption, and specification drift. This evaluation provides critical posture management and risk insights to ensure the security of the APIs.
Threat Detection: WAAS identifies API-specific threats, including SQL injection (SQLi), Cross-site scripting (XSS), CVE exploit attempts, authentication bypass, sensitive data leakage, bot and scanner activity, and traffic anomalies. This detection capability enhances threat identification and response measures for safeguarding APIs. Refer to Monitor and investigate API threats for more information on the threats.
Deployment options
WAAS is available through the following deployment options:
Agentless integration through API gateways (AWS API Gateway, Azure APIM, GCP Apigee, Kong):
Cortex XDR offers agentless in-depth scans, thorough analysis, and timely alerts to detect and mitigate security risks and potential vulnerabilities effectively. It enhances the security of your APIs in Apigee, Azure, and AWS by integrating with Cortex API Security for complete protection against threats.
Refer to API Security for more information about scanning your API sources of data and addressing issues, cases, and findings.
Agent-based protection (Beta), through lightweight agents on workloads:
Web and API Security profiles provide comprehensive real-time detection and protection for web-based applications and APIs running on Linux-based workloads. These profiles can be applied to policies for such workloads. These agent-based capabilities are offered as a Beta feature.
Refer to Agent-based protection for more information about setting up profiles and policies.
User roles and permissions
Cortex API security includes three main roles that are responsible for ensuring the security of the API landscape in the organization.
Granting access and configuration permissions for API security capabilities in the Cortex tenant, you must verify that the user has the correct settings in the linked role.
SOC analyst: The Security Operations Center (SOC) team is responsible for live threat detection, investigation, and response. They continuously monitor, prioritize, and analyze security incidents, investigating the scope and context of attacks to determine if they are legitimate threats and deciding on appropriate actions such as prevention, remediation, or classifying them as normal activity.
Security practitioner: A security team's role involves understanding the environment, its assets, and its security posture to assess and monitor risks. They define and enforce security policies, collect items requiring fixes, and collaborate with development and operations teams to remediate vulnerabilities and track outstanding risks, ensuring timely resolution.
Workload owner: Application owners are responsible for building and modifying their applications, and they need to understand what is required to align their assets and API endpoints with established security standards. Their goal is to apply necessary fixes to achieve a consistent and secure posture.