Bolstering API Security and Bot Attack Protection with NSFOCUS Next-Generation WAF

Bolstering API Security and Bot Attack Protection with NSFOCUS Next-Generation WAF

novembro 6, 2023 | NSFOCUS

NSFOCUS’s Next-Generation WAF addresses various threats faced by users, such as web vulnerability exploitation, resource abuse, and resource access control. It provides a comprehensive solution that includes traditional WAF functionality, bot traffic management, API security, and DDoS protection, all integrated into one coherent system. The upgraded system architecture ensures the security of web applications, business operations, data, and end-to-end protection for enterprise users.
This post will focus on the API Security and Bot Attack Protection functionalities.

I. API Security

As businesses undergo digital transformation and web technologies continue to evolve, more companies are using APIs to support their operations. The information, services, data, and applications provided by enterprises are not confined to their closed systems but are delivered to partners and end customers by using APIs.

With a growing number of business APIs being exposed and the popularity of automation tools, the risks of API abuse, legacy APIs, shadow APIs, and API vulnerability exploitation have increased significantly.

NSFOCUS’s Next-Generation WAF can automatically identify and manage API assets by analyzing web baseline traffic, detect legacy APIs, and ensure the proper use of APIs through OAS compliance checks. This minimizes the risk of customer losses caused by injection attacks or overflow attacks. NSFOCUS WAF also allows for the configuration of site protection policies to effectively defend against various known and unknown threats arising from API asset vulnerabilities.

API Security

Specific features include:

  • Automatic API Asset Identification: NSFOCUS’s Next-Generation WAF can automatically identify and manage API assets, reducing the operational burden on customers and minimizing the risk of malicious calls to interfaces by unauthorized organizations. It also supports API self-learning, automatically discovering and identifying API assets from web traffic, and enables customization of interface types for business calls using URL, headers, cookies, and parameter names. Additionally, the system supports manual import, export, and management of API asset lists.
  • API Compliance Check: NSFOCUS’s Next-Generation WAF supports API compliance checks by combining automatically generated API baselines with imported OAS files. It can analyze attack traffic in multiple protocols, filter attack traffic, and analyze malicious attack behavior to ensure normal access by legitimate users. The system complies with API compliance checks based on the OAS 3.0 specification, verifying the compliance of APIs, the number of API parameters, and the types of API parameters to ensure legitimate API access. It also supports detection of behaviors such as logging into the system during non-working hours and frequent access against normal business rules.
  • API Security Control: NSFOCUS’s Next-Generation WAF supports automatic discovery of shadow APIs based on asset accounts and allows the addition of APIs to HTTP access control through copying. The system offers various API security controls, including preventing API abuse, unauthorized use, sensitive data leakage, rate limiting, API protocol violations, security configuration errors, injection attacks, and improper asset management. It also supports custom API policies and API compliance checks.

II. Dynamic Bot Attack Protection

The proliferation of automatic bot tools has become a prevalent phenomenon in the digital landscape. These sophisticated tools are designed to automate various online activities, from data scraping to content generation, and they are widely used for both legitimate and malicious purposes. While legitimate uses may include tasks like web crawling for search engine optimization or automated testing, the ubiquity of bot tools has also given rise to significant risks for enterprises. Malicious actors employ bots for activities such as account takeover attacks, credential stuffing, and scraping sensitive information. Such actions can lead to data breaches, financial losses, and reputational damage. Additionally, the high volume of bot-generated traffic can strain network resources, leading to decreased website performance and potential downtime.

NSFOCUS’s Next-Generation WAF identifies browser environments by delivering Java Scripts to client-side devices, recognizing bot traffic, and taking actions against bad bot traffic. It supports dynamic modifications of HTML elements on web pages to prevent potential web scraping. The system also encrypts submitted data to prevent man-in-the-middle attacks and data leakage, reducing the risk of information exposure and vulnerability exploitation.

Human-Machine Identification, Multiple Methods Handling

Key features of the dynamic bot protection include:

  • Human-Machine Recognition: Distinguishing between requests originating from bots and human users to mitigate the impact of bots on customer businesses.
  • Token Authentication: Validating the legitimacy of tokens to prevent man-in-the-middle attacks.
  • Script Configuration: Configuring specific JavaScript scripts for execution on client-side devices.
  • Data Submission Obfuscation: Encrypting submitted data to prevent man-in-the-middle attacks, data leakage, and data tampering.
  • Element Obfuscation: Dynamically altering HTML page tags to hide entry points and prevent automated tools from parsing key tags on web pages.
  • Whitelist Configuration: Matching requests on the whitelist for direct acceptance and continuing to match the next protection policy. Whitelists are only effective within the current policy.

Dynamic bot traffic protection is based on customer business scenarios, aiming at the continuous emergence of automated attacks on the business side, such as web crawlers, taking advantage of discounts and loopholes to gain personal benefits, vulnerability scans, and more. It precisely accomplishes the recognition and blocking of bad bot traffic, significantly decreasing the risks of website vulnerability exposure and business interruptions, and enhancing business-side operational efficiency.

NSFOCUS’s Next-Generation WAF offers a comprehensive solution for customers to effectively counter evolving threats in the digital age. By safeguarding API assets, ensuring compliance, and addressing automated bot risks, NSFOCUS’s solution helps our customers enhance the overall security posture and keep a robust and resilient online presence.

For more information about NSFOCUS Next-Generation WAF, contact us today!