We are proud to introduce a unique security feature tailored for the API economy—API Sessions. This a game-changing addition that gives you unmatched visibility into attacks, anomalies, and user behavior across your APIs, providing transparency into how users interact with your APIs and applications.

In the complex world of APIs, attackers often exploit vulnerable endpoints by blending their actions with legitimate user behavior. Without the full context of how those sessions unfold, identifying patterns or threats becomes a time-consuming process involving multiple tools and systems. Organizations simply don't have visibility at the API level at all. 

With API Sessions, security teams now have the ability to see all relevant activity grouped by user session, offering unparalleled visibility into attack sequences, user anomalies, and normal behaviors. Investigations that once took hours or days can now be conducted directly from the Wallarm Console in just minutes.

Key Features:

• Visibility into attacks, anomalies, and user behavior: View and analyze every request made in a session to track attack vectors and suspicious patterns.
• Support for both legacy and modern sessions: Whether your applications rely on cookie-based sessions or JWT/OAuth, Wallarm API Sessions ensures full compatibility and visibility.
• Seamlessly navigate between individual attacks and their sessions. 

With API Sessions, security teams can now easily:

• Investigate the full activity of threat actors to understand potential attack paths and compromised resources.
• Identify how shadow or zombie APIs are being accessed, mitigating risks from undocumented or outdated APIs.
• Share key insights with colleagues to foster collaboration during security investigations.

Stay ahead of emerging threats by leveraging Wallarm’s API Sessions to give your team the tools they need for faster, more efficient incident response. 

We’re excited to introduce the Native Node, a new deployment option for the Wallarm Node that operates independently of NGINX. This solution was developed for environments where NGINX is not required or where a platform-agnostic approach is preferred. 

The Native Node allows both request and response analysis with Wallarm connectors. It is currently designed for connectors and supports deployment with MuleSoft, Cloudflare, and CloudFront. 

In addition, the Native Node now supports new connectors, allowing you to secure APIs running through Kong API Gateway and Envoy, expanding its use for modern API management solutions.

To provide flexibility across various self-hosted environments, we have released several deployment artifacts for the Native Node:

• All-in-one installer for Linux-based machines
• Docker image for containerized environments
• Helm chart for Kubernetes deployments

If you are wondering if Native Node is right for your deployment, please contact support or read the documentation. 

Security at your API Edge

We are excited to announce the launch of our new Security Edge service! This powerful solution enables customers to easily deploy filtering nodes in geographically distributed locations, providing turnkey protection for your API landscape. 

Key Benefits:

• Hosted, Managed, Simplified

Infrastructure, deployment, and monitoring are all handled by Wallarm, reducing the resources required from the customer. Wallarm ensures that nodes are kept up to date and functional, removing maintenance requirements from customers.

• Low Latency, Lower Cost

Adding additional hops to API traffic increases latency, which in turn impacts ROI for applications. Unlike other API Security solutions, such as CDNs, Security Edge nodes can be geographically distributed at the API edge to deliver security capabilities with minimal latency. 

• Operational Visibility

Managed solutions typically trade ease-of-use for operational visibility, providing a turnkey solution, but limiting the customer’s ability to understand the operational profile of each service. With Security Edge, customers have full access to logs, events, real-time traffic metrics, eliminating the trade-off. 

Stay ahead of potential threats and ensure your APIs are secure with our new Security Edge service. 

We are excited to announce the launch of our new sensitive data detection features for the API Discovery module. This powerful new enhancement helps users identify when sensitive data, such as login credentials, financial information, personal data, and technical data, are being exposed in your APIs. Our advanced detection technology allows for easy customization with context words, making it simpler and more effective than ever to protect your sensitive information.

Key Benefits:

• Enhanced Security: Automatically detects and alerts users to exposures of sensitive data with 40+ out of the box detections, reducing the risk of data breaches.
• Regulatory Compliance: Helps ensure compliance with data protection regulations such as HIPAA, PCI, and GDPR.
• User-Friendly Customization: Easily create custom detections using context words, without the need for complex regular expressions.
• Operational Efficiency: Reduces manual monitoring efforts, freeing up resources for other critical tasks.
• Real-Time Monitoring: Continuous monitoring of API requests and responses for immediate detection and response.

Stay ahead of potential threats and ensure your data is secure with our new sensitive data detection enhancements.

We are excited to announce a new update to Wallarm’s latest innovation in API security— API Attack Surface Management. AASM is designed to help organizations effortlessly discover and protect their external API attack surface, identify missing WAF/WAAP solutions and mitigate API Leaks. AASM is an agentless solution, so no installation is required. You can get results in under 5 minutes. You can request access to the product at sales@wallarm.com, or if you have any questions, please contact support@wallarm.com. 

Recent update:

In this update, we’ve released an API Details View (simply click on a hostname). This view allows you to see far more detail than before:

• API Specific Details: You can view specific details about APIs, such as API type, protocol, encryption, API gateways, security vendors, and more.
• API Gateway Detection: AASM now detects up to 15 API gateways, including Apigee, Mulesoft, Kong, WSO2, and more.
• WAF/WAAP Score Report: You can download the WAAP Score Evaluation report, which provides specific details about the types of attacks your WAF/WAAP can detect and its false-positive rates.
• Detection of WAAP solutions for each open port: It helps identify WAAP coverage gaps. For example, when the main port 443/TCP is protected with WAAP, but some additional ports, such as 8080/TCP, are not.
• AASM detects service fingerprinting: identifying software/version for each open port. Currency, it works only for ports, not for APIs. We plan to implement more functionality on API fingerprinting in the future.

We are pleased to announce exciting improvements to our Terraform provider. You can now seamlessly manage all triggers and Credential Stuffing detection rules directly within Terraform. This improvement simplifies and streamlines the management of Wallarm solution, giving you greater control and efficiency in securing your infrastructure.

You can find more information in the Terraform registry and in our documentation.

We are excited to announce the release of Wallarm Node 5.0! This major update represents a significant shift in our technology stack, bringing enhanced performance and scalability to your Wallarm deployment.

Key Highlights:

• New Technology Stack: The Wallarm node has been re-engineered from a Ruby-based implementation to Go, resulting in a faster, more scalable, and resource-efficient solution.
• Performance Improvements: The Wallarm Postanalytics module’s performance has been improved:
  • CPU Usage: Reduced from 0.5 CPU cores to just 0.1 CPU cores.
  • Memory Usage: Lowered by 400 MB at a traffic rate of 500 requests per second.

File System Updates:

• Consolidated Logging: Logs from almost all services are now recorded in a single file, wcli-out.log, simplifying log management.
• Updated Diagnostic Script Path: The diagnostic script has been moved to /opt/wallarm/collect-info.sh from its previous location.

Important Notes:

• This release focuses on technical refactoring and does not introduce any changes in functionality. All features supported in the previous version (4.10) are retained in 5.0.

For a detailed overview of all changes and update instructions, please refer to our updated documentation.

• LDAP Authentication: Easily authenticate users with LDAP.
• User Management: Manage user roles and permissions directly through LDAP for use in Wallarm Console.

With this update, you also get the ability to search for events related to specific types of bots in the attack list. You can find more details in our documentation.

A recent supply chain attack has compromised over 100,000 websites through the popular Polyfill JavaScript library. The library is widely used to ensure compatibility with modern JavaScript features in older browsers. Different web applications and Content Management Systems (e.g. Magento), include code that introduces static script imports of JavaScript code sourced from cdn.polyfill.io.

Earlier this year, a Chinese company acquired the Polyfill domain. The attackers used the control of the domain to distribute malicious JavaScript code instead of legitimate libraries. This allows performing arbitrary malicious activity in the context of the victim's browser: redirecting users to phishing sites, stealing sensitive information, or even further propagating malware.

The attack is similar to stored Cross-Site Scripting (XSS) and does not require any actions from the victim other than visiting a web page. Successful attacks have already been recorded on other websites.

The Wallarm platform detects the compromised applications and the corresponding web pages with static imports of JavaScript code from the *polyfill.io domain and other malicious domains involved in this campaign: (kuurza[.]com, googie-anaiytics[.]com, bootcss[.]com, macoms[.]lanewcrbpc[.]com, polyfill[.]io, bootcdn[.]net, staticfile[.]net, unionadjs[.]com, xhsbpza[.]com).

Check the vulnerabilities page in the Wallarm console for the vulnerability “Malicious JavaScript injection via supply chain attack (polyfill.io)” as demonstrated on the figure below. If the vulnerability was found:

1. Consider removing the Polyfill library entirely from the application’s dependencies.

2. Ensure that there are no references to malicious domains in the source code: (kuurza[.]com, googie-anaiytics[.]com, bootcss[.]com, macoms[.]lanewcrbpc[.]com, polyfill[.]io, bootcdn[.]net, staticfile[.]net, unionadjs[.]com, xhsbpza[.]com).

3. If Polyfill functionality is needed, consider using trustworthy alternatives.

4. Investigate potential incidents of attacks on your application users.

If the vulnerability was not found, we still recommend analyzing the source code of all projects, especially those not protected with the Wallarm platform.