Wallarm API Security Wallarm updates logo

Wallarm updates

Discover the latest features, improvements, and updates in Wallarm API Security

Subscribe to Updates

Labels

  • All Posts
  • API Security
  • WAAP
  • ANNOUNCEMENT
  • IMPROVEMENT
  • FIX
  • FAST

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • August 2021
  • April 2021
  • March 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • October 2019
  • August 2019
  • April 2019
IMPROVEMENT
a year ago

Search malicious requests by specific nodes and custom rules


We are happy to announce the addition of new filters for event search queries in Wallarm. Now you can easily search for malicious requests that have been detected based on specific criteria:

  • Search by Wallarm node UUID: You can search for malicious requests detected by a particular Wallarm node using the ‘node_uuid:’ prefix followed by the UUID of the desired node. Using this filter is valuable when you need to validate the protection status for every node within a cluster. You can include multiple ‘node_uuid:’ prefixes in your search query. For example:

attacks incidents today node_uuid: 13c431b2-3d2a-12cf-9909-408418077431 node_uuid: 1244b531-734a-1822-ac84-b28ccdac1b56

  • Search by Regex-based attack indicator rule: You can search for malicious requests detected using a Regex-based attack indicator rule by using the ‘custom_rule’ parameter. The event details will contain a link to the triggered rule. With this parameter, you can easily find malicious requests detected by your rules and verify their correctness. Additionally, you can also exclude similar malicious requests from the search results using an exclamation point (the  ‘!’ symbol). For example:

attacks incidents today !custom_rule

For more information on search query formats, please refer to the Wallarm documentation.

Avatar of authorWallarm team
IMPROVEMENT
a year ago

Enhance Your API Security Posture with endpoint request statistics

We are excited to announce a new feature in the API Discovery module that will help you better monitor your endpoints. With this update, you gain deeper insights into your endpoints' usage, including: 

  • the number of requests made over the last 7 days;
  • the number of requests made in the last 24 hours; 
  • the average number of requests per second (RPS) in the last 24 hours.

Gaining visibility into Shadow API activity and risky endpoints is crucial for security investigations. Our new endpoint request statistics feature provides the necessary visibility to investigate such endpoints activity and ensure the security of your API infrastructure.

You can find more detailed information about endpoint request statistics in our documentation.

Avatar of authorWallarm team
ANNOUNCEMENT
a year ago

Integration with MuleSoft Anypoint Platform

We are pleased to announce Wallarm End-to-End API Security integration with the MuleSoft Anypoint Platform, a powerful integration solution that enables businesses to connect their data, devices, and applications seamlessly. The Anypoint Platform delivers an application network, bridging on-premise and cloud deployments through API-led connectivity.

To facilitate this integration, Wallarm utilizes a policy specifically tailored for the MuleSoft Anypoint Platform. Now you can easily map your Wallarm policies to any API registered on the Anypoint Platform, seamlessly delivering API traffic to Wallarm nodes and protecting all your API endpoints from API attacks and abuse.

Find more information on how to leverage this integration in Wallarm documentation.

Avatar of authorWallarm team
API SecurityANNOUNCEMENT
a year ago

Protect your APIs against automated threats

Wallarm API Abuse Prevention addresses one of the most critical API threats: malicious bots. Wallarm can now accurately identify and mitigate API bot activity, protecting your system from API abuse, account takeover, credential stuffing, price scraping, and more, while preserving the best possible user experience for your legitimate API users. API Abuse Prevention can save businesses from potential lost revenue, protect customer information, and prevent reputational damage.

Wallarm employs AI-driven anomaly detection algorithms to identify unusual patterns in API requests, user sessions, or data access. These algorithms learn from normal user behavior and can flag potential API abuse in real-time, allowing organizations to take proactive measures to mitigate threats.

Some of the advantages of our approach include: 

  • It Provides Detection and Protection. You can guard against the blind spot in your API defenses by recognizing and differentiating between legitimate vs. malicious automated behaviors and blocking those likely to cause harm based on your unique scenarios.
  • It’s Integrated. Our API Abuse Prevention capability is delivered as part of the Wallarm End-to-End API Security solution, providing you with a single platform to protect your entire API estate so you do not have to add another tool / workflow into your process.
  • It’s Customizable. You can assemble detectors and thresholds to customize protections appropriate for your API estate.

If you're interested in learning more about Wallarm's API Abuse Prevention and how it can protect your business, please visit our website or contact our sales team for more information.

Avatar of authorWallarm team
ANNOUNCEMENT
a year ago

All-in-One Installer Simplify Deployment

We are excited to introduce our new All-in-One installer, designed to streamline and standardize the process of installing Wallarm as a dynamic module for NGINX in various environments.

The All-in-One installer autonomously identifies your operating system and NGINX versioning and installs all the requisite dependencies, saving you valuable time and minimizing the chance for error.

To ensure the smooth functioning of the Wallarm Node, the installer places all required components into a self-contained environment, eliminating any risk of dependency conflicts and paving the way for effortless future updates.

The All-in-One installer supports the following installation environments:

  • Debian 10, 11 and 12.x;
  • Ubuntu LTS 18.04, 20.04, 22.04;
  • CentOS 7, 8, 9 Stream;
  • Alma/Rocky Linux 9, Oracle Linux 8.x, Redos, SuSe Linux; 
  • and other popular Linux distros.

Furthermore, the All-in-One installer allows you to try out the beta version of the Wallarm Node for the ARM64 architecture.

We’re confident this enhancement will provide you a more seamless installation experience, and we look forward to hearing your feedback. 

A description of the new installation option can be found in our documentation.

Avatar of authorWallarm team
API Security
a year ago

Private APIs at Risk: Q1-2023 API ThreatStats™ Report

According to Gartner's March 2022 API survey, a staggering 98% of organizations currently use or plan to use internal APIs, up from 88% in 2019. Additionally, 90% of organizations utilize or have plans to utilize private APIs provided by partners, up from 68% in 2019.

Focusing solely on protecting your public-facing APIs leaves a significant blind spot in your API security posture. Our latest findings, detailed in the Q1-2023 API ThreatStats™ report infographic, confirm this fact.

In our analysis of publicly released API vulnerabilities during Q1-2023, we observe an increase in the number of vulnerabilities, with severity levels consistently in the High range. However, as past reports have revealed, it's what lies beneath the surface that can have a substantial impact.

For detailed insights, we encourage you to explore the complete report on the Wallarm blog. 

Avatar of authorWallarm team
IMPROVEMENT
a year ago

Introducing native integration between Wallarm API Security and AWS S3

We are excited to announce the integration of Wallarm End-to-End API Security with Amazon Web Services (AWS) S3. We understand that investigating incidents can be a complex and time-consuming process. With this new integration, Wallarm can now export detected malicious requests to AWS S3 for in-depth analysis and security incident investigation. 

This integration enables security analysts to:

  • Receive detected malicious requests from Wallarm to AWS S3
  • Conduct detailed analysis and investigations of security incidents
  • Correlate data from different sources to gain a comprehensive view of security events

By integrating Wallarm API Security with AWS S3, we are making it easier for security teams to detect and respond to security incidents quickly and effectively.

You can find more detailed information on this capability in our documentation.

Avatar of authorWallarm team
API SecurityANNOUNCEMENT
a year ago

Bring your Shadow APIs to light

Shadow APIs are undocumented or unmonitored public APIs that pose a significant security risk to an organization. These may include third-party APIs and services that the company uses but does not track, or in-house developed tools for internal or customer use. The new Wallarm API specification comparison feature allows security and operations teams to discover Shadow APIs.

Shadow APIs put businesses at risk, as attackers can exploit them to gain access to critical systems, steal valuable data, or disrupt operations, further compounded by the fact that APIs often act as gatekeepers to critical data and that a range of OWASP API vulnerabilities can be exploited to bypass API security. Recent reports highlight that the majority of businesses have Shadow APIs that are vulnerable to attacks, and cybercriminals are increasingly targeting these weaknesses.

With Wallarm's solution, SecOps and Security Analyst teams can now identify Shadow APIs, including external, internal, and 3rd party developed APIs. The solution gives security teams the ability to compare and validate their API specifications with the ones automatically built by Wallarm API Discovery. In this way, the SecOps and Security Analysts can detect any discrepancies that may indicate the presence of Shadow APIs, allowing them to quickly take action to mitigate potential security risks.

Don't wait until it's too late - start using Wallarm's new Shadow API detection feature today and safeguard your API infrastructure from potential attacks!

Avatar of authorWallarm team
IMPROVEMENT
2 years ago

Simplify Vulnerability Management with Wallarm's Jira integration

Wallarm, a leading provider of application security solutions, offers new integration with Jira, a popular issue and project tracking tool. With this integration, Wallarm will automatically create issues in these service for any vulnerabilities that it detects, making tracking and managing security issues easier.

By integrating Wallarm with Jira, SecOps teams can streamline their security operations and make it easier to identify and resolve vulnerabilities quickly. The automatic creation of events means that security teams no longer need to manually transfer information between services, saving time and reducing the risk of errors. This integration helps SecOps stay on top of their security posture and take action to address vulnerabilities before they can be exploited.

Wallarm is dedicated to helping customers secure their applications and data by providing tools such as the integration with Jira. Wallarm is making it easier for you to leverage the power of issue tracking tools to manage security operations, ensuring that vulnerabilities are identified and resolved quickly and efficiently.

You can find more detailed information about this integration in our documentation.

Avatar of authorWallarm team
IMPROVEMENT
2 years ago

Protect Your APIs from OWASP API Security Top-10 2019 & 2023

Wallarm End-to-End API Security solution provides comprehensive protection against the OWASP API Security Top-10 threats. With the new OWASP API Security Top-10 dashboards provide you with complete visibility into the security state of your APIs, easy identification of your most critical security risks, and immediate ability to apply protective measures. 

The OWASP API Security Top-10 list of most commonly seen API threats helps to assess your API infrastructure and prioritize security risks. Additionally, it contains a set of recommendations for mitigating the identified risks. The main problem for defenders is that even with this list, it's incredibly hard to build an API security program, conduct ongoing assessments of different threats, and have adequate security controls and tooling in place. Therefore, defenders must determine which risks are the most critical for their situation and what measures are needed to mitigate those risks. 

Implementing a robust API Security program becomes much easier with the new OWASP API Security Top-10 dashboards from Wallarm. The automated security report enables you to pinpoint the most critical risks in your APIs, thoroughly analyze all associated events, and effortlessly apply appropriate security controls to mitigate them. By combining the strengths of complete visibility with real-time threat prevention, this feature reduces the risk of emerging threats, your workload, and your security costs. 

The new dashboards support both the current version of the OWASP API Security Top-10 2019 as well as the upcoming OWASP API Security 2023 (RC) release, anticipated to be launched later this year. For more detailed information on protection against the OWASP API Security Top-10 threats, please refer to our documentation.

Avatar of authorWallarm team