• LDAP Authentication: Easily authenticate users with LDAP.
• User Management: Manage user roles and permissions directly through LDAP for use in Wallarm Console.

With this update, you also get the ability to search for events related to specific types of bots in the attack list. You can find more details in our documentation.

An update to our filtering node is live. Node 4.10.7 is designed to support new features, and to address number of performance updates. 

This version of the Wallarm node includes updates for several NGINX versions. Full details are included in our updated documentation. 

Other key changes are:

• API Specification Enforcement no longer requires manual NGINX configuration
• Optimized OpenAPI data type detection by the API Discovery module

We have also updated documentation for our all-in-one installer including detailed information about migration from from DEB/RPM packages to AiO.

Today we'd like to announce a new version of our filtering node. Node 4.10.6 is designed to support new features, but also includes a number of performance updates. 

The key features include:

• Enhanced OpenAPI data type detection by the API Discovery module
• Improved memory utilisation in long-lived gRPC connections
• Added support for NGINX v1.26.0
• Fixed compatibility issues with the Kong Gateway
• Return proper non-zero exit codes during installation errors, addressing previous issues
• Ability to test regular expressions intended for user-defined attack detectors

Full details are included in our updated documentation. 

We are excited to announce the release of the latest update to Wallarm Node, version 4.10.4, which is now available for installation.

This update includes several performance improvements that enhance your overall experience with our software.
Key updates in this version include:

• Added support for API Specification Enforcement (Coming Soon!)
• Added support for GraphQL API Protection (Coming Soon!)
• Added support for NGINX v1.25.4

Previous updates 4.10.3 and 4.10.2 introduced:

• Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, and reducing overall node memory usage.

• Fixed vulnerabilities:

  • CVE-2021-43809
  • CVE-2023-48795

We have also upgraded 4.8.9 performance for Nginx Ingress reducing CPU resources consumption by half.

These changes reflect our ongoing commitment to quality and customer satisfaction.

For detailed information and instructions, please refer to our documentation.

We’ve updated Wallarm’s user management function with the ability to invite a new user via an invitation link. This new capability allows administrators to produce an invitation link that can be shared with unregistered users so they can sign up for their specific client. 

If provided, the link will populate the user’s email address automatically, and create a user within the client once the new user has submitted their name and password. Additionally, the link can be set with an expiration time and specific user role as well. The invite by link functionality is also available via the Wallarm API for automation use cases. 

We are excited to introduce our latest new feature: NIST CSF 2.0 Dashboards for the Wallarm platform. These dashboards offer a high-level overview of Wallarm security controls that comply with the NIST CSF version 2.0, empowering teams to effectively assess the security level of their APIs. Utilizing the NIST Cybersecurity Framework, our product now delivers comprehensive insights into your security posture, aligning with industry standards and best practices. This feature is designed to guide you through identifying, protecting, detecting, and responding to cybersecurity threats, ensuring a resilient infrastructure. Leverage this new dashboard to assess and improve your API and application security controls.

You can find more detailed information about this feature in our documentation.

Following a successful release of our 4.10 node including several version upgrades and a real-time credential stuffing detection, we are now excited to announce the first update.

This update addresses a number of minor vulnerability findings related to our Docker image and provides support for future feature releases. In this node update, the following vulnerability findings were addressed: CVE-2020-36327, CVE-2023-37920, CVE-2021-41816, CVE-2021-33621, CVE-2021-41819, CVE-2021-41817, CVE-2020-14343, CVE-2021-31799, CVE-2021-28965, CVE-2023-28755, CVE-2020-25613

For detailed information and instructions, please refer to our documentation.

In the ever-evolving landscape of cybersecurity, we're thrilled to announce an addition to the Wallarm arsenal: Credential Stuffing detection. Criminals are deploying automated bots using stolen credentials that aim to exploit overlapping logins across services. Users' tendency to reuse passwords makes businesses susceptible to this type of unauthorized access, fraud, and trust erosion. As digital footprints expand, defending against Credential Stuffing is now a business imperative.

Wallarm offers multiple means to detect credential stuffing, including detection of brute force attempts and behavioral detection with API Abuse Prevention. The new credential stuffing detection feature gives security analysts even more control. Every instance of a known-compromised credential in use can now be spotted. Users can: 

• Configure specific authentication endpoints for credential stuffing monitoring.
• Leverage recommendations from API Discovery to automatically identify endpoints used for authentication. 
• Configure triggers and notifications for credential stuffing events.

Wallarm, supported by a massive database of over 850 million compromised passwords, helps organizations quickly identify when user accounts have been compromised. This new feature expands Wallarm’s ability to protect against credential stuffing.

As businesses expand their online footprint, encompassing both WebApps and APIs, the need for a robust defense against Credential Stuffing has never been more crucial. Wallarm doesn't just meet this need; it exceeds expectations. 

Credential Stuffing detection is available with the Advanced API Security subscription and in brand new Wallarm node 4.10. You can find more detailed information about this feature in our documentation.

We're thrilled to unveil a new feature in our API Security platform, the ability to receive notifications about detected Shadow, Zombie, and Orphan APIs. 

These Rogue APIs pose a significant risk to your organization. They could be Shadows hiding in plain sight, Zombies consuming resources, or Orphans left unattended. Rogue APIs can expose sensitive data, hog bandwidth, and leave your application vulnerable.

 Starting now, you can receive notifications about the newly detected Rogue APIs directly in your SIEM, SOAR, Log management system, or even your favorite messaging app. In each notification you can find all the necessary information, like the API host where the threat was spotted, the API specification used, and more.

Stay one step ahead of potential threats with our Rogue API Notifications feature! Your APIs deserve the best defense, and we're here to deliver.

You can find more information about this functionality in our documentation.