API and Microservice Protection from Signal Sciences
Businesses that use APIs and microservices to exchange data with authorized customers and partners rely on Signal Sciences to stop unauthorized API access and abuse without false positives, breaking applications, or frustrating users or business partners.
Signal Sciences Protects the APIs that Power Your Web and Mobile Apps
“As an incredibly high volume payments processor with an API centric architecture we didn’t think we’d be able to find a WAF solution that would be both flexible enough technically to get installed seamlessly AND be able to autoscale with our bursts of traffic. Signal Sciences was able to offer both and more. We’ve been using them for a few years now and both security and engineering teams have been very happy with their product and service!”
– Head of Analytics, Enterprise Finance Company
API Attack Vectors and Security Challenges
Signal Sciences is the market leader in protecting APIs and is used by the world’s largest API driven companies and services. Customers use us to protect the full spectrum of their API security, including common threat vectors such as:
Brute forcing sensitive IDs or tokens in APIs that are not searchable or public leads to discovery and exposure of sensitive customer data, unpublished media, payment information, PII, and other confidential data.
Targeting sensitive APIs such as gift card and credit card validation and attempting to validate stolen credit cards, perform ecommerce gift card fraud, or obtain patient healthcare records.
Rate Limiting and
Attempting to abuse sign up systems, gift promotions, email and message sending functionality, and other sensitive actions.
Account Takeover / Credential Stuffing
Attackers use known lists of compromised credentials from common password lists and breach data dumps to try to gain access to customer accounts through authentication endpoints.
Malicious Traffic Sources / Disallowed geographies
Attempting to abuse APIs from known malicious sources (Tor, data centers, etc) or from disallowed countries / geographies.
Trusted by the World’s Top Companies
Built To Work With Your Architecture
Signal Sciences is a hybrid software as a service (SaaS) solution with two main components: Server-side software that deploys in your infrastructure within minutes and our powerful cloud-hosted analytics backend.
API Gateway Integrations
Signal Sciences API Security works seamlessly with industry-leading API Gateway solutions. Depending on the API gateway your organization uses, you can easily install Signal Sciences as an agent or module. Learn more about our integrations.
API Protection Case Studies
Securing API And Microservices For International Wiretransfers
OFX is an international financial transfer platform based in Sydney, Australia, that processes over $22 billion in wire transfers annually through its web application.
OFX required an application security solution that’s easy to install and use while effectively blocking malicious traffic automatically without causing production incidents. OFX needed to ensure their microservices weren’t implicitly trusting others and sought a product that would provide visibility into authentication requests.
The OFX security team deployed Signal Sciences easily without taxing the engineering team while gaining deep application visibility. After installing the software in minutes, the security team used Signal Sciences to uncover application errors that they weren’t expecting.
Preventing Attacks Against Business Critical APIs
Leveraging artificial intelligence and the deepest banking domain expertise in the industry, Finn AI builds simple, easy-to-use conversational banking platforms for financial institutions so their customers can easily manage their money and improve their financial literacy.
Finn AI needed visibility into API discovery attempts by malicious threat actors, as well as the ability to stop unusual activity against those same APIs that enable customers to use their natural language processing technology.
Finn AI acts as middleware, working between the commercial frontends and SDKs of a bank’s apps, including mobile apps. With Node.js as the core of their middleware, Finn AI selected Signal Sciences to run alongside it for effective inspection of API requests.
Defending Applications and APIs Without Fasle Positives
Remitly enables immigrant communities to send and receive money across borders through its mobile application.
Remitly needed a technology that could satisfy PCI requirements and protect customers’ valuable and sensitive transactions through its mobile application.
With Signal Sciences in place, the security team at Remitly is able to instrument and defend their web applications and APIs with a solution that doesn’t create false positives or block their customers’ traffic.