API and Microservice Protection from Signal Sciences

Protect
999 %
of customers in full blocking mode IN PRODUCTION
Smile
999 /5
OF CUSTOMERS WHO TRY US, BUY US
Protected App
999 K+
APPLICATIONS PROTECTED (PER MONTH)
Hybrid Cloud
999 +
HYBRID AND MULTI-CLOUD PLATFORMS SUPPORTED

Businesses that use APIs and microservices to exchange data with authorized customers and partners rely on Signal Sciences to stop unauthorized API access and abuse without false positives, breaking applications, or frustrating users or business partners.

Signal Sciences Protects the APIs that Power Your Web and Mobile Apps

“As an incredibly high volume payments processor with an API centric architecture we didn’t think we’d be able to find a WAF solution that would be both flexible enough technically to get installed seamlessly AND be able to autoscale with our bursts of traffic. Signal Sciences was able to offer both and more. We’ve been using them for a few years now and both security and engineering teams have been very happy with their product and service!”

– Head of Analytics, Enterprise Finance Company

API Attack Vectors and Security Challenges

Signal Sciences is the market leader in protecting APIs and is used by the world’s largest API driven companies and services. Customers use us to protect the full spectrum of their API security, including common threat vectors such as:

API
Brute Forcing

Brute forcing sensitive IDs or tokens in APIs that are not searchable or public leads to discovery and exposure of sensitive customer data, unpublished media, payment information, PII, and other confidential data.

Unauthorized
API Access

Targeting sensitive APIs such as gift card and credit card validation and attempting to validate stolen credit cards, perform ecommerce gift card fraud, or obtain patient healthcare records.

Rate Limiting and
API Abuse

Attempting to abuse sign up systems, gift promotions, email and message sending functionality, and other sensitive actions.

Account Takeover / Credential Stuffing

Attackers use known lists of compromised credentials from common password lists and breach data dumps to try to gain access to customer accounts through authentication endpoints.

Malicious Traffic Sources / Disallowed geographies

Attempting to abuse APIs from known malicious sources (Tor, data centers, etc) or from disallowed countries / geographies.

Trusted by the World’s Top Companies

Datadog logo
Asurion
Betterment
Under Armour logo
WeWork logo
ActBlue

Built To Work With Your Architecture

protect apps at scale

Signal Sciences is a hybrid software as a service (SaaS) solution with two main components: Server-side software that deploys in your infrastructure within minutes and our powerful cloud-hosted analytics backend.

Architecture Overview

Architecture Overview

Our hybrid SaaS architecture couples fast local decisions for optimal performance with the power of cloud for enriched intelligence and accuracy

Read the Datasheet
Request a Demo

Smart API Security Protection

Take the next step toward better security visibility and protection for your applications, and schedule a free demo with a Signal Sciences specialist.

Request a Demo

API Gateway Integrations

Signal Sciences API Security works seamlessly with industry-leading API Gateway solutions. Depending on the API gateway your organization uses, you can easily install Signal Sciences as an agent or module. Learn more about our integrations.

Section
Kong
Envoy
Istio
HAProxy
nginx

API Protection Case Studies

OFX

Securing API And Microservices For International Wiretransfers

OFX is an international financial transfer platform based in Sydney, Australia, that processes over $22 billion in wire transfers annually through its web application.

Challenge

OFX required an application security solution that’s easy to install and use while effectively blocking malicious traffic automatically without causing production incidents. OFX needed to ensure their microservices weren’t implicitly trusting others and sought a product that would provide visibility into authentication requests.

Solution

The OFX security team deployed Signal Sciences easily without taxing the engineering team while gaining deep application visibility. After installing the software in minutes, the security team used Signal Sciences to uncover application errors that they weren’t expecting.

OFX

Benefits:

  • 95% of customers in blocking mode, protecting APIs without false positives
  • API native architecture, from monolithic legacy APIs to modern micro services
  • Integration into the rest of the API development toolchain: slack, Jira, pagerduty and others

Finn AI

Preventing Attacks Against Business Critical APIs

Leveraging artificial intelligence and the deepest banking domain expertise in the industry, Finn AI builds simple, easy-to-use conversational banking platforms for financial institutions so their customers can easily manage their money and improve their financial literacy.

Challenge

Finn AI needed visibility into API discovery attempts by malicious threat actors, as well as the ability to stop unusual activity against those same APIs that enable customers to use their natural language processing technology.

Solution

Finn AI acts as middleware, working between the commercial frontends and SDKs of a bank’s apps, including mobile apps. With Node.js as the core of their middleware, Finn AI selected Signal Sciences to run alongside it for effective inspection of API requests.

Finn AI

Benefits:

  • Visibility across the attack surface and a proactive defense
  • Maximize IT Staff utilization while building security resilience
  • Actionable alert feedback that solidifies security posture

Remitly

Defending Applications and APIs Without Fasle Positives

Remitly enables immigrant communities to send and receive money across borders  through its mobile application.

Challenge

Remitly needed a technology that could satisfy PCI requirements and protect customers’ valuable and sensitive transactions through its mobile application.

Solution

With Signal Sciences in place, the security team at Remitly is able to instrument and defend their web applications and APIs with a solution that doesn’t create false positives or block their customers’ traffic.

Remitly

Benefits:

  • Allow good traffic and block malicious requests coming in from the same network
  • Achieve PCI compliance and more
  • Flexibility across public and private web applications and API endpoints
Enterprise API Security

Enterprise API Security

APIs are the backbone of modern web, cloud, and mobile applications. Signal Sciences protects APIs no matter where or how our customers deploy them.

Read the Datasheet
Request a Demo

We Can Protect Your APIs

We’ll review your current situation, show you specific opportunities where we might help, and share how other companies are succeeding with our product, so you can decide whether it might be a fit for you.

Request a Demo
read more
Blog
Protecting WebSocket Protocol Apps and APIs with Signal Sciences
read more
Data Sheet
Enterprise API Security
read more
Webinar
How to Defend Against OWASP Top 10 API Attacks
Back To Top