Wallarm API Security Platform Review

    Wallarm API Security Platform Review

    63% of all HackerOne bug bounty rewards paid in the current year have been due to API security vulnerabilities. This represents an expenditure of $26,490 in the first quarter of 2023 alone. For context, the bug bounty is a program where HackerOne offers monetary rewards to individuals who discover a bug in an organization’s application.

    Seeing how much companies are losing to API vulnerabilities, Wallarm developed a program that can completely change the narrative. They called it the Integrated App and API Security Platform. In this article, you’ll learn about this platform, its features, and our expert opinion.

    Wallarm Overview

    Wallarm is an American-based technology company focusing on web and cloud applications and API security. Founded in 2016, the company prioritizes innovation and aims to transform application security, especially in this cloud-native era. The company’s current workforce comprises experts in various fields, including machine learning, cloud computing, security, and infrastructure.

    Consistent with its vision to reinvent application security, Wallarm launched the Integrated App and API Security Platform. This platform securely covers an organization’s APIs and applications and protects them from cyber attacks. Wallarm’s App and API Security Platform is widely adopted, assisting professionals in various industries, including healthcare, fintech, and e-commerce. It’s also a program of choice for technology companies.

    Wallarm has raised over $10.9 million in funding from nine investors and a post-money valuation ranging from $10 million to $50 million. Its current list of investors includes Taver Capital Partners, Y Combinator, and Toba Capital.

    • Established: 2014
    • Founders: Ivan Novikov, Stepan Ilyin
    • Offices: California, United States

    5 Core Features of Wallarm API Security Platform

    5 Core Features of Wallarm API Security Platform

    Expert Opinion

    Rating: 4.5/5

    Wallarm’s Integrated App and API Security Platform is a valuable tool for any organization for its usability and complete security of APIs and applications.

    Wallarm’s platform is intuitive and well-optimized, and this shows right from the website. The UI/UX is well-developed and top-notch, and it was easy to request a demo, talk with customer support, and access the central platform. It doesn’t stop there. We could perform whatever operations we desired hassle-free. 

    Compared with Cloudflare, a similar platform, Wallarm fared better in ease of use. The company can, however, still improve the program, especially with API requests. These requests should be more explicit so users don’t mistake them for attacks, helping to eliminate false positives.

    Wallarm’s security works as advertised, which was clear from our security testing. The automated threat verification is also active, speeding up incident responses for identified threats and vulnerabilities. However, there are still areas for improvement in the DDoS protection feature. Wallarm also integrates slowly with some applications, with synchronization sometimes taking close to five minutes.

    Overall, Wallarm pros far outweigh its cons, and the platform has the potential to be a globally trusted API security platform.

    Notable Features

    The App and API Security Platform provides numerous useful features for an organization. Below are the most important ones.

    1. Next Generation API Protection

    API protection and security covers all the steps in keeping an API safe. Numerous vulnerabilities in an API may arise, whether due to poor design or implementation. 

    The Open Web Application Security Project (OWASP) publishes the top 10 vulnerabilities every four years for DevOps and security teams to watch out for and avoid them. Some API risks include injection, broken object-level authorization, broken authentication, security misconfiguration, and improper inventory management.

    Wallarm’s platform provides comprehensive protection against every risk in the list and covers other advanced ones. With Wallarm, development and security teams have complete visibility into their API estate and can detect and remediate threats and vulnerabilities faster.

    2. Integration Across the Entire Application Portfolio

    You can integrate Wallarm with your existing tech stack with little to no issue. Since APIs enable two or more applications to communicate and share data, an API security tool should have cross-platform functionalities.

    Wallarm takes an intuitive approach toward systems integration by providing a dedicated section on its platform or console. From this section, Wallarm sends notifications about the security of other apps and can provide scheduled reports. Scheduled reports are completely customizable, and you can decide to receive them daily, weekly, or monthly, depending on the organization’s needs.

    Typically, reports will cover vulnerabilities encountered across the entire API portfolio, attacks, and incidents across the specified period. You can further customize Wallarm to provide information about the number of requests it processes every hour. This tool also provides instant notification for each detected vulnerability, hit, system-related event, and scope change.

    3. False Positives Elimination and Emerging Threats Protection

    In cyber security, a false positive refers to a notification from a system or device warning about a security threat when there’s none. Such a situation is problematic because it adds to the load of an already overburdened system team. The team spends time and resources on a nonexistent issue.

    Wallarm uses grammar-based attack detection to check the code that a computer receives. It ensures that these codes and instructions are correct and don’t contain malicious instructions. Wallarm’s tool helps reduce workload and improve efficiency without depending on manual methods.

    4. Automated Incident Response

    Incident response describes an organized, strategic approach that an organization follows in identifying and eliminating cyber threats. Today, incident response is a standardized process with seven steps: preparation, identification, containment, investigation, communication, recovery, lessons learned, and future protection.

    Wallarm helps automate this process innovatively and efficiently. It streamlines incident response by providing complete visibility into the entire process. It also uses smart triggers and active threat verification to minimize the effect of risks or address and resolve them quickly.

    5. Security Portfolio Analysis

    The Wallarm console provides a detailed insight into the security details of an organization’s API portfolio. If the company has recently been the victim of a cyberattack, it gives insights about the attack and attackers. It also monitors the API portfolio for recently added or changed and unmanaged APIs. Such a feature helps to improve the attack’s basic control or bridge security coverage gaps.

    Wallarm API Platform Integration

    Wallarm’s APl platform integrates virtually with an organization’s entire tech stack, and the developers continue to extend support for more applications. Without this encompassing integration, API security will not be complete. The company categorizes the apps and systems it integrates with into different groups to make tracking and monitoring easier. Below are the various categories of tools that Wallarm integrates with:

    • Email and messengers: General communications tools, including Slack, Telegram, and Microsoft Teams.
    • Incident and task management apps and systems: Common tools that developers use, like Jira, Opsgenie, PagerDuty, and  ServiceNow.
    • Security information and security automation and response tools: Popular incident response and management tools, like InsightConnect, Microsoft Sentinel, Splunk, and Sumo Logic.
    • Log management systems: Applications for monitoring databases like Datadog
    • Data collectors: Software programs in this category include Logstash, AWS S3, and Fluentd.
    • Monitoring systems: Databases and monitoring systems, like InfluxDB, Graphite, Nagios, and Zabbix.

    Plans and Pricing

    Wallarm’s approach to plans and pricing is somewhat unconventional. The company has two paid plans through which it offers its different features and products. It also has free cloud-specific plans for new users. These free plans enable the user to test-run the app and decide about subscribing to an actual package.

    Here are the different plans that you get with Wallarm:

    1. Cloud Native Web Application and API Protection (WAAP)

    Cloud Native WAAP is the lower of the two priced plans in Wallarm’s list. Technically, it’s a next-gen Web Application Firewall (WAF) that provides basic protection for web applications and apps against common security threats. 

    Features

    • Protection against OWASP’s top 10 security threats
    • Real-time threat prevention
    • Brute-force protection
    • Audit log
    • Access to Wallarm API

    Wallarm doesn’t provide the pricing details for this plan. You need to set up a demo with a personal agent to get this information.

    2. Advanced API Security

    Advanced API Security is an add-on for Cloud Native WAAP. You can’t purchase it separately as an independent plan. It provides comprehensive API discovery and threat protection across an organization’s portfolio, regardless of the protocol.

    In addition to the entire features of Cloud-Native WAAP, you get some other features for upgrading to this plan.

    Features

    • API protocol support
    • API abuse prevention
    • API discovery and sensitive data protection
    • Active threat verification and vulnerability scanner
    • User management

    Like the first plan, pricing information for this plan is not public and is also available on demand.

    3. Free Tier for US Cloud

    This plan is free and is automatically created whenever a new user registers in the Wallarm US Cloud. It’s a downgraded version of the Cloud Native WAAP subscription plan. You can access this plan’s features, but there’s a usage limit. Once you reach that limit, you must wait for the counter to reset. You can read more about the Free Tier US Cloud plan by visiting the company’s website.

    4. Trial Period for EU Cloud

    The trial period for EU Cloud is free, like the free tier US Cloud. However, as this is a trial period offer, it only lasts 14 days. It’s also only available for accounts created in the EU Cloud. Information about this plan is also available on Wallarm’s website.

    Price and Key Features Comparisons Table

    Here is a side-by-side comparison of Wallarm’s two core subscription plans:

    FeatureCloud Native WAAPAdvanced API
    OWASP Coverage
    OWASP Top 10YesYes
    OWASP API Top 10PartiallyYes
    Protected resource types
    Web applicationsYesYes
    APIsPartiallyYes
    Security testing
    Active threat verificationNoYes
    Vulnerability scannerNoYes
    Observability options
    API DiscoveryNoYes
    Sensitive data protectionNoYes
    Price and Key Features Comparisons Table

    Terms and Policies

    Before you begin using Wallarm’s tool, it’s important to understand what terms guide how the company offers its services. Agreeing and complying with these terms helps ensure you use the platform for a long time and don’t lose access to it. 

    For example, suppose you infringe on Wallarm’s copyright by distributing or sharing the software without permission. In that case, you may lose access to the software and even face a lawsuit.

    When you create an account with Wallarm and begin to use its tool, the company obtains and saves different information and details from you. This can be information you submit yourself, such as name, address, phone number, and other personal details. It can also be details automatically obtained from your computer, like IP addresses, system configuration information, and the websites you interact with, mostly. These details help Wallarm provide a personalized experience to you without compromising your safety or security.

    Customer Support

    Wallarm provides different and easily accessible support channels on its app and website. Since it’s often difficult to determine where an issue might arise when using the app, multiple support channels make it easy to get solutions quickly.

    There’s a dedicated support portal on the website with links to helpful information about almost every aspect of the app. For example, you can visit the Wallarm installation, configuration, and usage web pages all from the support portal. You can submit a request if your required detail isn’t on the support portal. A support agent should respond to you in a short time.

    Wallarm also has a chatbox on its website that allows you to engage an agent immediately. This agent can provide you with information about this platform, like bot protection, API protection, and API discovery.

    Address

    188 King St. Unit 508,
    San Francisco, CA, 94107
    (415) 940-7077

    Support email

    request@wallarm.com

    Wrapping Up

    API and web application security are some of the most significant challenges for software development teams. As cyberattacks and similar computer threats increase, providing a solution becomes even more critical. If you’re in this situation, we recommend Wallarm’s Integrated App and API Security Platform. Its security features are advanced, and customer support is easily accessible and responsive.


    Contributors: Technical Writer (Saheed Aremu), Designer (Okesipe Olumide)

    Subscribe to our newsletter

    In this article.

    Subscribe to our newsletter