Unauthorized user or bot access, data leaks, (D)DOS attacks, misuses and human errors have become real threats for companies operating API infrastructures. Protecting your organization from API breaches is the ultimate goal of the Zorp API Gateway. You can authenticate API-requestors, control API calls and inspect the traffic in detail. By encrypting the traffic, you can increase the security of the API communication further. Enforce a custom API security policy without affecting the business operations.
Zorp API Gateway supports detailed and flexible logging. You can extract customized data from the API-traffic, those you can analyze from different perspectives. You can forward security relevant logs to the SIEM or SOC to improve your API security monitoring posture. The Zorp API Gateway also supports big data tools and data lakes (for example, Kibana, Elasticsearch or Kafka) as potential log destinations. You can send pre-filtered, quality data to these destinations for in-depth business analysis.
PSD2 requires banks to secure the financial data flow via their public-facing APIs. GDPR indirectly requires anonymization or pseudo anonymization of personal data in transit. The PCI DSS requires financial providers to encrypt transmission of cardholder data via public networks… All these regulations have one key requirement in common: they require regulated companies to protect customers’ data at rest and in transit, as well. The Zorp API Gateway helps streamline your compliance efforts through its comprehensive access control, encryption and audit capabilities.
The Zorp API Gateway can ensure compatibility with your legacy systems by modifying certain elements of the API traffic. This enables the possibility of hiding information about security risks and treating the vulnerabilities of your legacy applications. For example, you can remove the error messages, banners, or other information specific to the applications to hide faulty configuration or sensitive information about your back-end infrastructure. It can even force upgrade of legacy encryption protocols to the recent TLS version.
Thanks to its extremely flexible, scriptable configuration you can meet specific security requirements with Zorp Gateway. Just a few examples:
• Data manipulation - modifying sensitive or risky elements of the traffic. For example, masking credit card data or hiding vulnerable server configuration.
• Graceful degradation of services during peak times by preferring transaction-closing events
• Implement your own protocol by using the AnyPy proxy and the power of Python