Web Application and API Security Enhancements: New Analytics Dashboards for Improved Visibility and Support for gRPC Protection

According to Forrester’s recent Analytics Business Technology Survey, 2020, web application exploits, such as SQL injection, cross-site scripting, and remote file inclusion, are the most common forms of external attack. Protection for web applications and APIs continues to evolve as organizations adopt containers, Kubernetes, and serverless architectures. In these ephemeral environments, managing additional agents, gateways, and appliances becomes challenging for traditional security and application security teams.

In order to provide integrated, best-in-class protection for modern applications, Prisma Cloud delivers powerful Web Application and API Security (WAAS) capabilities that include coverage for the OWASP Top 10, API protection, bot risk management, advanced DoS protection and more. Security architects, DevSecOps, and application security teams can confidently protect web apps and APIs through defense in depth with visibility, vulnerability detection, security posture management, and runtime protection.

What's New in the Latest Release of Prisma Cloud

WAAS Dashboard Explorer

In the previous release of Prisma Cloud’s Web Application and Security (WAAS) module, we added an automated API discovery capability that can automatically discover API endpoints in your environment, show an endpoint usage report, profiles normal API calls and lets you export all discovered endpoints as an OpenAPI 3.0 spec file. In addition, customers could discover unprotected web apps through automated scanning of their environment for containers and flagging the web apps that aren't protected by WAAS.

In the latest release of Prisma Cloud, we’re delivering a Web Application and API Security (WAAS) dashboard to highlight real-time and historical metrics, alert details, and security coverage along with enhancements to API observations and unprotected web applications views. Users can leverage these dashboards to get an overview of their security posture for reporting purposes and sharing with their management chain.

Users can start off by discovering which web apps are protected and those that are unprotected (Figure 1). In addition, you can prioritize your mitigation efforts by leveraging the integrated vulnerability statistics related to unprotected web applications  From there you can get an understanding of the amount of traffic (by requests or bytes) being inspected by WAAS (Figure 2). After understanding the overall traffic, take a look at the attacks by type that threaten your web apps and APIs as well as the rules in place to protect them (Figure 3). Lastly, to get to the granular details, you can even filter the traffic by source of the attack (Figure 4).

Added Support for gRPC

As part of our ongoing effort to help customers secure their cloud native applications, Prisma Cloud has added support for inspecting and protecting gRPC web applications and APIs against attacks.

gRPC is a type of open-source communication protocol, so an application can directly call a method on a server application on a different machine as if it were a local object, making it easier for you to create distributed applications and services (Introduction to gRPC).

gRPC communication is carried over the HTTP/2 protocol, using a binary format that’s interpreted based on the Protobuf contract.

Prisma Cloud’s Web App and API Security solution now supports protection of gRPC endpoints without requiring any special configuration from the user. When you set up rules and want to protect the gRPC communications for APIs, simply enable the gRPC toggle to add the additional layer of protection. This seamless functionality gives customers additional security for another type of communication protocol that their web applications and APIs might leverage.

API Deep Inspection

With the increase of APIs spanning the web, API security is a crucial part of a holistic security strategy. Today our solution helps you discover unprotected APIs automatically, so you can apply security with ease. To further help Application Security and Cloud Security teams secure APIs, we are further enhancing our API observations.

Users can now get granular details about the normal message structure of API calls, and related body parameters, based on automated profiling of API calls . If you plan to export this information, the OpenAPI definition file will include observed body content. There is also an additional protection flag that indicates which endpoints are protected and which are not, providing an extra layer of visibility.

Event IDs

Tracking security incident events can be difficult because of the sheer amount of traffic passing through Web Apps and APIs. Searching through massive amounts of security events can be exhausting if you are trying to diagnose an attack.

We are now incorporating Event IDs into every response, allowing users to easily reference WAAS module events. The WAAS ID is included both in the response message body and in the response header. The event IDs can also be incorporated into user-created custom block pages so a user can reference the event for further troubleshooting. Users can search for specific events easily in the Events tab by referencing the Event ID filter field.

How to Get Started

To learn more about the latest innovations in Prisma Cloud’s Web App and API Security solution, check out the following techDocs.

Existing customers on the SaaS platform can access the latest features in early February and self-hosted customers can access these features by upgrading to the latest version. New customers looking to get a free trial of Prisma Cloud’s Web App and API Security solution can request a free trial here.