Radware targets API blind spots with real-time lifecycle protection

Radware has unveiled the launch of its Radware API Security Service, an end-to-end solution designed to protect APIs throughout their entire lifecycle using real-time production traffic. Radware API Security Service offers APIs advanced protection against the OWASP Top 10 API Security Risks, including sophisticated Layer 7 DDoS attacks.

APIs power most modern applications, but they also create major security blind spots. API security tools often generate large numbers of theoretical alerts without showing risk, making it hard for teams to know what to fix first. Gaps in API discovery leave shadow APIs and third-party integrations unprotected, while limited runtime visibility makes it difficult to detect and stop complex business logic attacks as they happen.

Radware’s new API Security Service addresses these challenges by delivering continuous runtime visibility, posture management, and protection, providing security teams with a real-time view of API risk based on live production traffic.

“APIs are dynamic, business-critical, and increasingly targeted—but most security approaches are still static,” said Haim Zelikovsky, vice president, cloud security business at Radware. “Radware’s API Security Service redefines API protection by continuously analyzing real traffic to identify real risk, automatically block real attacks, and help organizations reduce noise, shorten MTTR, and meet regulatory requirements with confidence.”

Radware’s API Security Service delivers unified, end-to-end runtime protection across the API lifecycle, combining continuous discovery, posture management, analytics, and active defense in a single platform.

Key capabilities include:

• Runtime posture management: Real-time analysis of live production traffic identifies actual risks and prioritizes remediation based on active threats and attacker intent.
• Business logic protection: Automatically maps API workflows and detects and blocks sophisticated business logic attacks in runtime.
• Complete runtime protection: Full coverage of the OWASP Top 10 API Security Risks, including bot, embedded, client-side, and HTTPS DDoS attacks targeting APIs.
• Automated api discovery and visibility: Continuous discovery of all APIs, including shadow and third-party APIs, with full visibility into inventories, schemas, usage, and workflows.
• Unified platform and compliance: A single portal for Dev, Sec, and DevSecOps teams that simplifies collaboration and supports regulatory requirements, while reducing complexity and total cost of ownership.

The Radware API Security Service is designed to meet the needs of CISOs, security operations teams, and DevSecOps organizations seeking API visibility, runtime protection, and risk reduction. AI-driven detection is designed to minimize false positives, while adaptive, behavior-based protection is designed to prevent disruption to legitimate API traffic, even during large-scale HTTPS DDoS attacks.