distil networks-api-security-data-sheet
TRANSCRIPT
Due in large part to a rise in API-centric development, APIs are becoming an increasingly integral part of
the digital world. However, many organizations struggle to manage the security of APIs, relying on simple
authentication tokens or basic IP rate limiting to guard critical API attack vectors.
The Distil API Security solution protects all types of APIs including those serving web browsers, mobile
applications, and Internet of Things (IoT) connected devices. Distil API Security defends against developer
errors and automated API scraping, as well as web and mobile API hijacking.
Easy and accurate API security for web, mobile, and machine-to-machine communication.
Key Benefits
● Reduce security risk and downtime across
critical API attack vectors
● Protect API endpoints from runaway scripts and
developer errors
● Ensure users are adhering to API terms of service
● Deploy in minutes without coding, regardless of
where APIs are in their development cycle
Trusted by the world’s most successful websites
“Distil provides API security based on ID Tokens in addition to
IP addresses, which allows me to enforce partner agreements
and the terms of service for my APIs, even if a user tries to
change tokens or dynamically changes IP addresses. This is a
truly unique approach to API security which raises the bar
above what has previously been available to secure APIs.”
Shane Ward
Senior Director of Technology
DISTIL API SECURITY DATASHEET
ID TOKEN-BASED API USAGE TRACKING
Most API security solutions track API usage through
IP addresses. Unfortunately, users or would-be
attackers often change IP addresses, or rotate API
tokens in order to circumvent rate limits. According
to the 2016 Distil Networks Bad Bot Landscape
Report, as much as 73% of automated attackers use
multiple IP addresses in their attacks, with 20% of
those using more than 100 IP addresses.
Unlike competing solutions,
Distil Networks goes beyond
simple IP address tracking, to
includes granular API usage
monitoring via a combination
of both ID tokens and IP
addresses. This granular
approach enables Distil to detect and block
sophisticated attacks like token spamming, token
distribution, and IP cycling which would otherwise
bypass traditional API security controls.
FLEXIBLE DEPLOYMENT OPTIONS
Distil API Security boasts multiple deployment
options including a cloud based CDN and physical
or virtual appliances. Regardless of which type of
deployment best matches your web infrastructure,
all Distil API Security implementations are
compatible with any type of API, regardless of
where they are in the development cycle.
KEY CAPABILITIES
Easy configuration, and multiple deployment
options (Cloud CDN | Appliance | AWS)
● Instant-on for existing Distil Networks customers
● Add to any API in minutes regardless of where
APIs are in the development cycle
● No coding required
Token-based User Tracking
● Seamless compatibility with existing token
names and locations
● Token-specific tracking enables device level
granularity often lost at the IP level
Advanced Rate Limiting
● Multi-tiered rate limiting provides graduated
enforcement options for violations based on
tokens or IP addresses
● Per token and Per IP rate limiting to prevent
token cycling and token distribution, two
common weaknesses to IP-only rate limiting
Dynamic Access Control Lists
● Self-deprecating ACLs and dynamic IP addresses
ensure that whitelists and blacklists are never
stale or affected by IP drift
● Geofencing by country or organization/ISP
Programmatic Control
● Full featured public API access provides
integration of the Distil API Security service with
existing security solutions for on-the-fly rule
changes, event investigation, and ACL updates
ABOUT DISTIL NETWORKS
Distil Networks is the first easy and accurate way to identify and police malicious website traffic, blocking 99.9% of
bad bots without impacting legitimate users. Distil creates market leading solutions which help protect your web
applications from bots, API abuse, and fraud, including:
Bot Detection & Mitigation
Distil’s self-optimizing protection
leverages machine learning algorithms,
real time device fingerprinting, and
the world’s largest Known Violators
Database to block even the most advanced
persistent bots.
Distil High Touch Service (HTS)
Distil’s experienced security analysts
provide HTS customers with real-
time threat monitoring, analysis,
investigation, as well as post-incident
reports and best practices to ensure a rapid response
to malicious bot attacks.