Key Criteria for Evaluating Application and API Protection Solutions


  1. Summary
  2. Introduction to application and API protection
  3. Report methodology
  4. Analysis of decision criteria
  5. Evaluation Metrics
  6. Key criteria: impact analysis
  7. Analyst’s point of view
  8. About Don MacVittie


Modern applications are composed of the application itself and the APIs which represent the application subsystems. Recent trends in application development, including API First approaches, service-oriented architectures, and microservices, have made it possible to integrate APIs into the application. In short, many applications today are split into a collection of API calls, with glue code and UI, and a bunch of back-end APIs that need protection. The growing use of containers only exacerbates this divide; indeed, microservices are largely enabled by container architectures. Modern app protection must address these two unique access points to protect the entire app.

Traditionally, application protection and API protection have been considered entirely different areas. However, market needs have pushed them together because usually one does not go without the other. Thus, application and API protection (AAP) encompasses both of these technologies.

This report focuses on Universal Application Protection, which includes application protection in the traditional manner of a Web Application Firewall (WAF), as well as API protection as API management products do. of security. The report also examines what new and unique protection could be offered, based on the merging of these two fields and the growing use of AI/ML.

Solutions today must protect applications and their underlying APIs not only from traditional attacks such as SQL injection, but also from more subtle attacks that include multiple stages and different attack vectors all rolled into one. Online or in parallel, on the same platform or on remote platforms, the tools must be adaptable enough to protect modern digital applications across all of their architectures and deployment environments. Likewise, the ability to work with standard modern business reporting and processing tools is vital.

How to read this report

This GigaOm report is part of a series of documents that help IT organizations evaluate competing solutions in the context of well-defined features and criteria. For a better understanding, consider reviewing the following reports:
Report on key criteria: A detailed analysis of the market sector that assesses the impact that key product features and criteria have on high-end solution characteristics, such as scalability, performance, and total cost of ownership, which drive purchasing decisions.
GigaOm radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions across multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the industry.
Solution profile: An in-depth vendor analysis that leverages the framework developed in the Key Criteria and Radar reports to assess a company’s commitment to a technology sector. This analysis includes forward-looking advice regarding both strategy and product.