Site icon API Security Blog

At Kong Summit 2022, Imperva Will Demonstrate how to Use Terraform to Onboard Kong-managed Apps and Discover API Endpoints

## Imperva and Kong are working together to simplify APIs

Imperva is attending Kong’s 2022 Summit on September 28 and 29 in San Francisco. Imperva’s Summit booth will feature both a recorded and live demo built to showcase how Kong and Imperva seamlessly integrate using Terraform. Imperva, a [recognized leader]() in Web Application and Application Protection (WAAP), and Kong, a leader in API management, are joining forces to simplify API management and security for developers.

## Onboarding applications with Terraform

Wikipedia describes [Terraform]() as an open-source, infrastructure as code, software tool created by HashiCorp. Users define and provide data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON.

Imperva will demonstrate how easy it is to onboard applications managed by Kong to Imperva using Terraform. Using templates found in the [Terraform registry](), developers can develop their Terraform pipeline to configure WAAP policies, including the automated discovery of API endpoints. Running this pipeline will automatically onboard applications to [Imperva’s WAAP platform](). Our Terraform demo will demonstrate how to set up the pipeline, customize policy actions, enable API endpoint discovery, and run the pipeline.

## Imperva WAAP Platform instantly protects and provides insights on applications

At our Summit booth, we will also provide a walkthrough of our WAAP platform to highlight how we protect applications that Kong manages. Imperva’s [award-winning WAAP protection]() protects applications instantaneously against threats.

In addition to protection against the [OWASP API Top 10](), Imperva’s [API Security]() provides customers with a wealth of information about their API ecosystem. After an application is onboarded, API Security creates an inventory of the API endpoints in an application. API endpoints can be automatically discovered, which can be configured with Terraform or in the GUI. Customers also have the option to import a Swagger file to build out the API inventory. This inventory displays the methods and hosts in an easy-to-read format, helping organizations learn about any shadow APIs in their environment.

API Security also conducts a baseline of API endpoints to provide customers with contextual insights. After baselining is complete, API security applies data labels to APIs handling [sensitive data (PII)](). API Security also classifies endpoints based on coding risks. Whenever an API is updated, API security alerts security teams to any potential risks.

This walkthrough will include an overview of [Attack Analytics]() – Imperva’s threat insight tool. This tool contextualizes the risk landscape, highlighting important events in an environment. Attack Analytics correlates and distills thousands of security events into a few distinct readable narratives. Artificial intelligence and machine learning process incoming events to find correlations between them. Events are sorted and grouped into easy-to-understand incidents that are prioritized accordingly, taking the mystery out of investigations.

Attack Analytics reduces [alert fatigue](), increases efficiency, and helps optimize security teams. Each incident is displayed as a straightforward narrative: analysts are presented with the type of attack, attack origin, attacker IP reputation, timeframe, tools that were utilized, and any related CVEs. Everything is displayed on one screen; no additional research is necessary to understand an incident, decreasing the time to resolution. This game-changing tool is included in the WAAP platform at no additional cost.

The post [At Kong Summit 2022, Imperva Will Demonstrate how to Use Terraform to Onboard Kong-managed Apps and Discover API Endpoints]() appeared first on [Blog]().Read More

Exit mobile version