The essential attribute of a self-serviced API Security product is the ease of operation in all stages of the policy definition process, from the API spec definition to the rule management. Distributed Cloud API Security goes beyond the typical API Security product that only allows the import of a Swagger / OpenAPI definition and can, if the API spec is unknown for any reason (in case of Shadow APIs), discover the API spec from live traffic. This is a great tool for the modern SecOps team that can now secure APIs that are unknown even to the IT team.
The easy and clear way in which Distributed Cloud API Security expresses policy rules helps in keeping these policies concise, easy to read and therefore easy to maintain. Additional features like the ability to bind API operations together in custom groups, ensures you only need a minimal number of rules to control access to your API endpoints.
I will briefly demonstrate the operation of Distributed Cloud API Security in the video below, showing the power of API Discovery and ease of policy rule configuration:
The explosive growth of APIs has one big drawback, as APIs are typically less well understood by the SecOps teams and maintaining different versions of API specs or discovering unknown APIs have proved to be serious challenges. F5 Distributed Cloud API Security mitigates those concerns, lowering the cost of maintenance and ensuring API protection wherever the API endpoints are deployed, thanks to the distributed cloud architecture on which this product is build.