Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

Key Criteria for Evaluating Application and API Protection Solutionsv1.0

An Evaluation Guide for Technology Decision Makers

Table of Contents

  1. Summary
  2. Application and API Protection Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take

1. Summary

Modern applications are composed of the application itself and the APIs that represent application subsystems. Recent trends in application development—including API First approaches, service-oriented architectures, and microservices—have served to make APIs part and parcel of the application. In short, many applications today are being broken into a collection of API calls, with some glue and UI code, and a bunch of back-end APIs that need protection. The increasing use of containers only exacerbates this division; indeed, microservices are largely enabled by container architectures. Modern application protection must address both of these unique access points in order to protect the entirety of the application.

Traditionally, application protection and API protection have been viewed as totally different fields. However, the needs of the market have driven them together because generally, one is not deployed without the other. Thus, application and API protection (AAP) encompasses both of these technologies.

This report is focused on universal application protection, which includes protecting applications in the traditional manner of a web application firewall (WAF), as well as protecting APIs the way security API management products do. The report also considers what new and unique protection might be offered, based on the merging of these two fields and the increasing use of AI/ML.

Solutions today need to protect applications and their underlying APIs, not only from traditional attacks like SQL injection but also from more subtle attacks that include several stages and different attack vectors all in one. In-line or side-arm, on the same platform or on remote platforms, the tools must be adaptable enough to protect modern digital applications across the range of their architectures and deployment environments. By the same token, the ability to work with the standard reporting and processing tools of the modern enterprise is vital.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.