Product Brief Layer7™ API Security

The Industry’s Leading Platform for

Enterprise-Scale API Security
Overview
As businesses open their doors to partners, developers, and the cloud, APIs
KEY FEATURES are becoming the crucial key to unlocking data and applications. However,
secure and efficient information sharing requires tackling challenges in
• Unified Control – Layer7 API
security, performance, and data adaptation.
Security lets you manage modern
RESTful endpoints for secure, For more than two decades, Layer7™ API Security simplified this,
seamless communication with REST offering a comprehensive solution that seamlessly integrates back-end
API legacy systems. systems, optimizes for mobile access, orchestrates cloud deployments,
• Granular Access – Implement and empowers developers. Layer7 API Security is the one-stop shop
enterprise-grade access for mastering the full spectrum of enterprise API security, including
management with single sign- management, operations at scale, and API Management.
on (SSO) and multi-factor
authentication (MFA), including
biometrics and deep, fine-grained
Layer7 API Security
authorization for your APIs. API management has evolved to prioritize secure environments across the
• Life Cycle Optimization – Built-in entire API life cycle. This encompasses both provisioning and consumption:
health tracking metrics with
• Provisioning – Build, deploy, and manage API traffic. Enterprises navigate
support for popular API tools and
a continuous cycle of API strategy, design, creation, orchestration,
CI/CD pipeline integration empower
streamlined API management.
protection, testing, deployment, promotion, and monitoring. Layer7
Leverage powerful modern API Security empowers each stage with security, scalability, and
GraphQL management interfaces manageability at its core.
for added efficiency and flexibility. • Consumption – Discovery, acquisition, and utilization by developers
• Developer and Partner Hub – and consumers. Developers leveraging APIs follow a parallel cycle
A customized developer experience of designing, building, launching, and iterating their applications.
allows auto-documentation to Layer7 provides a reliable mobile data infrastructure, streamlined
publish and discover APIs through onboarding, and functionalities to accelerate and improve mobile and IoT
a secure, centralized hub. Automate development.
documentation, comprehensive
API solutions should provide functionality across all these areas. Ideally, a
analytics, and provide secure
solution offers tools with clear benefits for all stakeholders:
mobile SDKs for developer and
partner success. • Enterprise architects – Secure and scalable API infrastructure
• Security specialists – Robust security controls throughout the life cycle
• Product managers – Efficient API creation and management for faster
rollouts
• Application developers – Streamlined access and tools for mobile and IoT
development
• Business executives – Data-driven insights and improved development
agility
As a recognized leader in the field, Layer7 API Security offers industry-
leading products that accelerate and empower security across the full API
life cycle, including ongoing API intelligence and monitoring.

Layer7 API Security

 Product Brief

Product Overview
The following table shows the capabilities of Layer7 API Security.
CRITICAL Layer7 API Security Capabilities
DIFFERENTIATORS API Security • Advanced security profile and Zero Trust through identity security
• Certified API infrastructure for high-value APIs, allowing advanced security
Advanced Security – Layer7 orchestration
shields your APIs against • Advanced security, integration, and transformation policy driven solution
• Powerful message and security introspection and transformation
known threats, including built-in
• OWASP API security Top 10 vulnerabilities defense
protection against the OWASP • Secure API firewall and gateway security
Top 10. SSO and identity • Mobile and IoT security with Full OAuth and OpenID stacks
management ensure end-to-end • Common Criteria Certification
• FIPS 140-2 compliant
access control, securing apps, • STIG hardened
mobile, and IoT across the board.
APIOps at • Centralized governance for all API security stakeholders
Scale • Automatic application of security across multiclouds
Unparalleled Scalability – • X-Region API metering
Throttle, prioritize, cache, • Configure once, deploy anywhere
and route traffic for peak • Cloud-native deployments using Helm or Operator
• Extreme performance at enterprise scale
performance. Scale dynamically • Observability using OpenTelemetry
to meet your evolving needs,
API • Securely manage APIs as products
never encountering bottlenecks. Management • Compliance enforcement and secure constant control of API
Layer7 is licensed not to punish • Customized developer user experience
API growth with increasing costs. • API documentation
• API business monitoring
• Control API access across multiclouds
Deployment Freedom – Choose
• API discovery
your deployment model: • API acceleration with compression, caching, and aggregation to optimize
on-premises, SaaS, or hybrid. throughput
Layer7 API Security adapts to • Protocol orchestration, adaptation, translation, and composition

your infrastructure with a wide API • Business insights from APIs usage
Intelligence • Respond to threats and vulnerabilities
range of form factors, including
• Feed AI engines with context-enriched API traffic metadata
hardware, software, virtual • Insights go beyond the API
environments, and containers. In • Deep-level security enables business and security insights
public or private clouds, the same Supported XML, JSON, YAML, SOAP, REST, GraphQL, XPath, XSLT, XML Schema, LDAP, RADIUS, SAML,
configuration can be enforced. Standards XACML, OAuth 2.0, PKCS, Kerberos, X.509 Certificates, FIPS 140-2, XML Signature, XML
Encryption, JWT, JWS, JWE, JWKSSL/TLS, SNMP, SMTP, POP3, IMAP4, HTTP(S), MQ Series,
Tibco EMS, Raw TCP, FTP(S), WS-Security, WSTrust, WS-Federation, WS-SecureExchange,
Event-Driven Power – Supports WS-Addressing, WS-Policy, WS-SecurityPolicy, WSPolicyAttachment, MTOM, S/MIME, IPv4,
multiple protocols and transports IPv6, WCF, MQTT, RabbitMQ, Kafka, JMS, Websockets

such as MQTT, IMS, and

Figure 1: Securing APIs
Websockets, enabling a vast
array of event-driven application API Consumers Protected Banking APIs
use cases.
Authenticate Issue
Effortless Management – The
Layer7 intuitive visual interface Layer7
Authentication
simplifies API creation and Server

complex security policy setup.

Integrated testing and monitoring Message Validation Route
tools keep your APIs under
constant watch, ensuring a Layer7
Gateway
seamless API life cycle.
Authorization Meter

For more information about Layer7 API Security, please visit

www.broadcom.com/layer7

For more information, visit our website at: www.broadcom.com

Copyright © 2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All
trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Layer7APISecurity-PB100 May 29, 2024