Protecting gRPC applications and APIs

Wallarm has always stood out from its competitors when it comes to supporting modern stacks. For a long time Wallarm has been the only product to provide comprehensive protection for WebSockets-based web applications. Once again, Wallarm is glad to be the pioneer and add support for the gRPC protocol. The newly added WAF for gPRC feature is available to all the customers that use the latest 2.14 version of Wallarm Node. 

Adoption of gPRC

Many customers, especially among large tech companies, are adopting gRPC as a fundamental piece of technology while architecting their new APIs and microservices.

The protocol/framework advantages include plug-in support for load balancing, tracing, health checks, and authentication. gRPC was originally developed by Google for internal use and published for general access in 2015. Now it is used by companies such as Netflix, Cisco, Dropbox, and many others. To optimize connectivity gRPC uses HTTP/2 as a transport and, protobuf as a mechanism for serializing and defining data types.

Like any technology that is gaining popularity, gRPC has already attracted the attention of security researchers. Several vulnerabilities have already been discovered and fixed in the protocol itself. That being said, gPRC applications remain vulnerable to the exact same security issues and threats as any other apps and APIs. Therefore, they require proper protection and security controls.

Intelligent Parsing

Support of gRPC protection is available with Wallarm Node 2.14. New and improved mechanism is a part of the Intelligent Parsing technology, a critical component of filter node that is in charge of super fast parsing and analyzing every request that comes to the web app or API.

For gRPC calls, Wallarm Node runs deep request inspection of an HTTP request, parses Protobuf messages and detects malicious payloads even if they are nested inside complex data structures. This allows you to protect gRPC based APIs against the modern-day challenges, ranging from OWASP Top10 threats to Account Takeover.

Protection and Development Velocity

To protect start your gRPC-based APIs, you do not need any additional configuration. Or require upload of any API schema or protobuf structures.

As with any other APIs (whether they are built on XML or JSON or whatever), Wallarm does not require extra configuration to conduct deep inspection of a request and apply attack detection mechanism for each and every parameter of the API call. 

You can protect the APIs that use gRPC and are frequently updated as a part of the CI/CD process. You can protect North-South traffic of the publicly exposed assets as well as East-West traffic between gRPC-based microservices. This new feature of Wallarm makes protecting gRPC applications and APIs truly straightforward and reliable.