The Cequence Unified API Protection Platform (UAP) can natively integrate with the Signal Sciences Next-Gen WAF to provide seamless integration with your cloud deployments. Cequence fully supports Mutual TLS authentication as well as other configuration options. Contact your account team for more integration details.
What is Signal Sciences?
The Fastly Next-Gen WAF (powered by Signal Sciences) is a web application firewall that provides a managed proxy layer that monitors for suspicious and anomalous web traffic directed at the applications and origin servers that you specify
There are two basic approaches for integrating Cequence Unified API Protection Platform (UAP) into an existing Signal Sciences WAF Deployment: inline and passive. Your Cequence UAP deployment could include Bot Defense, API Sentinel, or both.
In inline Integration, API traffic is routed through the Cequence UAP. This deployment scenario supports both Bot mitigation and API protection. For inline integration, there are two integration options to choose from: Upstream and Hairpin.
In passive integration, request/response transaction information is captured and sent to Cequence UAP using the Signal Sciences configuration. This approach supports API discovery and risk analysis of APIs by Cequence API Sentinel. Detection, discovery, and risk events may be logged to external SIEM and SOAR services.
Inline Data flow - Hairpin Deployment:
API traffic requests and responses are both routed by the Signal Sciences WAF to flow through the Cequence Defender which then forwards captured transactions back to Cequence Unified API for deeper analysis. The Cequence Defender is logically in line, and in a position to mitigate both requests and responses based on user-defined or refined system mitigation policies.
Inline Data flow - Upstream Deployment
API traffic is received by the Signal Sciences WAF, then forwarded to the Cequence Defender en route to the Application server for deeper API security analysis. The Cequence Defender is upstream of WAF. Requests are forwarded directly from Cequence Defender to the application(s). Responses from the application(s) are forwarded back through the Signal Sciences WAF to the client.
Detailed step-by-step instructions are available to Cequence customers.