Out-of-band Approach

What is the Out-of-Band Approach or Passive Mode Architecture?

The Out-of-Band (OOB) Approach or Passive Mode Architecture refers to a security setup where the Web Application Firewall (WAF) monitors and analyzes network traffic without actively interfering with it. In this mode, the WAF does not block or modify traffic but instead observes, scans, and logs requests and responses for analysis.

How It Works with API Sentry

When API Sentry WAF is deployed in out-of-band (passive) mode:

1. Traffic Mirroring: Your network or application server mirrors a copy of the incoming and outgoing traffic to API Sentry.

2. Non-Intrusive Scanning: API Sentry scans the mirrored traffic for potential threats, vulnerabilities, and anomalies.

3. Logging and Analysis: The WAF logs the details of each request and response, including potential security threats, without impacting the live traffic.

4. Reporting: Detailed reports and alerts are generated based on the findings, allowing you to understand the security posture of your application without any risk of false positives affecting legitimate users.

Note: In this mode, API Sentry does not take any direct action on the traffic (such as blocking malicious requests) but serves as an observatory and learning tool.

Advantages of Out-of-Band (Passive) Mode

1. Zero Impact on Application Performance:

   • Because API Sentry does not intercept or modify live traffic, there is no risk of performance degradation or latency issues in your application.

2. No Risk of Blocking Legitimate Traffic:

   • Since the WAF does not actively block traffic, there's no chance of false positives disrupting user experience.

3. Comprehensive Threat Analysis:

   • API Sentry can thoroughly analyze traffic patterns and identify potential vulnerabilities without interference, helping you understand and mitigate risks before they can be exploited.

4. Learning Mode for New Applications:

   • This mode allows you to monitor and analyze security threats during the early stages of deployment, enabling the WAF to learn your application's traffic patterns without any risk of accidental disruption.

Disadvantages of Out-of-Band (Passive) Mode

1. No Real-Time Protection:

   • Since the WAF does not actively block or modify traffic, any detected threats will not be mitigated in real-time. This could leave your application vulnerable to attacks until you manually address the issues.

2. Delayed Response to Threats:

   • Passive mode is primarily for monitoring and learning. If an attack is detected, you’ll need to manually intervene, which could result in delayed threat response.

3. Learning Curve:

   • Because this mode is more about learning and analyzing than protecting, it may take time for the WAF to fully understand the normal traffic patterns of your application, potentially delaying the deployment of active protective measures.

Installation Steps for Out-of-Band Approach

1. Prepare the Environment:

   • Ensure your application server or network infrastructure supports traffic mirroring.

   • Set up your environment to mirror incoming and outgoing API traffic to the designated API Sentry WAF endpoint.

2. Configure API Sentry WAF:

   • Access the API Sentry console and create a new project or select an existing one.

   • Navigate to the "Proxy Server Setup" section and configure your server to forward mirrored traffic to API Sentry.

3. Deploy Traffic Mirroring:

   • On your server (e.g., using NGINX, Apache, or load balancers), configure the mirroring rules to send a copy of the traffic to API Sentry’s monitoring endpoint.

4. Monitor and Review Logs:

   • After setup, monitor the logs and reports generated by API Sentry.

   • Review the data to identify any potential threats, vulnerabilities, or anomalies.

5. Transition to Active Mode (Optional):

   • Once you’ve gathered enough data and feel confident in the WAF’s understanding of your application’s traffic, you can transition to an active mode where API Sentry will start blocking or mitigating detected threats in real-time.