Deep dive on PCI DSS 4.0 API Security Requirements

Deployment - Inline Mode

  1. Deploy AppSentinels Edge Controller & Sensor in INLINE mode. The sensor listens to HTTP traffic post SSL decryption. Optionally the sensor can be deployed in SSL Reverse Proxy mode to inspect HTTPS traffic.

  2. In this deployment, AppSentinels supports two modes configurable via a knob – OOB/Transparent & Service-chaining/Enforcement. In both the modes, AppSentinels processes copy of the packet.

  3. In OOB/transparent mode, sensor forwards the packet to the Application and Edge controller simultaneously. In service-chaining mode, the plugin forwards the packet to Edge Controller and waits for it’s response before forwarding the packet to Application. This allows the plugin to enforce inline action based on response received from Edge Controller.

  4. AppSentinels Service-chaining mode has optional max-latency configuration. In case Edge controller response is delayed and latency crosses configured threshold, plugin gets into fail-open mode and forwards the packet to Application thereby ensuring availability and responsiveness in case of a slowness or an outage.