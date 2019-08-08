A highly effective security measure is to control and monitor inbound and outbound traffic in order to distinguish between legitimate and illegitimate requests.

A WAF can inspect inbound traffic for threats that could damage your site functionality or compromise data. However, a common blind spot is API traffic―organizations simply do not have visibility into what has been exposed, to whom, and what is happening with that data. Some WAFs can protect API traffic as well, while an API gatewayprovides a unified entry point for all API consumers.

If internal servers are compromised, they can pose a threat to a larger network of resources--especially when attempting to steal sensitive data or communicate with command and control systems. Filtering outbound traffic by an expected list of domain names is an efficient way to secure outbound traffic from a VPC because the hostnames of these services are typically known at deployment, the list of hosts that need to be accessed by an application is small and does not change often, and hostnames rarely change.