Anti-malware and Apigee Edge Cloud

Apigee Edge instances used to support customer services do not use anti-malware software.

Security for API calls is provided by the Edge platform itself and the applications that send data through Edge to the customer data centers hosting customer APIs. Edge itself can be configured to block malicious payloads in API calls before they reach the API services and impact them. Apigee uses Edge to proxy and protect our own API services that we expose to the world and to customers.

The instances used to create Apigee Edge Cloud are protected through use of other mitigating controls. The hardened nature of the instances used to provide Edge services, along with the unique software developed as Edge, make anti-malware difficult at best to install and maintain. Anti-malware products also introduce a latency issue which is a concern for a real-time processing system. Anti-malware products will often introduce latencies that far exceed the millisecond standards of Edge.

Apigee uses automated configuration management software (similar to Puppet or Chef), host-based intrusion detection software, file integrity monitoring, and other tools to protect our instances from malware infections. Instances are constantly monitored for compliance to the Apigee standard. Any instance that deviates from the standard is terminated and replaced with a freshly built instance to the exact approved standards. This happens in real time.