← API SecurityWallarm

StrongStrongStrongStrong

4.5

Vendors › API Security › Wallarm

Wallarm

Name: Wallarm
Rating: 4.5 (130 reviews)
Author: Wallarm

Founded 2014·US·VC-backed

4.5

Combined score

4.6100

Gartner

4.430

▪ Editorial verdict

Wallarm has built the most developer-friendly combined WAF and API security platform in the market. The native NGINX, Kong, and Envoy modules mean engineering teams can add API security directly into their existing service mesh and API gateway infrastructure without a separate appliance or cloud service, and the transparent per-request pricing makes it accessible for organisations that cannot justify enterprise-only contract minimums.

The enterprise-scale validation breadth is less than Salt Security or Akamai, and the dedicated CSM support at lower tiers is limited. Wallarm competes on developer accessibility and deployment flexibility rather than on the deepest enterprise API threat detection.

The verdict: Wallarm API Security is right for engineering-led teams wanting lightweight WAF and API security via NGINX or Kong with transparent pricing and no enterprise contract minimums. Large enterprises needing the deepest API threat detection and dedicated support should evaluate Salt Security or Akamai.

Last reviewed: May 2026

4.6100 reviews

Gartner

4.430 reviews

Gartner MQ: Representative Vendor

API Security assessment

PROTECTIONStrong

API discovery & inventory

4 / 5

Attack detection

4 / 5

OPERATIONSStrong

DevOps integration

5 / 5

Remediation guidance

3 / 5

ANALYTICSStrong

Traffic analytics

4 / 5

TRUST & ECOSYSTEMStrong

Standards & spec coverage

4 / 5

Strongest: DevOps integration

Watch out for: Remediation guidance

Strengths & limitations

Strengths

●Unified API security and WAF — one platform for web and API protection

●Strongest DevOps integration — native CI/CD pipeline connectors

●AI-powered false positive reduction for high-throughput API environments

Watch out for

●Less brand recognition than Salt Security or Noname in enterprise evaluations

●Support resources less comprehensive than larger vendors

●Advanced ML features require training period

Best for

DevOps-forward organisations wanting combined API security and WAF with deep CI/CD integration.

Not suitable for: Large enterprises wanting pure-play dedicated API security without WAF — Salt and Traceable offer more depth.

Compliance coverage

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●GDPR

●NIS2

●ISO 27001

○Essential Eight

○AU Privacy Act

○CMMC

○DORA

○CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

WAF-only protection
Manual API testing

Also considering

Vendors typically shortlisted alongside

← Back to API Security Compare with other API Security vendors →

Quick facts

Pricing modelper API/month subscription

Pricing range$3,000-50,000/year depending on traffic

Free trialYes — 14 days

Min seatsNo minimum

Deployment time< 1 week

Complexity2 / 5

Pricing transparency3 / 5

AU presenceNo

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportCloud-native, Self-hosted

CloudAWS, Azure, GCP

SupportEmail, Chat, Dedicated CSM

Data residencyUS, EU, Self-hosted

Company

Wallarm

Founded 2014 · 200-400 employees · VC-backed

HQ: US

$20M+ ARR est.

Certifications

SOC 2 Type II, ISO 27001

Integrations

NginxKongAWS API GatewayGitHub ActionsGitLab CISplunkDatadogPagerDuty