Cloud WAF

What is a cloud Web Application Firewall?

A classical WAF sits in front of the web application, analyzing the contents of each HTTP/HTTPS incoming request against their behavior and logic, before passing them on to applications. . It is a device dedicated to protecting web applications and API against threats and any new vulnerability. A cloud based WAF has all the advantages of a classical WAF, and is deployed in a cloud marketplace. It could also be provided as software as a service (SAAS).

Gartner’s Cloud WAF market analysis

The web application and API protection (WAAP) market is flourishing. This is predominantly due to the increasing adoption of cloud based WAF among enterprises, for their public facing applications. By 2023, more than 20% of public facing applications can be protected by cloud web application and API Protection (WAAP) services that combine distributed denial of service (DDoS) protection, bot mitigation, API protection and WAF.[1]

Why should I get a cloud based WAF security?

If you are looking for something beyond on premise security solutions, for your cloud applications, the best way is to ensure that your cloud services are running behind a trustworthy cloud based web application firewall. Volumetric DDoS attacks  are one of the major security challenges since they negatively affect your enterprises in various ways. A cloud based WAF, with anti DDoS and superior mitigation capabilities, is a good contender to protect enterprises from this havoc. Ideally, it should have a low false positive and false negative rate. It also blocks major application based attacks like SQL injections , XSS, path traversal etc.

A cloud based WAF thwarts traffic based on a predefined set of rules

It comes with additional functionalities such as Geo IP. This could help you block specific countries from accessing your website by only allowing the requests that match your Geo IP condition (list of countries that you want to allow sending requests). If there is no match, security logs are created and the user is directed to a specific error page. Having such a feature not only blocks malicious requests from across the globe but also proves to be beneficial for your existing customers. Another powerful feature that helps in mitigating DDoS attacks is that of rate limiting. It helps in setting up an ideal ratio (no. of requests/ time unit) for each IP address. For example, if the rule is to allow 15 incoming requests in every 5 secs, it will block clients who have more requests than this limit. This feature protects your resources from excessive use by unwelcome users and boosts the overall throughput. Rate limiting prevents an attacker from testing many vulnerabilities and using evasion techniques.

IP Reputation, an interesting feature

Cloud WAFs can leverage a real time threat intelligence database to protect customers effectively against threats posed by IP addresses. First, the incoming client IP is tested against an updated IP reputation database. Then, the database returns a reputation score along with the threat category of the client IP. Then, depending on the score, you can then make an informed decision about blacklisting the attacking IP. You can assess and monitor the environment by performing intelligent security analytics, similar to the case of a classical WAF. You can collect the logs and export them to a SIEM solution, so that no threat do goes undetected. Moreover, it is much easier to deploy your WAF in the AWS marketplace when the applications to protect are in AWS. It provides scalability, leveraging pay as you go model of the marketplaces.

Harness the strength of the cloud WAF solution

A cloud based WAF leverages several web applications and customers in one single platform. On premise WAFs have security engines that create certain rules to block attacks or malware. However, the constantly changing attack surface consists of complex application and DDoS threats, which demand capabilities that are more advanced. To adapt to this, nowadays, some vendors enhance their Cloud WAFs with machine learning or artificial intelligence to provide a quick tailored defense mechanism with rules specific to each application and API. 

Our Cloud WAF solutions

Rohde & Schwarz Cybersecurity offers a cloud based web application firewall (WAF). The classical R&S®Web application firewall can be deployed in the cloud marketplace. It is very easy to set up and instantiate and has all the advantages of the on premise version. On the other hand, R&S®Cloud Protector (WAF-as-a-Service) is ideal for enterprises that want to rely entirely on Software-as-a-Service deployment in the cloud to be as flexible as possible. Unlike the cloud-hosted version, you do not have to manage the software updates for this one.

[1] Source: Gartner “Defining Cloud Web Application and API Protection Services”. Updated May 20, 2020, published February 26, 2019