BLOG

Conquer Your Cloud Security Concerns with F5 Advanced WAF on AWS and Azure

Tom Atkins Thumbnail
Tom Atkins
Published July 10, 2018

Despite the continual platform enhancements being made to tighten the security posture of cloud platforms, you’d be hard-pressed to find somebody that was completely void of any security related concerns. This is primarily down to the fact that web application attacks are currently the single most prevalent threat to an organization's IT security in both the cloud and on-premises, with around 53% of breaches over the last decade initially targeting web apps. Traditionally, on-premises security strategies are often centered around controlling access to applications by locking down the network, resulting in heavy reliance on network firewalls to mitigate attacks at the network layer.

Public cloud adoption has thrown a spanner in the works of this approach however, and has required a significant change in strategy, forcing many to migrate from network-centric security solutions and policies to a predominantly application-centric security model. This switch-up is represented by the implementation of the shared security responsibility model, which places the onus for the application layer security on the customer, and not the cloud provider. In fact, through 2022, Gartner expects that at least 95% of cloud security incidents will arise through fault of the customer; exemplifying the importance of developing a strong cloud security posture ahead of time.

Application security is not something that’s to be taken lightly either, as cybercriminals constantly evolve attack methods and exploit vulnerabilities to find new ways to gain access to, or impact the performance of, apps. In addition to the more typical, well documented attack vectors that have pestered security professionals for years (think cross-site scripting, injection etc.), more innovative and sophisticated mechanisms are being used to threaten apps and their data nowadays – ranging from malware and bot related attacks, right through to resource-crippling DoS attacks. It’s these more advanced threats that make implementing the most advanced application security solution on the market a necessity, rather than a luxury, when protecting public cloud apps. Subsequently, F5 is pleased to announce that the industry’s most comprehensive WAF solution, F5’s Advanced WAF, is now available to protect both AWS- and Azure-hosted applications from attackers.

Deployable direct from each clouds respective marketplace, the virtualized Advanced WAF goes beyond the capabilities of traditional WAF solutions, combating additional threats in the ever evolving security landscape. At its core, these additional features include:

  • Layer 7 Behavioral DoS Detection & Mitigation – Advanced WAF discovers and fingerprints new and unusual traffic patterns without human intervention; allowing for the almost instantaneous blocking of potentially malicious traffic. Real-time status is fed back to a mitigation engine, where signatures are automatically built, deployed and analyzed to reduce false positives and enable a hands-off automated protection cycle that is continually optimized and refined.
     
  • Credential Protection – Dynamically protects against client-side credential attacks such as keyloggers and other types of malware by leveraging F5 DataSafe technology to encrypt data as it is entered into web forms, all without the use of additional agents or software on endpoints. In addition to credential theft protection, Advanced WAF defends against automated attacks that use previously stolen credentials with Brute Force Mitigation, which includes Credential Stuffing protection.
     
  • Proactive Bot Defense – By utilizing cutting edge fingerprinting and challenge/response techniques in conjunction with other behavioral analysis, this allows session-level detection and blocking of automated threats.
     
  • Anti-Bot Mobile SDK Integration – Techniques used by proactive bot defense work to identify legitimate browsers, but do not work for mobile apps and browsers. By seamlessly integrating the F5 Anti-Bot Mobile SDK with your applications using Appdome, organizations can now counter sophisticated bot attacks on mobile API endpoints.

Built from the same base code as Advanced WAF hardware, these virtual editions are able to deliver complete feature parity across on-premises and multi-cloud deployments, enabling the seamless migration of security policies between environments. This is imperative for organizations with any uncertainty over their cloud strategy, as it permits fast relocation of applications across cloud platforms at any time, all while being supported by the same advanced security services. And while not yet currently available, F5 is working to support Advanced WAF across its full portfolio of AWS CloudFormation & Azure Resource Manager templates. Using these templates, the deployment procedure on both AWS and Azure will be greatly accelerated by enabling users to reliably and autonomously spin up Advanced WAF instances across a plethora of different architectures.

Within the AWS and Azure marketplaces, Advanced WAF is available across a wide variety of cloud-friendly licensing options. Tailored to meet specific business requirements, the Advanced WAF can be licensed via Bring-Your-Own-License options (supporting Perpetual, Subscription and Enterprise Licensing Agreement) or on a Pay-as-You-Go basis, with either option supporting either 25Mbps, 200Mbps, or 1Gbps throughput instances.

For more information regarding F5’s Advanced WAF, check out the datasheet, or visit the AWS and Azure Marketplace listings directly.

Supporting Resources