Web Application Firewall(WAF) Solutions for Applications in AWS Cloud
Following on the previous post about Vulnerability Assessment and Penetration Testing Solutions (VAPT) for AWS Cloud, let's discuss about Web Application Firewall (WAF) solutions in this post.
In today's world, web applications are the primary targets for security loopholes and attackers compromising business data. You can learn more about OWASP TOP 10 list to understand common web attacks and application compromise patterns.
Image Source
Just like network and server firewalls for better protection, we recommend deploying Web Application Firewall (WAF) solutions for protecting applications from common web attacks. We believe that WAF is an important element to achieve total application security and it is the most critical component.
This post sums up various options including traditional enterprise vendors and SaaS providers with cloud based solutions. These solutions are PCI-DSS compliant and Minjar team has used all of them. Here are our recommendations:
InCapsula - This is a cloud based WAF as a Service offering from Imperva. We have used and deployed this solution for variety of applications. Their pricing is per domain based and starts at $49 per month for WAF protection. It includes protection for known web attacks, bots and black listing IPs based on usage behaviour etc. It's very easy to get started unless you have some data privacy or compliance issues, you can deploy this solution. They support custom WAF rules in enterprise plan.
Reblaze - This Israel company offers both SaaS and hosted WAF solution for protecting web applications from known attack patterns. It includes bot and malicious traffic protection. This is a a good solution if you want to deploy WAF in your AWS Cloud. They also provide a great UI and reporting features. We use Reblaze for some of our applications.
IndusFace WAF - Like Reblaze they offer both SaaS and hosted WAF for protecting applications on AWS. The interesting aspect is enterprise plans include support for managed WAF security and custom security rules with tuning. They also offer web application VAPT service for vulnerabilities detection.
Enterprise Vendors (F5 and NetScaler) - Traditional vendors like Big-IP F5 and Citrix NetScaler also offer WAF for protecting applications. Both of these solutions can be hosted in AWS Cloud and available from MarketPlace.
All these solutions provide reports and insights on traffic patterns, identified attacks and blocked sources etc. You can use most of these solutions in passive or active mode to either just detect/alert the attacks or block them.
We strongly recommend businesses to protect their web workloads in AWS Cloud using one of these WAF solutions. If you are looking for a guidance or need help, please reach out to us.
