Web applications have become a preferred target of online attacks in recent years, and many companies do not have the necessary solutions to ensure protection. In order to eliminate the associated security risks, Datanet Systems recommends using the F5 Advanced Web Application Firewall (WAF) solution, an application that stands out for its unique functionality and superior level of customization.

In the new digital economy, web applications are becoming a common target of cyber-attacks, and many companies are not prepared to face this type of challenge. According to the  2020 Data Breach Investigations Report, 43% of the security breaches faced by companies were caused by web applications. The IT industry has responded to this type of risk by developing Web Application Firewall (WAF) solutions, which are experiencing a growing demand. According to Allied Market Research estimations, the WAF market will grow almost 3.5 times by 2023

In terms of the risks covered, the solutions for the protection of web applications act in a complementary way to the other firewall equipment used by companies. Thus, a standard WAF solution ensures the protection of web applications at “Layer 7” level by:

  • Filtering, monitoring, and blocking malicious traffic;
  • Blocking the exit of unauthorized data from applications;
  • Identifying web application vulnerabilities.

Comparing with the network firewalls, which operate at Layer 3 and 4, that do not inspect web-generated traffic to determine if it is malicious or not. In turn, the Next-Generation Firewall (NGFW) type solutions rely on passive filtering and do not examine every HTTP request.

 

Extensive protection with F5  Advanced WAF

From a wide range of WAF market offers, Datanet Systems specialists recommend the FSA Advanced WAF solution, ICSA certified, the selection is based on the confirmed performance of the solution and its competitive advantages.  Advanced WAF is the successor of BIG-IP ASM,  which is no longer available starting April 2021, F5 announcing that the free migration from one solution to another – more details to be found in this tutorial. F5 is a constant presence in the top web application protection tools developers, such as „2020 Magic Quadrant for Web Application Firewalls“, being the WAF solution implemented in most data centers. F5 Advanced WAF enables companies to detect and fix:

  • XSS attacks (Cross-Site Scripting)
  • SQL injections (Structured Query Language)
  • Brute force type attacks
  • Web scraping attempts
  • DoS and DDoS attacks
  • Encrypted attacks (SSL).

The solution prevents fraudulent transactions, stops hijacking sessions, detects and blocks API attacks – which are not usually detected by traditional firewalls – and acts as the first line of defense for web applications against threats included OWASP Top 10. Additionally, Advanced WAF ensures the security of interactive web applications that use modern development methodologies, such as AJAX widgets, JSON payloads, or Google Web Toolkit.

 

The competitive advantages of F5 solution

In order to cover this broad spectrum of threats, Advanced WAF comes with a high number of competitive advantages. Among them, the pre-installed base of over 4,500 attack signatures, continuously updated by F5 specialists, that allows the WAF solution to automatically identify and signal new threats, ensuring a higher level of protection. Signatures can be used by companies also to create their own security rules. Customers have several ways to do so, including automated ones, through which they can determine the types of attack signatures used, secure IP addresses, learning mechanisms, and response. Once an automated policy has been set, the solution learns on its own the behavior of the application for which it is configured and automatically adapts the established rules, the process needing one to two weeks for the WAF application to analyze a relevant volume of traffic.

In order to be as quickly as possible implemented, the F5 solution also comes with a series of preset policies for various standard applications in the enterprise environment, such as Microsoft Outlook Web Access, SharePoint, Exchange, Oracle Portal, Oracle Application, Lotus Domino, etc.

Another competitive advantage of the Advanced WAF solution is the IP Address Intelligence type functionality – which uses reputable IP address analysis services, such as Webroot, cwhich contains over 230 million IP addresses and is automatically updated every 5 minutes.

To extend protection, the F5 solution combines IP address monitoring with geolocation functionality, which allows companies to define specific rules for detailed geographic regions. In addition, Advanced WAF integrates end-user session analysis and tracking functionalities, the WAF solution being able to detect abnormal behaviors and allow the blocking of end-users that generate them. On the other hand, by using JavaScript “injections”, the WAF application can detect if a human client or a bot is behind an access request and can distinguish between a legitimate and a malicious one. The F5 Advanced WAF solution ensures compliance through Payment Card Industry Data Security Standard (PCI DSS), HIPAA, Basel II, and SOX and integrates DataGuard functionality that automatically blocks displaying sensitive data.

At the same time, this is the first WAF solution to support the transition from AJAX / HTTP to WebSockets, providing companies with better visibility on traffic and the ability to improve data protection through feed streaming or chat sessions.

With the transition from BIG-IP ASM, the Advance WAF solution brought a number of additional and / or extended functionalities, such as:

  • Configuration guides which simplify the effort in creating configurations for different standard scenarios (such as Web Apps, OWASP top 10, API Protection, DoS and Bot Protection).
  • Behavioral DoS (BaDoS) that provides automatic protection against DoS attacks by analyzing traffic between clients and application servers, using Machine Learning algorithms to define traffic profiles at L7, 3 and 4 levels (Advanced WAF eliminates BIG-IP ASM’s limitation of being available only for two virtual servers.)
  • OWASP Compliance Dashboard that provides detailed information on the protection level provided by Advanced WAF against the 10 most critical security risks.
  • Threat Campaigns that provide an extensive list of attack signatures (including Bot Signature updates), with a low false positive rate, constantly being updated by the F5 Security Research Team (SRT).
  • Full ADC features – Advanced WAF offers all the Application Delivery Controller (ADC) features needed to deliver and protect web applications (unlike BIG-IP ASM which provides access to a limited subset, requiring the purchase of an additional Local Traffic Manager license).

Services provided by Datanet Systems

An important advantage of the F5 Advanced WAF solution for Web applications protection is the availability of both physical equipment and virtual solution or as a managed service. Datanet Systems can provide to interested companies comprehensive consulting services to establish the suitable version, including the implementation, configuration, and support, as well as training for IT departments.

At the same time, Datanet specialists can ensure specific services for integrating the WAF F5 solution within the development flow of on-premises web applications, so that organizations benefit from the guarantee that software updates will not generate vulnerabilities or other security risks. Advanced WAF can be integrated both in on-premises infrastructures, as well as in hybrid and multi-cloud environments, the integration in the micro-services development process offering the guarantee that no vulnerabilities are introduced at the code level.

Also, in the context of expanding the adoption of the hybrid work regime, another area of ​​interest is the use of the F5 solution together with applications on mobile devices, which, by natively integrating geolocation and camera/video capabilities, can become an attack vector.

Datanet specialists can also provide support services for companies that want to create their own custom rules. For this type of configuration, companies may be able to use the traffic information they have, but also that obtained by integrating with various external security scanners, such as WhiteHat Sentinel, QualysGuard, IBM AppScan, Cenzic Hailstorm, etc. At the same time, the Datanet team can ensure the integration of the F5 Advanced WAF solution with a wide range of vulnerability scanning applications (Dynamic application security testing type – DAST). Thus, companies can quickly identify vulnerabilities in web applications and apply specific security policies for certain locations, providing protection until the necessary patches are applied.

For more technical and commercial information on the F5 Advanced WAF solution for web application protection and services delivered by Datanet Systems, please contact us at sales@datanets.ro .