Web application firewall (WAF)

A web application firewall (WAF) helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

While AWS provides a data center and network architecture built to meet the requirements of the most security-sensitive organizations, you are responsible for securing services built on this infrastructure, notably network traffic from remote networks.

WAFs secure the application layer by protecting web-facing applications from automated and targeted attacks. Securing applications against these exploits helps ensure application availability and minimizes the risk of an attacker using your application as an entry point into your entire system.

Web application firewall (WAF)

Solutions

F5 Networks

By implementing F5 Web Application Firewall (WAF) between your applications and the end users, you can decrypt and inspect all traffic before it enters the network or reaches the server in the cloud. The WAF will then use advanced detection and mitigation techniques to prevent customer data from being accessed, manipulated, or stolen.

F5 WAF provides advanced layer 7 (L7) security, protecting against L7 Denial of Service (DoS) attacks, malicious bot traffic, Open Web application Security Project (OWASP) Top 10 threats, and much more. F5 WAF helps you meet your security responsibility, with near real-time updates that maintain parity between data on-premises and in the cloud.

  • Compliance: F5 WAF helps ensure compliance with all major regulatory standards, including the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and accountability Act (HIPAA), and Federal Financial Institutions Examination Council (FFIEC).
  • Automated learning: Using automatic learning capabilities, dynamic profiling, unique anomaly detection methods, and risk-based policies, BIG-IP Application Security Manager (ASM) can impose additional policies to prevent the most sophisticated attacks from reaching applications.
  • Dynamic reporting: BIG-IP ASM provides reporting capabilities that allow you to easily analyze incoming requests, track trends in violations, generate security reports, evaluate possible attacks, and make informed security decisions.

Here’s an architectural view of a typical F5 WAF deployment on AWS:

F5 Networks
Interested in learning more?
Interested in learning more?