Business Driver: Radware Cloud Web Application Firewall – WAF

As our Cloud computing dependence grows so too does our reliance upon “always-on” Software as a Service” (SaaS) offerings from vendors. Protecting the interface between user and application within the Cloud poses risks for organisations with sensitive data or a critical reliance upon SaaS service providers, particularly e-commerce. Protecting revenue streams and service availability is a vital piece of a robust business continuity plan. For demanding environments where outages are measured in thousands of dollars per minute, implementing WAF systems is a high-value mitigation investment.

Radware Cloud: WAF Product Overview

Web applications have become more complex and sophisticated through necessity. Users demand new features and management expect a proportional increase in employee productivity. Downtime and system outages are intolerable because of reputational damage or revenue losses. Radware’s Cloud products provide comprehensive mitigation measure that protect organisations from Web bound threats.

 

Value Proposition:  Radware Web Application Firewall WAF

Complex web infrastructure increases an organisation’s digital surface area and potential risk exposure. It isn’t just the big threats WAF’s protect against but also the smallest vulnerabilities that can cascade into major outages and critical breaches. The WAF is an added layer of security that makes the task of an attacker reaching the treasure just that much more difficult.

Radware WAF protection against web-based threats;

Login and Authentication

Brute force attackers who try break in via login screens

Cookie Poisoning

Modifying web session cookies (ID files) for the purpose of identity theft or session hijacking

Distributed Denial of Service (DDOS)

Prevent behavioural or network DDOS attacks

Data Leakage Prevention

Unauthorised removal of Tax File, Credit Card Numbers or unique identifiers

All known threats that can cause reputational damage, identity theft or user downtime. Always present and just waiting for the perfect opportunity to compromise your organisation’s security.

OWASP: Top 10 Web Application Security Risks

By using the Open Web Application Security Project (OWASP) “Top 10 Web Application Security Risks” as a baseline, businesses and government can mitigate known risks and budget for further protection if needed;

  • Injection: Hostile code is injected into operating systems and databases to gain unauthorised access to confidential data. i.e. SQL, NoSQL, LDAP 
  • Broken Authentication: Misconfigured authentication and session functions allow attackers to compromise passwords, keys or session tokens
  • Exposure of sensitive data:Unprotected cardholder, financial or healthcare data is not protected sufficiently leading to data exposure
  • XML External Entities XXE: External entities can disclose sensitive files, file shares and implement port scanning, remote code execution and denial of service attacks
  • Access Control Failures: Access controls are compromised permitting unauthorised access to resources
  • Misconfiguration: Caused by insecure default configurations, misconfigured OS, headers etc
  • Cross Site Scripting XSS: XSS allows rogue entities to execute scripts in browsers that can hijack sessions, deface websites or redirect users to malicious websites
  • Insecure Deserialisation: This enables remote code execution – replay, injection and privilege escalation attacks
  • Using Vulnerable Components: Libraries, frameworks and software modules operate with heightened privilege that enable a breach
  • Poor Logging and Monitoring Processes: Tracking and logging incidents is negated thanks to poor safeguards that enable data tampering, added attacks or destruction of data
  •  

 

 

Links and Resources