RADWARE

Business Driver: Radware Cloud Web Application Firewall – WAF

 

As our Cloud computing dependence grows so too does our reliance upon “always-on” Software as a Service” (SaaS) offerings from vendors. Protecting the interface between user and application within the Cloud poses risks for organisations with sensitive data or a critical reliance upon SaaS service providers, particularly e-commerce. Protecting revenue streams and service availability is a vital piece of a robust business continuity plan. For demanding environments where outages are measured in thousands of dollars per minute, implementing WAF systems is a high-value mitigation investment.

 

Radware Cloud: WAF Product Overview

 

Web applications have become more complex and sophisticated through necessity. Users demand new features and management expect a proportional increase in employee productivity. Downtime and system outages are intolerable because of reputational damage or revenue losses. Radware’s Cloud products provide comprehensive mitigation measure that protect organisations from Web bound threats.

Links and Resources

Value Proposition: Radware Web Application Firewall WAF

 

Complex web infrastructure increases an organisation’s digital surface area and potential risk exposure. It isn’t just the big threats WAF’s protect against but also the smallest vulnerabilities that can cascade into major outages and critical breaches. The WAF is an added layer of security that makes the task of an attacker reaching the treasure just that much more difficult.

 

Radware WAF protection against web-based threats;

 

 

Login and Authentication

 

Brute force attackers who try break in via login screens

 

Cookie Poisoning

 

Modifying web session cookies (ID files) for the purpose of identity theft or session hijacking

 

Monitoring

 

Block surveillance or data interception attempts

 

Distributed Denial of Service (DDOS)

 

Prevent behavioural or network DDOS attacks

Data Leakage Prevention

 

Unauthorised removal of Tax File, Credit Card Numbers or unique identifiers

 

All known threats that can cause reputational damage, identity theft or user downtime. Always present and just waiting for the perfect opportunity to compromise your organisation’s security.

OWASP: Top 10 Web Application Security Risks

 

By using the Open Web Application Security Project (OWASP) “Top 10 Web Application Security Risks” as a baseline, businesses and government can mitigate known risks and budget for further protection if needed;

 

Injection: Hostile code is injected into operating systems and databases to gain unauthorised access to confidential data. i.e. SQL, NoSQL, LDAP
Broken Authentication: Misconfigured authentication and session functions allow attackers to compromise passwords, keys or session tokens
Exposure of sensitive data:Unprotected cardholder, financial or healthcare data is not protected sufficiently leading to data exposure
XML External Entities XXE: External entities can disclose sensitive files, file shares and implement port scanning, remote code execution and denial of service attacks
Access Control Failures: Access controls are compromised permitting unauthorised access to resources
Misconfiguration: Caused by insecure default configurations, misconfigured OS, headers etc
Cross Site Scripting XSS: XSS allows rogue entities to execute scripts in browsers that can hijack sessions, deface websites or redirect users to malicious websites
Insecure Deserialisation: This enables remote code execution – replay, injection and privilege escalation attacks
Using Vulnerable Components: Libraries, frameworks and software modules operate with heightened privilege that enable a breach
Poor Logging and Monitoring Processes: Tracking and logging incidents is negated thanks to poor safeguards that enable data tampering, added attacks or destruction of data