F5 WAF on AWS – innovative solutions to secure web applications
Application technologies are evolving at a speed rate like never seen before. Developers create innovative, robust application solutions to attract clients and users. However, cyber-attackers are developing ways to exploit vulnerabilities in application libraries, frameworks or even the code itself. Statistics speak volumes for themselves, in 2014, over a billion personal and sensitive records were compromised, business reputation suffered. You ask yourself a question; how do you continue to push the boundaries of application innovation while protecting corporate and client data?
To have an advantage in this battle, we need to deploy more sophisticated defences like F5 WAF to protect end-points; Web Server farms, and subsequently applications, and databases.
Client
Environment
Objective
Our client wanted to host a sensitive application in AWS Cloud environment. Even though standard security measures were in scope for the deployment a concern was that it may not provide sufficient protection for sophisticated cyber-attacks. After some discussions, looking at different vendors solutions, F5 WAF was chosen to protect the environment from Layer 7 -> Application Layer.
The environment consisted of a number of a hardened farm of Web-Servers, a layer of application instances and database in high-availability mode.
What was done
By implementing F5 Web Application Firewall (WAF), we added a stronger layer of defence between attackers and end-data. A WAF monitors all HTTP requests and responses at the application layer (highest layer). By inspecting and evaluating the traffic in the context of individual user sessions, a WAF can detect and block in real-time Application-Layer cyber-attacks that often slip past other less advanced defences.
Centralised Logging and Monitoring has been enabled for Network traffic, API calls, Server, Application, Database – all logs were searchable by ElasticSearch. Additionally, a Lambda script was deployed within VPC and for WAF to identify and block unwanted traffic.
Achievement
The solution has been deployed into the Test and Development environment to conduct extensive testing, including penetration tests. These were completed successfully, only then we created an infrastructure in the Production environment. The following has been achieved:
- Provides defence against OWASP top 10 threats, application vulnerabilities and zero-day attacks
- Detects sophisticated attacks before they reach end-application, database
- Integrated with AWS logging and monitoring delivers deep statistics and analytics
- Deployment has been automated to avoid human errors