Professional Security Services for AWS
AWS Web Application Firewall (WAF)
AWS WAF is a managed web application firewall service that helps protect web applications at the application level from common web threats.
Here's how it works: Individually configurable rules can be used to control access to web content. Requests can be specifically allowed, blocked or monitored. Common attack patterns such as SQL injection or cross-site scripting can be blocked directly, while other rules specifically filter out defined traffic patterns.
AWS WAF thus provides the first defense for AWS CloudFront, Application Load Balancer or Amazon API Gateway.
AWS WAF is tightly integrated with Amazon CloudFront, Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync. These services are commonly used to deliver content to websites and applications.
AWS WAF in use with Amazon CloudFront:
In this construct, the defined rules are executed at all AWS Edge locations worldwide that are close to the end users. This way, security does not come at the expense of performance. Blocked requests are caught before they reach the web server.
AWS WAF with regional services, such as Application Load Balancer, Amazon API Gateway, and AWS AppSync:
Here, the rules run in the respective region and can be used to protect Internet resources and internal resources.
Here's how AWS WAF works:
source: Amazon Web Services
The advantages of AWS WAF at a glance
Fast and flexible protection
Rolling out and updating AWS WAF rules takes less than a minute. In dangerous situations, this can quickly update the security of the entire environment. WAF supports a variety of rules that can inspect any part of the web request with minimal latency impact on incoming traffic. The rules can be defined individually and filter all parts of the web request, such as IP addresses, HTTP headers, HTTP body or URI strings. In this way, common attack patterns such as SQL injection or cross-site scripting can be blocked.
Individuality through configurable rules
Managed Rules for AWS WAF can be used to protect web application or APIs against common threats. You can choose from a variety of available rules, including those that address issues such as the Open Web Application Security Project's (OWASP) top 10 security risks, specific threats to content management systems (CMS), or new common vulnerabilities and exposures (CVE). Managed rules are automatically updated as new issues emerge.
Transparency and visibility
AWS WAF provides near real-time visibility into web traffic. With this knowledge, new rules or alerts can be created in Amazon CloudWatch. In addition, AWS WAF provides comprehensive logging by capturing the full header data of each web request examined for use in security automation, analytics, or audits.
Easy deployment and maintenance
AWS WAF is easy to deploy and protects applications deployed on either Amazon CloudFront as part of a CDN solution, the Application Load Balancer that pre-provision all your origin servers, or the Amazon API Gateway for APIs. No additional software provisioning, DNS configuration, SSL/TLS certificate management, or reverse proxy setup is required. With AWS Firewall Manager integration, rules can be centrally defined and managed and reused for all web applications to be protected.
Cost effective protection
With AWS WAF, you only get charged for what you actually use. AWS WAF offers a customizable self-service offering. Pricing is based on how many rules are deployed and how many web requests the web application receives. AWS WAF has no minimum fees and no upfront commitments.
DevOps style security
Each feature in AWS WAF can be configured using either the AWS WAF API or the AWS Management Console. This allows DevOps teams to define application-specific rules that increase web security during application development. In this way, web security can start at multiple points in the development process chain, for example, starting with the developer who writes the initial code, to the DevOps engineer who deploys the software, to the security administrators who enforce a set of rules across the enterprise.
We implement AWS WAF for you!
AWS WAF gets implemented by the experts of the Arvato Systems AWS Business Group according to proven and common best practices. This includes implementing a set of firewall rules that are configured on every AWS WAF. To best protect your data, we base the rules on the following four aspects:
- Technology Rules - protection of the software products used
- General Rules - defense against known OWSAP10 attacks
- Network Rules - blocking known IP addresses
- Custom Rules - protection of administration areas against unauthorized users
Implementing AWS WAF is especially useful for you if you have, for example, an online store environment, website-oriented application or critical online presence.