The integration of a Web Application Firewall (WAF) solution with the Limelight Content Delivery Network (CDN) is the perfect combination to combat the sophistication of today’s attacks, providing a protective shield around your security perimeter. Leveraging our cloud-based network resources delivers cost effective protection for your web applications without a performance penalty.
The WAF provides powerful defenses against HTTP application layer threats through a variety of compelling capabilities:
Limelight’s globally distributed network of data centers provides low latency proximity to WAF nodes for a performance optimized solution.
All traffic flows through the WAFs network prior to hitting the origin servers.
Algorithms test the capabilities of browsers to ensure they have the capabilities of real web browsers to detect bot activity.
Traffic is filtered according to rules from the Open Web Application Security Project (OWASP) most critical security risks.
A set of application specific rules that cover vulnerabilities on a per web application basis can be deployed. In addition, custom developed rules on a per web application basis can be deployed.
Automatic update from threat intelligence sources and new threat analysis, with new security rules pushed out to all WAF nodes.
A high level view of blocking and alerting activity for a given web application. Widgets provide deep dives into a specific IP or rule set to understand potential vulnerabilities.
Drilling down from high level alerts and metrics.
IP whitelisting/blacklisting and geolocation access rules.
View vulnerability data from a high level perspective.
Organizations with Security Information and Event Management (SIEM) systems can make WAF logged events available to SIEM systems.
Web application security is already a critical area for organizations of all sizes. Retail and financial sectors suffer the most from web app attacks, and over the past year there has been a significant increase in attack incidents, with web sites containing consumer data being the target of 60% of attacks. Security budgets are not keeping up with the growing risk of cyber breaches. The cost and complexity of preventing and responding to attacks is on the rise, so only a comprehensive suite of global cloud-based security services, rather than on-premise equipment, allows you to keep abreast of the latest threats and preventive mitigation measures without adding latency to the delivery experience.
WAF nodes are located between origin servers and the Limelight CDN, which does the heavy work of content caching, web acceleration, and delivery of static content. Web app attacks are dynamic, so this is the only traffic the CDN forwards to the WAF nodes. This minimizes the performance impact of WAF protection, and locks down IP traffic, as the WAF only accepts traffic from the CDN. The WAF detects attacks by filtering traffic according to rules from the Open Web Application Security Project (OWASP) ten most critical application security risks. In addition, a security operations center monitors dark Internet blogs and industry bulletin boards for new threats. When a new vulnerability is identified, a new security rule is created and pushed to all WAF nodes. Even “zero-day” attacks can be closed prior to app vendor patches. The scalable cloud-based architecture results in a low total cost of protection of WAF services.
Limelight WAF protection gives you the following benefits:
Highly scalable globally distributed infrastructure and OWASP filter rules protect web apps from attack.
Cloud-based architecture distributes detection across the globe for high efficiency.
WAF nodes only accept traffic from the CDN, so only see the dynamic traffic that potentially contains attacks.
Comprehensive activity dashboards expose underlying threats and potential vulnerabilities, along with daily intelligence from dark Internet blogs.