The integration of a Web Application Firewall (WAF) solution with the Limelight Orchestrate Platform’s global reach via the Content Delivery Network (CDN), is the perfect combination to combat the sophistication of today’s attacks, providing a protective shield around your security perimeter. Leveraging our cloud-based network resources delivers cost effective protection for your web applications without a performance penalty.
Web application security is already a critical area for organizations of all sizes. Retail and financial sectors suffer the most from web app attacks, and over the past year there has been a significant increase in attack incidents, increasingly from malicious bots, with web sites containing consumer data being the target of 60% of attacks. Security budgets are not keeping up with the growing risk of cyber breaches. The cost and complexity of preventing and responding to attacks is on the rise, so only a comprehensive suite of global cloud-based security services, rather than on-premise equipment, allows you to keep abreast of the latest threats and preventive mitigation measures without adding latency to the delivery experience.
WAF nodes are located between origin servers and the Limelight CDN, which does the heavy work of content caching, web acceleration, and delivery of static content. Web app attacks are dynamic, so this is the only traffic the CDN forwards to the WAF nodes. This minimizes the performance impact of WAF protection, and locks down IP traffic, as the WAF only accepts traffic from the CDN. The WAF detects attacks by filtering traffic according to rules from the Open Web Application Security Project (OWASP) ten most critical application security risks, and the bot manager eliminates malicious bot traffic while managing legitimate bot traffic. In addition, a security operations center monitors dark Internet blogs and industry bulletin boards for new threats. When a new vulnerability is identified, a new security rule is created and pushed to all WAF nodes. Even “zero-day” attacks can be closed prior to app vendor patches. The scalable cloud-based architecture uses the Limelight Orchestrate Platform’s massive global private infrastructure, and results in a low total cost of protection of WAF services.
The WAF provides powerful defenses against HTTP application layer threats through a variety of compelling capabilities:
Limelight’s globally distributed network of data centers provides low latency proximity to WAF nodes for a performance optimized solution.
All traffic flows through the WAFs network prior to hitting the origin servers.
Incoming requests for content are challenged and finger-printed to determine if generated by bot/script or human user.
Control the maximum number of requests per second from a single IP address.
Protect websites against bots and scripts by requiring human logic.
Traffic is filtered according to rules from the Open Web Application Security Project (OWASP) Top 10 most critical security risks.
A set of application specific rules that cover vulnerabilities on a per web application basis can be deployed. In addition, custom developed rules on a per web application basis can be deployed.
Automatic update from threat intelligence sources and new threat analysis, with new security rules pushed out to all WAF nodes.
Provides a high level view of blocking and alerting activity for a given web application. Widgets provide deep dives into a specific IP or rule set to understand potential vulnerabilities.
Drill downs from high level alerts and metrics.
IP whitelisting/blacklisting and geolocation access rules, browser type, and URL being accessed.
View vulnerability data from a high level perspective.
Allows customers to easily turn specific WAF features on or off, and easily view important data related to the WAF.
Multiple defenses deployed to protect web applications including good bot/bad bot detection, IP rate limiting, IP access control, and CAPTCHA challenges.
Dashboards in control displays WAF rules state, requests alerted, and request handling.
Daily threat intelligence monitoring, vulnerability and threat analysis, full threat simulation and regression testing.
Organizations with Security Information and Event Management (SIEM) systems can make WAF logged events available to SIEM systems.
Limelight security experts assist in the setup and confi guration of the WAF and its associated rules.
Limelight WAF protection gives you the following benefits:
Highly scalable globally distributed infrastructure and OWASP filter rules protect web apps from attack.
Cloud-based architecture distributes detection across the globe for high efficiency.
Security breaches have a lasting impact on brand reputation, with more than 40% of consumers saying they will no longer make online transactions with a web site that has been previously breached. Protect your brand reputation by strengthening web application security, by identifying and eliminating bad bots, and protecting customer data from intrusion.
CWAF nodes only accept traffic from the CDN, so only see the dynamic traffic that potentially contains attacks.
Comprehensive activity dashboards expose underlying threats and potential vulnerabilities, along with daily intelligence from dark Internet blogs.