WAF with managed rules
Protect your applications using AWS WAF
AWS WAF is integrated with Application Load Balancers, API Gateways, AWS CloudFront distributions and more, making it easy to deploy.
In few minutes by enabling AWS-managed rules you can gain protection against the most frequent and critical attacks (OWASP Top 10), as well as block disreputable IPs (such as Botnet IPs and attacker IPs). You can choose which managed rule packages to activate, depending on the load you want to protect, and select whether you only want to count, or block requests.
Additionally, you can use rules from our business partners such as F5, Fortinet, Cyber Security Cloud, among others to supplement AWS WAF rules by purchasing monthly subscriptions from AWS Marketplace. When they are used by AWS WAF, the ease of deployment and management is mantained (it being a service that scales elastically).
In later phases, depending on the particular requirements of the applications to protect, you will be able to evaluate additional options to secure your applications with multiple technologies from our partners, however, the Quick win to gain application protection quickly, is the use of AWS WAF.
WAF from our partners
There are multiple solutions available from our partners to protect your cloud applications, such as Imperva , F5 and Fortinet .
AWS WAF is a QuickWin because it can be implemented in minutes, its pay-per-use model makes it a low cost service for most use cases, and it has low operating burden. But in a later Phase it is recommended to analyze whether your use case fits AWS WAF capabilities or if you require a third-party solution.
See WAF with Custom Rules for more information on 3rd party solutions.
Workshops
How to check
- AWS Security Hub security standards:
- AWS Firewall Manager
- AWS Firewall manager not only allows you to check, but also allows you to enforce a policy across multiple resources in the region. Remember to create a rule for “Global” resources (cloudfront), and a rule per region you’re using for regional resources such as ALBs and API Gateways.
Risk Mitigation
- Many web applications require to be exposed to provide services, therefore vulnerabilities on the applications or on the underlaying middleware to serve the web application are accessible by adversaries.
- While secure code practices are essencial to prevent outside parties from tampering with the application, since most development teams are not experts in security, or do not have time to prioritize secure code practices, a WAF can be extremely useful to block the exploitation of vulnerabilities.
Guidance for assessments
- Is a WAF protecting all your applications ? which one ? how is it deployed ?
- Have you deployed AWS WAF consistently across all applications in the organization ?
- Are you using AWS Firewall Manager to ensure a default WebACL is defined for all Cloudfront distributions, Application Load balancers and API gateways?
- Are the rules configured in Block? (or only count?)
- Which managed rules are active ?