F5 Distributed Cloud WAAP - Introducing the Distributed Cloud Web Application Firewall
As the applications move to the Cloud at an increasing speed, the WAAP market also shifts towards an as-a-service model and Distributed Cloud WAAP is F5's answer to this new market demand. WAAP or "Web Application and API Protection" is a term coined by Gartner, covering a range of technologies that were previously thought of as separate products: WAF, API Security, Bot Protection and DDoS Mitigation.
F5 Distributed Cloud WAAP is built on top of Volterra's distributed cloud architecture, fusing together technologies such as F5's WAF and Shape's Bot Defense, augmented with AI/ML-enabled API security and DDoS Mitigation modules. The distributed cloud architecture enables these technologies to protect applications deployed anywhere on the Internet: on-prem, in public or private Clouds.
In this series of articles, we will introduce the main technologies of the Distributed Cloud WAAP, starting with the Web Application Firewall.
First, it's worth noting that the Distributed Cloud WAAP shares its WAF engine with BIG-IP Advanced WAF and NGINX App Protect WAF. As such, it comes out-of-the-box with a comprehensive suite of WAF features ready to defend the protected applications against the most advanced threats found in the wild.
We will demonstrate this with the help of the video below, showing the ease of configuration and the power of Distributed Cloud WAF in warding off some of the most serious vulnerabilities in recent history: Log4Shell and MOVEit.
Log4Shell is a vulnerability discovered in Apache's Log4j library that allows an attacker to download and run code from a server under its control, taking control of the target server. Since Log4j is a very commonly used library in Java applications, the attack surface of Log4Shell was vast, with the number of vulnerable applications being in the order of millions.
MOVEit is a vulnerability that allows attachers to execute SQL Injection attacks against vulnerable instances. While at the time this article was written the true extent of its impact is still unknown, most affected instances to date appear to be located in the US and range from government institutions, large enterprises, colleges/universities and financial institutions.
Both Log4Shell and MOVEit vulnerabilities can be mitigated very easily by enabling the default policy of the Distributed Cloud WAF with no other special configuration needed, as we will see in the demos below.
As you could see, protecting an application with F5 Distributed Cloud WAF can be achieved by simply applying the WAF policy on the LoadBalancer front-ending your application, wherever it might be hosted, and the default settings are enough for the WAF policy to mitigate advanced attacks such as Log4Shell.
The timely signatures updates and Threat Campaigns feature ensure the WAF engine is up-to-date with the latest vulnerabilities, allowing for very low maintenance overhead and thus very simple self-service operation.
In the next instalment of this series, we will introduce the Distributed Cloud API Security component.
For further information or to get started: