Maintaining a resilient security posture is an ongoing effort for every organization. As reports of…
Today we are proud to announce the launch of the new Signal Sciences Cloud Web Application Firewall (WAF) deployment option for our award-winning WAF and RASP solution. As the fastest growing web application security company in the world, we know organizations must quickly detect and stop web application layer attacks wherever their apps, APIs, or microservices operate—whether that be in the cloud, serverless instances, containers, on-premise, or a hybrid of these. With our Cloud WAF offering, you can now easily protect all of your web apps with patented Signal Sciences technology without requiring additional agent software installation, maintenance, or staff.
We Know the Challenges Facing Security and DevOps Teams
The efficacy of security, development, and operations teams depends on their ability to prioritize headcount, budget, and time—all of which are a premium in any organization that strives to gain market share and get ahead of competitors. Our customers consistently tell us they must maximize staff and resources against persistent attackers, yet they either lack in-house expertise to install and manage a WAF or other application security tools, or they want to fortify their security planning without adding more operational complexity.
Factors that make it difficult for security, development, and operations teams to secure web layer applications, APIs, and microservices include:
A reliance on network-based controls in the face of “app sprawl”
While both security and development teams can influence network operations staff to enforce security policies, you can’t always convince distributed application development teams to follow security policies and frameworks.
Complete attack coverage across infrastructure is challenging
In addition to new, cloud-native apps, your organization may still have many legacy, monolithic apps to secure also.
Change-resistant mindset caused by “agent fatigue”
With a multitude of apps to deploy, manage, maintain, upgrade, and protect, you’re probably wary of installing new agents that incur new overhead to monitor and manage.
Distributed modern software requires cost management
Your business likely has a multitude of apps and tools deployed across cloud and non-cloud infrastructure. You may be hesitant about expending resources to set up and maintain a new security tool that could add management overhead across these disparate hosting environments.
Powerful Web Application Security Made Easy
The Signal Sciences Cloud WAF meets all these challenges while empowering our customers to easily protect their web apps with our award-winning application security technology that inspects web requests and blocks malicious traffic. Providing detection and protection for any app against any web attack—from OWASP Top 10 to account takeovers, web app abuse, bad bots, and more—is now easier and faster without making your security or DevOps teams’ days and nights any more difficult than they already are.
Three attributes make the Signal Sciences Cloud WAF offering unique:
- Ease and speed of deployment,
- Powerful protection for any application running in any infrastructure, and
- Easy to access, real-time insights into web layer attacks.
Let’s take a look at each of these benefits:
Ease and Speed of Cloud WAF Deployment
In security, mean time to detect (MTTD) an incident is a critical measure of success in defeating your adversaries. At the end of the day, security and DevOps teams need a comprehensive solution that can detect and block web layer attacks quickly and automatically, while empowering them to observe, learn, and adapt to the tactics attackers leverage against their web layer assets.
Deploying Signal Sciences Cloud WAF only requires a DNS change. Once you make that simple update, all your incoming web requests are routed first to the Signal Sciences Cloud Engine for inspection and decisioning. We then let valid requests through and block any bad traffic. Everyone, from midmarket organizations with minimal security staff to large enterprises with applications deployed across disparate infrastructure, can benefit from our Cloud WAF’s ability to protect all web layer assets regardless of where they operate: cloud, on-premise, serverless instances, or a hybrid combination of these.
Powerful Protection for Any Web App in Any Infrastructure
From our inception, Signal Sciences enabled customers to install our next-gen WAF and RASP technology wherever their apps run: as a module-agent pair either with the module installed on the web server or with the application; as a reverse proxy; or in containers, PaaS or IaaS environments, API gateways, or load balancers.
While these deployment methods are extremely flexible, we recognized the need for a simple, fast option that also empowers customers to stop bad web requests before reaching the application origin. That’s where Cloud WAF comes in. Because web requests are first routed to our Cloud Engine, you can now protect any app against any attack even faster than before.
Comprehensive Insights into Web Layer Attacks
And as organizations transition to DevOps methods and shift security to the left (that is, your security team empowers developers to be proactive during the development process), both teams demand tools and alerts that deliver actionable insights and KPIs in real time. This gives you the proactive visibility you need to thwart would-be attacks, which is critical since web applications remain the top threat vector malicious actors leverage to breach their targets.
With our unified management console and integrations with DevOps tools like Slack, PagerDuty, and Jira, we deliver a complete, up-leveled view of the attack methods threat actors attempt to leverage against your customer web apps. In other words, we make security visible quickly so your team can take action and know how your web layer assets are being targeted. In doing so, we help you focus on what matters—both in terms of security resilience and making your applications even more attack resistant. When you know how the attacker will strike, you can better fortify your defense mechanisms.
By providing succinct insights and summaries of attack patterns, Signal Sciences’ Cloud WAF empowers security and DevOps team to be both agile and proactive. Our integrations with DevOps tools like Slack, PagerDuty, and Jira alert your teams with the real-time, actionable information they need to stay ahead of attackers.
Signal Sciences empowers you to see exactly how attackers are targeting your apps, APIs, and microservices via a unified management console.
Why Signal Sciences Cloud WAF?
Our product was born from the frustration our founders experienced as DevOps pioneers: they needed development and operations teams to work together to release applications quickly on a continual basis. But they also needed security tooling that did not halt innovation and saw that legacy WAF appliances could not keep up as application deployments scaled. Because of this DevOps heritage, Signal Sciences is uniquely positioned to deliver a market-leading WAF and RASP offering. And we know you need flexible deployment options for your applications and microservices in order to drive your businesses.
Our Signal Sciences Cloud WAF offering:
- Deploys quickly and easily,
- Requires no additional headcount,
- Seamlessly protects both cloud and legacy applications, and
- Provides actionable insights and alerts to create feedback loops.
Our Cloud Engine now inspects and processes over 200 billion web requests per week—this protection scales rapidly as our customers experience growth. And now with our Cloud WAF option, both new and existing customers can easily and quickly extend our unique and effective web layer security technology across all their apps before web requests reach application origins.
Unique Benefits of Signal Sciences Cloud WAF
Fast and easy to implement, Signal Sciences’ Cloud WAF provides protection for cloud-native, legacy, and serverless applications regardless of where they’re hosted. You can access actionable insights through a single, intuitive dashboard and leverage DevOps tool integrations just as you would with any other Signal Sciences deployment option. With Cloud WAF, we put you in an advantageous position against web layer attacks with the following benefits:
- No software agent installation or maintenance: You’ll gain superior web app layer protection with just a DNS change.
- Effective protection in production: 95 percent of customers leverage Signal Sciences live in production. Legacy WAF vendors cannot make this claim due to antiquated technology that was not designed for modern software development methods or deployments across various infrastructure.
- Deployment in minutes, not days or months: Averaging less than one hour, Signal Sciences’ Cloud WAF deploys faster than legacy WAF solutions, which can take weeks or months to install. By increasing operational efficiency and providing greater overall time to value for enterprises, Signal Sciences by default is a force multiplier for security and operations teams with limited time and resources.
- Unified management: We provide access to actionable information and key metrics through a single centralized interface across all deployments, unlike legacy WAF solutions that require you to log in to multiple management portals just to gain visibility.o