Web Application Firewall: an intelligent one-stop enterprise website protection solution

2020-09-04

In recent years, shorter application development cycles promoted by project management practices such as Agile and DevOps have limited the ability of the traditional Web Application Firewall (WAF) to protect enterprise applications. As applications and APIs continue to evolve rapidly, traditional WAF vendors oftentimes fail to meet the constantly changing attack protection needs of enterprises.

The CLB WAF solution of Tencent Cloud can help tackle this dilemma. An AI-based and one-stop website protection service that helps users combat security threats such as SQL injections and cross-site scripting (XSS), CLB WAF can effectively protect applications that are running behind Cloud Load Balancer (CLB), while intelligently keeping pace with the rapidly evolving security needs of enterprises.

Protecting enterprise websites against a diverse set of attacks

Based on AI rule engines, CLB WAF’s web attack recognition is anti-bypass and has low false negative and false positive rates, allowing the service to effectively defend against common web security threats. This includes but is not limited to cross-site request forgery (CSRF), Webshell trojan upload, and other OWASP attacks. In addition, CLB WAF provides web page crawler and BOT robot management to protect enterprises against data breach, content infringement, malicious search engine optimization, business strategy leakage, and more. For domain names submitted by users, CLB WAF will perform nationwide DNS verification. If DNS hijacking threat is identified, CLB WAF will display the attack details in each region to help enterprises avoid potential data theft and financial loss.

To ensure a flawless user experience, Tencent’s security team delivers 24/7 monitoring to precisely detect and troubleshoot vulnerabilities, while distributing virtual patches for high-risk and zero-day vulnerabilities within 24 hours upon detection. Based on big data analysis of website performance and the server’s response to exceptions, CLB WAF can perform intelligent decision-making to generate defense policies. The response cycle to attacks is precipitously shortened, and users do not need to perform any operation. If needed, users can also cache core web page content to the cloud and publish cached web pages as a substitute to mitigate the risks of web page tampering. CLB WAF also allows users to hide ex-ante server applications and ex-post sensitive data to prevent backend databases from being hacked.

CLB WAF supports dedicated 30-line BGP IP access for defense nodes, which are scheduled intelligently to reduce delay and guarantee website access speed for global users. The HTTP and HTTPS traffic passing through CLB will be mirrored to the WAF cluster and processed using either the mirror mode or the cleansing mode. In mirror mode, the WAF cluster will perform bypass detection and alarm services without returning the credibility status of the request. In cleansing mode, however, the WAF cluster will synchronize the request status. The legitimate requests will be allowed to pass, while the unauthorized ones will be blocked.

CLB WAF is ideal for Tencent Cloud users using Layer-7 CLB

CLB WAF helps implement cross-region and seamless connection between Layer-7 CLB and WAF with millisecond-level latency. Without performing any adjustment of the existing network architecture, users can rest assured that their websites are secure, stable and reliable.

In fact, CLB WAF can be used to protect various types of websites, such as O2O e-commerce websites, financial websites, and government websites. For O2O e-commerce websites, CLB WAF can intelligently filter out attacks and spam access requests by malicious crawlers to ensure smooth business performance during flash-sales, marketing campaigns, and other scenarios with ultra-high concurrent access. For financial websites, CLB WAF can effectively detect and identify malicious access requests to prevent users’ financial information and strategies from being leaked. Similarly, CLB WAF can protect government websites to prevent the theft of civilian data and ensure the availability of civic services, while giving additional visibility into the health status of hosted applications.

CLB WAF was released on the international console on August 31 for beta customers. To use CLB WAF, please contact us.

Help
Sales Support

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
Hong Kong, China
+852 800-964-163 (Toll Free)
United States
+1 888-652-2736 (Toll Free)
Others
+86 4009100100