Because cyber-attacks have become increasingly sophisticated, blocking threats at the IP level only is not enough to protect your Web applications. Unfortunately there are indications that most Web applications are vulnerable to content attacks and have never been tested for vulnerabilities. Best practices dictate to review the source code of Web applications from the security perspective in order to fix vulnerabilities. However, not all vulnerabilities can be detected with this method. If the security is an effective concern for your activities, Web applications should be protected with a Web Application Firewall or in short a WAF.
What is a Web Application Firewall
WAF stands for Web Application Firewall. This type of firewall allows you to inspect Web requests and instantly block malicious requests such as but not limited to XSS (Cross Site Scripting), SQL injection and Virus injections. Compared to a traditional firewall that inspects the network traffic at the IP level only, a WAF goes further and inspects the content of Web traffic in order to block malicious requests and/or data thefts.
CacheGuard protects your Web Application against known content attacks such as but not limited to Protocol Violation, Protocol Anomaly, Session Fixation, SQL injection, XSS (Cross Site Scripting), File injection, Command access, Command injection and LDAP/SSI/PHP injection.
CacheGuard allows you to design your own WAF rules based on regular expressions. This way, you can allow only requests that are considered as regular and reject any other requests. By designing your own rules, you avoid any false positive matches produced by generic filters. A Web requests auditing module allows you to test your WAF rules before putting them in production.
CacheGuard uses RBL (real time blacklists) of IP that have bad reputation in order to protect your applications against any abuse or attack attempts. You have also the possibility to block requests coming from specified countries.
CacheGuard protects your Web application against malware injections. The WAF is combined with an antivirus that instantly blocks any attempt to upload malware files via your forms. The antivirus signature base is regularly updated in order to protect your applications against latest malware.
SSL Offloding & PKI
To inspect the Web traffic, the WAF should be implemented as an SSL terminator to have clear visibility on Web traffic. By doing so, the WAF offloads your Web servers from encryption/decryption tasks. Having to implement the WAF as an SSL terminator means that your Web application SSL certificate and its associated private key should be installed on your WAF. In order to facilitate all operations on SSL certificates, CacheGuard comes with a PKI (Public Key Infrastructure).
CacheGuard WAF is integrated into our core product, CacheGuard-OS. CacheGuard-OS is an appliance oriented Operating System that transforms a virtual or bare metal machine into a network appliance.