Application Shield (WAF)

アプリケーション
シールド

アプリケーションレイヤへの攻撃を防御する
CDNプラットフォームと統合されたクラウドWAF
組み込まれたCDNetworksアプリケーション・シールドがWeb上のお客様の資産を継続的に保護。

アプリケーション・シールドは、24時間365日体制で専門スタッフが監視を行い、アプリケーションレイヤの脆弱性を突いた攻撃からお客様のWebアプリケーションを守ります。さらにグローバルに展開するCDNサービスと併せてご利用いただくことで、ハイパフォーマンスでセキュリティ強度の高いWebサービス基盤を構築することができます。

CDNetworksのアプリケーション・シールドは、搭載されたインテリジェンスにより継続的に学習し、Webアプリケーションを悪意のある新たな攻撃や攻撃ベクターから守り、お客様のビジネスの安全性と可用性を維持します。

アプリケーション・シールドのリソース
アプリケーション・シールドのリソース
関連ブログ記事を読む

JNSA Certification Logo

アプリケーション・シールドのリソース

特徴

OWASPトップ10(2017年)

インジェクション、XSS、その他の一般的なサイバー攻撃の脅威からの保護

特定のアプリケーションの脆弱性

脆弱性スキャンに応じたルールや仮想パッチの自動作成

DDoS防御

  • アプリケーションレイヤのDDoS攻撃を無制限に防御
  • ネットワークレイヤのDDoS攻撃を追加料金なしで防御

速度制限

カスタム速度制限の作成と実施

Visual Dashboard

  • Full DDoS dashboard and log
  • Full WAF dashboard and incident log
  • View attack trends on a real-time dashboard, filter by domains, attack types, dates and more parameters

一般的なアプリケーションの脆弱性

広く使用されているCMSおよびeコマースプラットフォームの仮装パッチ適用

ゼロデイ攻撃

インテリジェントなバックエンド監視、迷惑行為の検出とブロックにより、新たな脅威からアプリケーションを保護

アクセス制御

IP、地域、HTTPヘッダなどによりトラフィックをブロックするカスタムルールを作成

カスタム・シグネチャ

使いやすいルールウィザードでルールや正規表現のシグネチャをカスタマイズ

Quick Deployment

Protect HTTP/S traffic easily and immediately through a simple DNS configuration.

主なメリット

インテリジェントなWAF

インテリジェントなWAFサービスをCDNetworksのグローバルなCDNプラットフォームと統合し、24時間監視します

セルフラーニング

CDNetworksのクラウド・セキュリティ技術は自ら学習、進化し、マルチレイヤのアプローチで攻撃中も迅速かつ確実に防御します

無料のDDoS防御

アプリケーション・シールドには無料のDDoS防御が含まれています

サービス概要図

What is a Web Application Firewall (WAF)?

A Web Application Firewall or WAF is a network security system that helps protect web applications from various types of attacks by making sure that a web server only receives legitimate traffic.

Firewalls are systems that monitor and control traffic that enters and leaves the network. It acts as a barrier between your network and the open internet.

A web application firewall is a specific type of firewall that focuses on the traffic going to and leaving web apps. Standard firewalls act as a first level of security but today’s websites and web services need more security. This is where WAFs provide specialized capabilities and thwarts attacks specifically aimed at the applications themselves.

How Does a Web Application Firewall (WAF) Work?

A WAF works by filtering, monitoring and blocking suspicious HTTP/s traffic between a web application and the internet.

Implementing traditional firewalls have been a basic cybersecurity practice for a while. These are deployed around networks and operate in the Layers 3 to 4 in the Open Systems Interconnection (OSI) Model.  Their role is limited to inspecting packets over the IP and TCP/UDP protocol and filtering traffic based on IP addresses, protocol types and port numbers.

A WAF on the other hand operates at Layer 7 (L7) of the OSI model and can understand web application protocols. They are essential to analyze traffic going to and from a web application and to prevent attacks that might otherwise go undetected through a traditional network firewall.

When a WAF is deployed, it acts as a reverse-proxy shield between an application and the internet. A proxy server is an intermediary that protects a client machine. Reverse-proxies on the other hand ensures that the clients pass through it before reaching a server. Crucially, a WAF can be used to protect multiple applications that it is placed in front of.

A WAF uses a set of rules called policies to filter out malicious traffic from taking advantage of application vulnerabilities. These security policies are often based on known web attack signatures, including scanpoints like HTTP Headers, HTTP Request Body and HTTP Response Body. The set of rules can also be specified to detect patterns in URL or file extension, to restrict URI, header and body length, to detect SQL/XSS injection and even bots based on their signature detection and behavior

The key benefit of using a WAF is that these policies can be modified and implemented quickly and with ease. Some WAF providers also provide functionalities for load balancing, SSL offloading and intelligent automation of these policy modifications using machine learning. This makes it easy to adapt and respond to varying attack vectors and for Distributed Denial of Service (DDoS) protection.

On its own, a WAF cannot protect against all attacks. But it can enhance web application security to protect against these common attacks:

Cross-site forgery

These are attacks which force authenticated users of a web application to take actions that compromise the security of the app. Usually, an attacker tricks the user to click on a link by sending them a link via email. Once the user authentication and logins are completed, the user can be forced to perform requests such as transferring funds, or changing their profile details and email addresses. If the attack is aimed at an admin account and becomes successful, it could compromise the entire web application.

Cross-site scripting

Cross-site scripting attacks are those where an attacker injects malware into a client’s browser to steal data including session cookies or edit the content to show false information. This usually happens when a dynamic website that contains scripts in JavaScript, PHP and .NET is injected with malicious code. When a user loads the web page, the attacker’s malicious scripts are executed. For example, the user’s cookie may be sent to the attacker who can use it for impersonation.

SQL injection

These are attacks where the attackers try to inject malicious SQL commands into websites and applications which have user-input data fields such as contact forms. The injected code can gain unauthorized access to databases and run commands to extract or modify private information contained in the databases.

What Are the Different Types of WAFs?

A WAF protects web applications by blocking attacks that satisfy certain pre-set criteria while allowing approved traffic. They help protect against cross-site forgery, cross-site scripting, SQL injection and file inclusion where attackers try to gain unauthorized access to an application to steal sensitive data or compromise the application itself.

A WAF can be one of three types based on the way they are implemented.

Network-based WAF

This is usually a hardware-based WAF and is installed locally. This means that it is placed close to the server and is therefore easier to access. As is the case with hardware-based deployments, they help minimize latency but can be expensive to store and maintain.

Host-based WAF

A host-based WAF is one that is fully integrated into an application’s software. It exists as a module inside the application server. This type of WAF is less expensive than a network-based WAF and is more customizable. On the downside, they can drain the local server resources and affect the performance of the application. They can also be complex to implement and maintain.

Cloud WAF

A Cloud-based WAF is more affordable and requires less on-premises resources to manage. They are easier to implement and often delivered as a SaaS by a vendor. offering a turnkey installation as simple as changing the DNS to redirect web traffic. Because of the cloud service model, they also have minimal upfront cost and can be continuously updated to keep up with the latest attacks in the threat landscape. CDNetworks offers a cloud-based WAF that is integrated with our global content delivery network (CDN) and prevents web application attacks in real time.

グローバルネットワーク

業界にかかわらず、お客様のグローバル・オーディエンスに効率的なWebパフォーマンスを確実にお届けするために最適なITソリューションをご提案します。
 
0

グローバルPoP数

0

帯域幅

0

グローバルオフィス

世界中の多くのお客様に支持されています

CDNetworksは業界をリードするグローバルなコンテンツ・デリバリ・ネットワーク(CDN)事業者です。
私たちは主要産業のお客様に革新的でカスタムメイドなソリューションを提供いたします。