Open Source WAFs for Web Application Security and Compliance
What is a WAF versus a firewall? . . . and why should IT security departments spin web application firewalls (WAFs) across the web and cloud workload architecture?
Consider the ubiquitous web attacks testing your servers and APIs all day long, looking for ways into your digital enterprise and its information. It’s a constant and evolving bombardment and threat from AI malware, brute force attacks, remote code injection and execution, stolen credential takeovers, cross-site scripting, man-in-the-middle-based schemes, and more.
A WAF helps an organization to protect its web-based applications and its data deeply at the edge. It’s different from a traditional firewall appliance that focuses on broad spectrum protection and not at web development languages or virtualized application server environments.
Endpoint and host-based intrusion detection systems and traditional firewalls don’t protect the Web-based attack surface deeply enough or even at all. A WAF is focused on today’s web threats, specifically designed to protect Web gateways, web servers, web applications, APIs, software, appliances, and people, helping to address defense-in-depth threats and vulnerabilities while extending a greater sensitivity and control over a protective web.
What a WAF Should Deliver
A good WAF proactively detects code anomalies coming from outside of the enterprise, and from inside, and can act as a layer of segmentation at the individual container, server and/or virtualized workload level. A WAF will be able to respond, to strip out and block the transfer of malicious code or remote takeover instructions into your web infrastructure and APIs, your websites, web content management systems, or IoT environment. Strip out the nonsense earlier, without having to rely on human time constraints, constant human vigilance, and manual limitations, which can lead to late discoveries, financial and reputational damage, and operational and compliance risk.
A WAF goes wider, deeper across web connections, applications and content. It blocks things from breaching the attack surface, and from getting to end users and private data. This security coat delivers malware detection, response, and deactivation, as well as easier security compliance. A good WAF means being able to proactively correct security configuration errors, detect software vulnerabilities, stop the exfiltration of sensitive data like credit card information, virtually patch vulnerable applications, and manage site visitor activity. It’s also used for page rank protection on search engines and to secure workload interactions with partners in the web or cloud supply chain.
Atomicorp, an endpoint and cloud workload protection provider, is a leading developer of web application firewalls (WAFs), file integrity monitoring (FIM), Hosted Based OSSEC security, XSOAR, SIEM, and endpoint security. At the recent Atomic OSSEC Conference, I spoke about the different ways open-source security tools can be enhanced into specific application security and compliance tools and extended detection and response (XDR), going beyond traditional host-based intrusion detection systems (HIDS) and enterprise firewalls. (Listen to the replay, or check out the full array of videos from Atomic OSSEC Conference 2023.)
Why Open-Source WAFs?
WAFs are used to protect against web attacks that can bypass traditional firewall protection in brute force blitzes, malware insertion, and undetected infiltration and insertion through the software supply chain.
Attacks such as the Log4J zero day left lingering effects and highlighted software supply chain vulnerabilities. Most companies rely entirely on third party software – even in companies that develop their own software it is typical for 80% of that software to be made up of third party software. And most of that software likely has yet undiscovered vulnerabilities that will turn into the next Log4J zero day. Web application firewalls are a critical part of protecting yourself from vulnerabilities in the web applications and APIs you use.
An open-source WAF enables an organization to apply web application security anywhere, proactively. With open source, it’s unfettered access to everything. Be able to add your own policies and rules to protect your data and applications. Easily write virtual patches for zero day and emerging vulnerabilities and threats including those used to target legacy software. For example, against end-of-life Log4J there was no immediate patch. An open-source-based WAF, such as ModSecurity, made it possible to detect and block Log4J vulnerability exploitation attacks the moment the vulnerability was known, long before a patch was available.
Open source security provides security in depth, and that’s where open-source-based WAFs come in. In addition to SQLi, XSS, RCE, brute force attacks and even denial of service attacks, open-source WAFs can be orchestrated against things that try to burrow deeper into your digital enterprise of websites, APIs and applications. The WAF provides all the additional defenses for what should be treated as a segmented, untrusted outside source . . . the Web.
Atomic WAF, Atomicorp Web Application Firewall for Web Application Security
Web security consists of anything connecting with or coming from both internal sources and external sources such as partners and, of course, the internet. Gone are the days when you could just protect yourself from external threats, as most compromises occur through the compromise of an internal user, phishing and other attacks that bypass traditional perimeter defenses. Every web asset, application and API should be protected from all users, regardless if they are inside or outside of the organization’s perimeter. If you don’t have a WAF, a successful attack is going to happen or already has. Remote adversaries leveraging bot farms and malware will blindly target your complicated and disparate digital attack surface and break through.
WAFs act as secure gateways, blocking and filtering malware and attacks. WAFs can be used to govern access, orchestrate least privilege and privileged access management, segment and encrypt data flows, and go beyond reactive spot patching into virtual patching preconfiguration.
Atomicorp’s web application firewall, Atomic WAF, provides:
- Real-time antimalware protection. Get out in front, protecting your website and internet users. Filter and detect against zero days. Infused with real time crowdsourced global threat data, Atomic WAF enables you to detect vulnerabilities and search for specifics faster. You don’t have to wait for a foundational commercial or community patch to be released. Virtual patching allows you to release something immediately, and Atomic WAF with threat intelligence and virtual patching comes well tuned against evolving exploits.
- Accept/deny list enforcement. Block malicious CIDRs, networks, bad actors and their potential traffic, insertion, and hostile payloads.
- Malware and spam detection and removal. Sometimes it’s just spam, and sometimes it’s more malicious. Be able to scan and filter your dynamic web architecture with safeguards against site defacement, site misuse, and unauthorized drains on your servers.
- Page Rank Protection. If not managed, unprotected search engine results can open up the attack surface by duping your legitimate site visitors and causing data seepage and compliance violations. Your users search, they click, they land, they fill in information thinking it’s you, and they unwittingly download something private on their end or give data or credentials to an imposter. Prevent these preventable man-in-the-middle attacks by protecting Page Rank, an important part of data protection by hosters, federal agencies and enterprises seeking to comply with government and industry privacy standards.
- Cross-site scripting (XSS) and SQLi defense. Thwart attempts to take over web entities and steal deeper digital control. Gain the ability to stop and look at inputs and outputs, which is crucial for blocking sneaky and sophisticated attacks and data exfiltration.
- A management GUI. Atomic WAF provides visualization beyond the command line for your security and compliance stakeholders. From the detection engine, your web connections can be analyzed forensically and visualized in lists, open searches, correlations, charts, graphs, and reporting. Detect file changes, recognize patterns, orchestrate the needed security, compliance or overall risk management procedure. And be able to capture and look at artifacts, which leads to compliance . . .
- Compliance. Deploy WAFs to keep data private across different connection points. It’s often the customer’s data and that’s why we have things like PCI DSS. Private and sensitive data is being shared, processed and stored on the web and in the cloud. A WAF brings advanced security risk mitigation and compliance against avoidable exposures. Atomic WAF offers a way to meet PCI DSS requirement 6.6 and NIST 800-53 requirements for web application security. (Hear the WAF replay from Atomic OSSEC Conference 2023.)
- Protection for your legacy and modern web applications. Open source security is versatile and enables you to continue to block malware to and from today’s cloud and web APIs and application infrastructures. It is also a smart way to protect legacy systems such as AIX, HP-UX, OpenVMS and Solaris and is a fantastic way to protect no longer supported and end of life web applications and development languages.
- Virtual patching. Go beyond reactive patching. Put vulnerability information and management in its perspective and use it. Know where attacks are coming from, which digital entities are being a nuisance, something that traditional patching doesn’t answer. Be able to use this information to preconfigure virtual patches without waiting for vendor solutions.
- Strong security support for web development languages. Code may suddenly no longer be supported and it becomes difficult to locate vulnerabilities and eliminate them. Get the preconfigured open-source security software and experienced support to keep your custom systems running securely.
- Full support for web hosting platforms such as cPanel, Plesk and others
- Global real time threat intelligence
- Layer 7 DoS protection
- 24/7/365 support
- Cloudflare integration
- Audit controls and reporting for compliance, so you can artifact, report, and meet compliance requirements
- Defense-in-depth security controls built into the system, so breaches don’t penetrate the core data assets and impact access control
- Full support for all of today’s web applications, including WordPress, Drupal, major web hosting panels, and more.
Virtual Patching Will Save You
Virtual patching allows you to release something immediately to protect your applications and APIs from zero days even if there is no patch available for the vulnerability. You don’t have to wait for a commercial or community patch to be released.
- Remain in control with virtual patching, aka just-in-time patching. Most commercial patching programs broadly patch threats without providing insight into ongoing vulnerability management. ModSecurity and Atomic WAF allow you to fine-tune your protection for advanced web application security and compliance.
- Protect endpoints against east to west attacks. Classic firewalls can’t address east to west attacks, and internal security challenges. They’re designed to keep people out, what happens when the bad guys get inside? Ensure you have protection on your web and API endpoints against east to west attack. Provide defense in depth against lateral movement with an open-source-based WAF.
- Prevent data leakage through output and input detection. Atomic WAF can both detect and remove sensitive data as attackers attempt to steal it, all in real time. This provides a critical component in defense in depth to protect you from data exfiltration attacks, even when all of your other security measures fail.
Additional Atomic WAF Features for Web Security and Compliance
Monitor and filter traffic from the web and your websites with open-source based Atomic ModSecurity Rules and Atomic WAF. Protect the network against brute force web attacks. Block stolen credentials, manage data and web and cloud workload flow, and more.
Additional Atomic WAF features include:
- Scanner Blocker
- Proxy Abuse Protection
- Custom Blocklists
- Supports Third Party RBLs
- Easy Geoblocking
- Advanced Attacks Blocked (SSRF, XXE)
- Data Loss Prevention
- Real-time Malware Protection
- Content Scraping Protection
- Layer 7 DoS Protection
- Real-time Malware Removal System
- Machine Learning
- Management Console
- Policy and Rules Editing
- Management Reports
- Compliance Reports
- Role based access control GUI
- MFA SSO integration in GUI
- The ability to work across sunsetted operating systems and applications to protect and secure legacy environments.
Atomicorp provides an open source WAF extension for host based intrusion detection systems (HIDS) based on ModSecurity Rules. ModSecurity Rules can be used to defend against sophisticated attacks in turnkey as well as custom environments, including containers and serverless environments.
Wielding an Open Source WAF for Security and Compliance
Learn how to protect your applications and websites with open source based WAFs and use them for software security and compliance. Watch my full presentation from Atomic OSSEC Conference 2023. Check out the full array of videos from Atomic OSSEC Conference 2023.
Check out Atomic WAF, which provides advanced detection and deep response, a comprehensive WAF to pull web-based malware out at its roots. The Atomicorp WAF solution is largely turnkey and you don’t have to write your own rules. It comes with a management GUI and expert level support.
Visit the Atomic ModSecurity Rules and Atomic WAF solution pages.
Learn about virtual patching vulnerabilities and how to produce a rule in seconds that can protect you from unpatched zero days. Atomicorp provides assistance and training. There’s plenty of community support, too. ModSecurity in books, free stuff, commercial support, and it works with everything.
Get to know Atomicorp for ModSecurity on Slack.
Get a demonstration of Atomic WAF in action.