Post on 08-Jan-2017
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Nate Dye - AWS Sr. Manager, Software DevelopmentHeitor Vital - AWS Solutions ArchitectThomas Wick - eVitamins Manager
Nov 2016
AWS WAFPreconfigured Protections
What to Expect from the Session
Introduction to AWS WAF Key Benefits Ease of Use
AWS WAF 101
What is AWS WAF
Why AWS WAF?Application vulnerabilities
Valid users
Attackers
Web server Database
Exploit code
AWS WAF
Why AWS WAF?Application vulnerabilities
Valid users
Attackers
Web server Database
Exploit code
X
Why AWS WAF?Content Abuse: Bots & Scrapers
Web server DatabaseValid users
Attackers
AWS WAF
Why AWS WAF?Content Abuse: Bots & Scrapers
Web server DatabaseValid users
Attackers
X
Why AWS WAF?Application DDoS
Web server DatabaseValid users
Attackers
AWS WAF
Why AWS WAF?Application DDoS
Web server DatabaseValid users
Attackers
X
AWS WAFVisibility and Dashboards
Monitor security events
Key BenefitsCustomers like …
Scale APIs for AutomationFast Incidence Response
PreconfiguredProtection
Security AutomationIntegration with DevOps
AWS WAF
Logs
Threatanalysi
s
Rule updater Notificatio
n
Security Engineer
Web serverValid users
Attackers
X
HTTP floodsScanners and probes
SQL injection
Bots and scrapersIP reputation lists
Cross-site scripting
Preconfigured Protection
SQL injection
Bots and scrapersIP reputation lists
Cross-site scripting
Preconfigured Protection
HTTP floodsScanners and probes
IP reputation lists
Preconfigured Protection IP Reputation Lists
AWS WAF
Valid users
Bad NetworksLambda
Synchronizer
X Web server
Preconfigured ProtectionSQL and XSS Injection Protection
AWS WAF
Valid users
Bad Networks
XSQL injection
Cross-site scripting Web server
HTTP floodsScanners and probes
SQL injection
Bots and scrapersIP reputation lists
Cross-site scripting
Preconfigured Protection
Easy Setup
AWS WAFSecurity Automations - Demo
Customer Story
IntroductionBackground of eVitamins.com
Founded in 1999
Award winning Health & Beauty eTailer
Ships thousands of orders daily to over 85 Countries Worldwide
Localized in 15 different languages
Trusted supplier for over 600 different manufacturers
Stop http floods attacks
Prevent attacks and malicious activity in off-hours
Prevent known bad IP addresses from access
“Slap the wrist” of anyone getting “frisky”
Make sure Robots respect us
Stop SQL Injects, XSS Attacks from network layer in addition to application layer.
Challenges & Tasks Specific eVitamins challenges
Up to date IP Offenders from Spam Haus
Stop Malicious activity around the clock
Automate temporary blacklisting
Force robots to follow - play by our rules
Double up on SQL Injects, XSS Attacks, etc = less load
Post AWS WAF Security Automations After implementation
True Ability to Not Miss Anything
Mitigate Damage in 90% less time (from 3 hours to 20 minutes)
Reduce IT Overhead - Less dedicated resources equals more time on other projects. Reduced security overhead
Reduce Attacks on application layer by 90%
Increased sleep = Peace of mind for our IT Team.
Results & OutcomeMeasurable results in many ways
“It is without a doubt that anyone running any type of web application needs to implement this stack.”
“We’d recommend giving AWS WAF a try as the resources, insight and control you have over the network layer for a web app is second to none. The ease of use and the resources needed to have such control over everything is highly appreciated.”
RecomendationA Must Implement Stack
CostThe approximate cost for running this solution with default settings* is as follows:
•$13.00 per month in fixed AWS WAF charges ($5.00 for one web ACL and $1.00 for each of the eight rules)
•$0.65 ($0.60+$0.05) per million web requests in combined, variable charges (this includes AWS WAF request charges and AWS Lambda, Amazon S3, and Amazon API Gateway charges).
*Approximate cost as of the date of publication in us-east-1. This does not include costs incurred from Amazon CloudFront or other existing resources. Prices are subject to change.
Web Requests Total Cost/Month1 million $13.65
50 million $45.50
100 million $78.00
Get Started
Use the Setup Wizard: https://aws.amazon.com/waf/preconfiguredrules/
Register for Q&A session
Registration details for an upcoming AWS WAF Q&A session coming your way soon ..
Thank you!
Nov 2016
https://aws.amazon.com/waf/preconfiguredrules/ https://github.com/awslabs/aws-waf-security-automations
AWS Team:Nate Dye - Sr. Manager, Software DevelopmentHeitor Vital - Solutions ArchitectSundar Jayashekar – Sr. Product Manager