ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users...

6
ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. ARMOR MONITORED WEB APPLICATION FIREWALL For most organizations, protecting web applications from attacks is critical to prevent compromises that could ultimately take down those applications as well as expose sensitive data to hackers. Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential threats and indicators of compromise (IOC). The Armor monitored WAF service provides a turnkey cloud-based WAF solution that leverages the power of our Spartan threat prevention and response platform and security operations center (SOC) teams to protect your web applications 24/7/365 from common web exploits that could affect application availability, compromise security, or consume excessive resources. Armor monitored WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules to stop OWASP Top 10 application attacks including SQL injections (SQLi), XML external entity (XXE) attacks, and cross-site scripting (XSS) attacks. ARMOR MONITORED WAF DELIVERS TRUSTED, COST-EFFECTIVE SECURITY: Armor monitored WAF works with our Armor Anywhere managed security-as- a-service (SECaaS) to provide complete security protection across your entire security stack. Learn more about Armor Anywhere ARMOR WAF— PROTECTION AT THE APPLICATION LAYER Unify protection through correlation of WAF events with other security controls under Armor’s management Get access to time-tested security and compliance experts monitoring your WAF 24/7/365 Slash threat actor dwell times from months to minutes

Transcript of ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users...

Page 1: ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential

ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. 

ARMOR MONITORED WEB APPLICATION FIREWALLFor most organizations, protecting web applications from attacks is critical to prevent compromises that could ultimately take down those applications as well as expose sensitive data to hackers. Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential threats and indicators of compromise (IOC).

The Armor monitored WAF service provides a turnkey cloud-based WAF solution that leverages the power of our Spartan threat prevention and response platform and security operations center (SOC) teams to protect your web applications 24/7/365 from common web exploits that could affect application availability, compromise security, or consume excessive resources. Armor monitored WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules to stop OWASP Top 10 application attacks including SQL injections (SQLi), XML external entity (XXE) attacks, and cross-site scripting (XSS) attacks.

ARMOR MONITORED WAF DELIVERS TRUSTED, COST-EFFECTIVE SECURITY:

Armor monitored WAF works with our Armor Anywhere managed security-as-a-service (SECaaS) to provide complete security protection across your entire security stack.

Learn more about Armor Anywhere

ARMOR WAF— PROTECTION AT THE APPLICATION LAYER

� Unify protection through correlation of WAF events with other security controls under Armor’s management

� Get access to time-tested security and compliance experts monitoring your WAF 24/7/365

� Slash threat actor dwell times from months to minutes

Page 2: ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential

ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. 

APPLICATION SECURITY

Armor monitored WAF protects your web applications from OWASP Top 10 application attacks including SQL injections, XML external entity (XXE) attacks, and cross-site scripting (XSS) attacks.

INTEGRATED THREAT INTELLIGENCE

Applied intelligence from our Spartan threat prevention and response platform and SOC teams enhance prevention and detection, and speeds accurate response and remediation efforts.

ENHANCED THREAT DETECTION

Advanced detection features monitor usage, users and sessions, and intelligently assesses suspect requests to detect complex attacks.

COST-EFFECTIVE SECURITY CONTROLS

Easily deploy a best-of-breed WAF solution correlated with Armor’s broader security telemetry for a low monthly recurring revenue (MRR).

HYPERVISOR SUPPORT

Armor monitored WAF provides maximum flexibility in supporting Amazon Web Services, Microsoft Azure, and Google Cloud Platform environments. The virtual and hybrid environment solution works with all the top hypervisors including VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, and KVM.

DEPLOYMENT AND MANAGEMENT

Armor provides a WAF license for the virtual appliance, a support service license through Fortinet, and a license for web application security service updates through Fortinet.

The customer is responsible for deploying the WAF into their environment and configuring the WAF control panel/management interfaces. The customer is also responsible for management of whitelists/blacklists, deploying signature updates, and controlling WAF exception lists.

Page 3: ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential

ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. 

ELK

CLIENT

PerimeterFirewallSecurityGroup ACL

Spartan Threat Prevention& Response Platform

SIEMOrchestrationAutomationCorrelation

SECURITYOPERATIONS

ForensicsProactive issue escalationResolution

WEBSERVER

WAF

WEBSERVER

DATABASESERVER

POWERED BY SPARTAN

Armor monitored WAF is powered by Spartan, the industry’s leading threat prevention and response platform. Armor integrates advanced analytics, global threat intelligence, and continuous response capabilities into a single platform that bolsters your defenses, uncovers hidden threats, and prevents security breaches. Whether your sensitive data and workloads are stored in a private, public, or hybrid cloud—or in an on-premise IT environment—Spartan provides a proactive approach to cyberthreats.

TECHNICAL SPECIFICATIONS

Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4MB Cache) running VMware ESXi 5.5 with 4GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.

HOW THE ARMOR MONITORED WAF SERVICE WORKS—WAF ARCHITECTURE

Page 4: ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential

ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. 

DEPLOYMENT OPTIONS

� Reverse proxy � Inline transparent � True transparent proxy � Offline sniffing � WCCP

WEB SECURITY

� Automatic profiling (white list) � Web server and application signatures (black list) � IP reputation � IP geolocation � HTTP RFC compliance � Native support for HTTP/2

SECURITY SERVICES

� WWeb services signatures � XML and JSON protocol conformance � Malware detection � Virtual patching � Protocol validation � Brute force protection � Cookie signing and encryption � Threat scoring and weighting � Syntax-based SQL injection detection � HTTP header security � Custom error message and error code handling � Operating system intrusion signatures � Known threat and zero-day attack protection � L4 stateful network firewall � DoS prevention � Advanced correlation protection using multiple security elements

� Data leak prevention � Web defacement protection

APPLICATION ATTACK PROTECTION

� OWASP Top 10 � Cross site scripting � SQL injection � Cross site request forgery � Session hijacking � Built-in vulnerability scanner � Third-party scanner integration (virtual patching) � File upload scanning with AV and sandbox

APPLICATION DELIVERY

� Layer 7 server load balancing � URL rewriting � Content routing � HTTPS/SSL offloading � HTTP compression � Caching

AUTHENTICATION

� Active and passive authentication � Site publishing and SSO � RSA access for 2-factor authentication � LDAP, RADIUS, and SAML support � SSL client certificate support � CAPTCHA and real browser enforcement (RBE)

MONITORED WAF FEATURES

Page 5: ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential

ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. 

SECURITY SERVICES

� Web services signatures � XML and JSON protocol conformance � Malware detection � Virtual patching � Protocol validation � Brute force protection � Cookie signing and encryption � Threat scoring and weighting � Syntax-based SQLi detection � HTTP header security � Custom error message and error code handling � Operating system intrusion signatures � Known threat and zero-day attack protection � L4 stateful network firewall � DoS prevention � Advanced correlation protection using multiple security elements

� Data leak prevention � Web defacement protection

MANAGEMENT AND REPORTING

� Web user interface � Command line interface � Access to graphical analysis and reporting tools � Central management for multiple virtual devices � Active/Active HA clustering � REST API � Centralized logging and reporting � User/device tracking � Real-time dashboards � Bot dashboard � Geo IP analytics � SNMP, Syslog and email logging/monitoring � Administrative domains with full RBAC

MONITORED WAF FEATURES (CONT.)

OTHER

� IPv6 ready � HTTP/2 to HTTP 1.1 translation � HSM integration � Seamless PKI integration � Attachment scanning for ActiveSync and OWA applications � High availability with config-sync for syncing across multiple active appliances

� Auto setup and default configuration settings for simplified deployment

� Setup wizards for common applications and databases � Preconfigured for common Microsoft applications; Exchange, SharePoint, OWA § OpenStack support for FortiWeb VMs

� Predefined security policies for Drupal and Wordpress applications

� WebSockets support

Page 6: ARMOR MONITORED WEB APPLICATION FIREWALL · Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential

ARMOR.COM | 18010126 Copyright © 2018. Armor, Inc., All rights reserved. 

PROTECT ANY ON-PREMISE, CLOUD, OR HYBRID ENVIRONMENT. ANYTIME. ANYWHERE.

Powered by Spartan, the industry’s leading threat prevention and response platform, Armor Monitored WAF inspects traffic between your applications and users, protecting your organization against known and unknown threats including OWASP Top 10 application attacks and more sophisticated attacks.

PRIVATE CLOUD

HYBRID CLOUD

OTHER CLOUDS

ON-PREMISE INFRASTRUCTURE

Virtual WAF (1 VCPU) Virtual WAF (2 VCPU)

SYSTEM PERFORMANCE

HTTP throughput 25Mbps 100Mbps

Application licenses Unlimited Unlimited

Administrative domains 4 to 64 based on the amount of memory allocated

VIRTUAL MACHINE

Hypervisor supportVMware, Microsoft Hyper-V, Citrix XenServer, Open Source

Xen, KVM, Amazon Web Services (AWS), and Microsoft Azure.

vCPU support (minimum / maximum)

1 2

Network interface support (minimum / maximum)

1/4 (10 VMware ESX) 1/4 (10 VMware ESX)

Storage support (minimum / maximum)

40GB / 2TB 40GB / 2TB

Memory support (minimum / maximum)

1,024MB/unlimited for 64-bit 1,024MB/unlimited for 64-bit

Recommended memory 4GB 4GB

High availability support Yes Yes