In Jisc Cloud Solutions one of our most common recommendations for securing web applications is to ensure that you use a Web Application Firewall in order to block malicious attacks.
Of course Web Application Firewalls are not silver bullets – they should be deployed alongside services such as IPS and traditional firewalls to ensure defence in depth is applied at all times.
WAFs are notoriously difficult to keep on top of, with tuning often a continous requirement each time code changes and updates are deployed to the protected services.
In fact, most Web Application Firewalls we come across are often not even configured to run in prevent mode due to the difficulties in blocking attackers whilst not impacting legitimate users. Often, we find that the IT teams responsible for maintaining WAFs do not have enough time to dedicate to managing them correctly.
A mis-managed WAF is arguably just as bad as not having a WAF at all. Presenting false negatives due to overly permissive tuning provides a false sense of security. Conversely, a WAF which is blocking legitimate users, impacts the UX of the protected application.
We are seeing many of our members and customers migrating applications to the cloud. They are therefore in need of a solution which protects applications regardless of where they are hosted.
The Jisc Managed Website Protection service takes away the difficulty of managing Web Application Firewalls; it is delivered in partnership with Fortinet and offers a fully managed WAF & DDOS solution for web applications.
The service is entirely public cloud based and exists across GCP, Azure, AWS and OCI and can be deployed either in CDN mode (using all cloud regions) or locallised to the same region in which your application exists – this ensures that performance, regulation concerns and traffic cost is optimal.
If applications are not yet in public cloud then the closest geographical cloud region will be used to protect the application.
The service utilises machine learning to understand the protected web applications, providing protection against OWASP Top 10, zero day threats and other application attacks. Because of the machine learning, the service keeps false positives to a minimum, ensuring end users are not impacted.
A number of additional modules can also be deployed, including, but not limited to, Bot Mitigation, DDOS Prevention, API Protection and Account Takeover Protection, all of which fully integrate into your SIEM solutions.
In collaboration with Fortinet, we continuously monitor and tune the firewall where required and the service operates on a 24/7 incident response basis.
If you would like to know more about the service, or if you are interested in setting up a trial, please contact your Jisc account manager or email us at cloud@jisc.ac.uk.