Brendon Macaraeg is Director of Product Marketing at Signal Sciences. Previously with CrowdStrike and Symantec, he focused on evangelizing and marketing security offerings. Outside of work, Brendon keeps busy with his wife and kids enjoying outdoor activities.
Today we are proud to announce the launch of the new Signal Sciences Cloud Web Application Firewall (WAF) deployment option for our award-winning WAF and RASP solution. As the fastest growing web application security company in the world, we know organizations must quickly detect and stop web application layer attacks wherever their apps, APIs, or microservices operate—whether that be in the cloud, serverless instances, containers, on-premise, or a hybrid of these. With our Cloud WAF offering, you can now easily protect all of your web apps with patented Signal Sciences technology without requiring additional agent software installation, maintenance, or staff.
The efficacy of security, development, and operations teams depends on their ability to prioritize headcount, budget, and time—all of which are a premium in any organization that strives to gain market share and get ahead of competitors. Our customers consistently tell us they must maximize staff and resources against persistent attackers, yet they either lack in-house expertise to install and manage a WAF or other application security tools, or they want to fortify their security planning without adding more operational complexity.
Factors that make it difficult for security, development, and operations teams to secure web layer applications, APIs, and microservices include:
While both security and development teams can influence network operations staff to enforce security policies, you can’t always convince distributed application development teams to follow security policies and frameworks.
In addition to new, cloud-native apps, your organization may still have many legacy, monolithic apps to secure also.
With a multitude of apps to deploy, manage, maintain, upgrade, and protect, you’re probably wary of installing new agents that incur new overhead to monitor and manage.
Your business likely has a multitude of apps and tools deployed across cloud and non-cloud infrastructure. You may be hesitant about expending resources to set up and maintain a new security tool that could add management overhead across these disparate hosting environments.
The Signal Sciences Cloud WAF meets all these challenges while empowering our customers to easily protect their web apps with our award-winning application security technology that inspects web requests and blocks malicious traffic. Providing detection and protection for any app against any web attack—from OWASP Top 10 to account takeovers, web app abuse, bad bots, and more—is now easier and faster without making your security or DevOps teams’ days and nights any more difficult than they already are.
Three attributes make the Signal Sciences Cloud WAF offering unique:
Let’s take a look at each of these benefits:
In security, mean time to detect (MTTD) an incident is a critical measure of success in defeating your adversaries. At the end of the day, security and DevOps teams need a comprehensive solution that can detect and block web layer attacks quickly and automatically, while empowering them to observe, learn, and adapt to the tactics attackers leverage against their web layer assets.
Deploying Signal Sciences Cloud WAF only requires a DNS change. Once you make that simple update, all your incoming web requests are routed first to the Signal Sciences Cloud Engine for inspection and decisioning. We then let valid requests through and block any bad traffic. Everyone, from midmarket organizations with minimal security staff to large enterprises with applications deployed across disparate infrastructure, can benefit from our Cloud WAF’s ability to protect all web layer assets regardless of where they operate: cloud, on-premise, serverless instances, or a hybrid combination of these.
From our inception, Signal Sciences enabled customers to install our next-gen WAF and RASP technology wherever their apps run: as a module-agent pair either with the module installed on the web server or with the application; as a reverse proxy; or in containers, PaaS or IaaS environments, API gateways, or load balancers.
While these deployment methods are extremely flexible, we recognized the need for a simple, fast option that also empowers customers to stop bad web requests before reaching the application origin. That’s where Cloud WAF comes in. Because web requests are first routed to our Cloud Engine, you can now protect any app against any attack even faster than before.
And as organizations transition to DevOps methods and shift security to the left (that is, your security team empowers developers to be proactive during the development process), both teams demand tools and alerts that deliver actionable insights and KPIs in real time. This gives you the proactive visibility you need to thwart would-be attacks, which is critical since web applications remain the top threat vector malicious actors leverage to breach their targets.
With our unified management console and integrations with DevOps tools like Slack, PagerDuty, and Jira, we deliver a complete, up-leveled view of the attack methods threat actors attempt to leverage against your customer web apps. In other words, we make security visible quickly so your team can take action and know how your web layer assets are being targeted. In doing so, we help you focus on what matters—both in terms of security resilience and making your applications even more attack resistant. When you know how the attacker will strike, you can better fortify your defense mechanisms.
By providing succinct insights and summaries of attack patterns, Signal Sciences’ Cloud WAF empowers security and DevOps team to be both agile and proactive. Our integrations with DevOps tools like Slack, PagerDuty, and Jira alert your teams with the real-time, actionable information they need to stay ahead of attackers.
Signal Sciences empowers you to see exactly how attackers are targeting your apps, APIs, and microservices via a unified management console.
Our product was born from the frustration our founders experienced as DevOps pioneers: they needed development and operations teams to work together to release applications quickly on a continual basis. But they also needed security tooling that did not halt innovation and saw that legacy WAF appliances could not keep up as application deployments scaled. Because of this DevOps heritage, Signal Sciences is uniquely positioned to deliver a market-leading WAF and RASP offering. And we know you need flexible deployment options for your applications and microservices in order to drive your businesses.
Our Signal Sciences Cloud WAF offering:
Our Cloud Engine now inspects and processes over 200 billion web requests per week—this protection scales rapidly as our customers experience growth. And now with our Cloud WAF option, both new and existing customers can easily and quickly extend our unique and effective web layer security technology across all their apps before web requests reach application origins.
Fast and easy to implement, Signal Sciences’ Cloud WAF provides protection for cloud-native, legacy, and serverless applications regardless of where they’re hosted. You can access actionable insights through a single, intuitive dashboard and leverage DevOps tool integrations just as you would with any other Signal Sciences deployment option. With Cloud WAF, we put you in an advantageous position against web layer attacks with the following benefits: