Product News, Web Application Security

Expanding Power Rules with Shareable Lists

Andrea Swaney

Andrea Swaney is the Senior Director of Product Marketing and Alliances. She has spent the last 10 years with security startups in leadership roles including Sales, Business Development and Alliances. When not working to secure the web, Andrea is likely to be found reading about or drinking wine, or on a vineyard somewhere in California or France.

‘Tis the season of cool. Cooler temperatures, cool gifts, and cool holiday sweaters. To stay on theme, we wanted to share one of our own new features that just got a lot cooler - Power Rules and Lists—available now!

Since its launch, we've some great stories about how our customers are using Power Rules:

  • A financial information services organization uses them to stop content scraping

  • Castlight uses them to increase attack coverage beyond OWASP attacks

  • Remitly and Glossier use them to combat account takeover (ATO) and more

  • Doordash uses them for geo-blocking using our list capability.

Remember this handy diagram when we originally launched Power Rules earlier this year?

Power Rules diagramLists are a crucial 3rd leg of the tripod that make up Power Rules. With lists, you can augment signal visibility and trigger conditions with your own trusted data sources. Lists allow you to parameterize Rules with business data you have collected, such as IPs, user agents, countries, wildcards, and more.

Until now, if you wanted to set up something like geo-blocking, you’d have to set up a list for each Signal Sciences Dashboard account that you have (we call these “Sites” in the product). That potentially meant setting up the same exact lists within each of your sites to connect it to a Power Rule.

Enough of that extra work—our incredible tech team architected a larger and more powerful capability that will enable our customers to do far more with less work. (Read some of their own words on our features, which is already leaps and bounds ahead of what other WAFs and RASPs can provide). It all starts with a library of lists!

image (2)Our new Corp list library will allow Corp Owners to create and share Corp lists from the main Corp-level navigation  

How does it work?

 You’ll find the option to create a new list to add to your library under the main Corp Lists page.

Corp lists Blog-1

If you have privileges on Signal Sciences Console as a Corp Owner, you can create and manage lists at the Corp level, which can then be shared to any users within a particular site to enable. We’ve seen some specific examples in the field already: lists of allowed scanner IPs (e.g. Qualys Scanners) or OFAC Sanctioned Countries that aren’t site-specific.

Then you’ll find your new Corp List in the List menu: 

Signal Sciences Lists

That’s it! More lists in your library.

We hope this has been a helpful explanation of how to use the new Corp Lists feature. Stay tuned for more advances in Power Rules in 2019!