Web Application Security

See More, Do More with an AppSec Force Multiplier

Brendon Macaraeg

Brendon Macaraeg is Director of Product Marketing at Signal Sciences. Previously with CrowdStrike and Symantec, he focused on evangelizing and marketing security offerings. Outside of work, Brendon keeps busy with his wife and kids enjoying outdoor activities.

 

Force Multiplier: From Many to One

There’s an Effectiveness Scale for security teams: some sit on the “Highly Effective” side, while others sit closer to the “Not Effective” side. The later teams lose sleep as they struggle to cut through the noise of alerts that end of being false positives during day-to-day operations. They’re trying to thwart attacks yet know they don’t have enough visibility to see exactly where and how their apps are being attacked.

Being efficient while getting the job done means leveraging a force multiplier in your security team’s arsenal so they can be strategic and accomplish more. Our integrations with the tools security and DevOps teams already use like Slack and PagerDuty are also key to effectiveness.

Our Engineering and Product Design teams are constantly looking for ways to ensure Signal Sciences is a force multiplier that empowers security and DevOps with our next-gen web application firewall (WAF) and runtime application self-protection (RASP) so they can see more and do more with fewer resources. Many of our customers do not dedicate a full-time employee to managing our tool. Several new product enhancements further our offering as a key force multiplier in our customers security arsenal while providing a superior customer experience. 

Corporate Overview Dashboard

Signal Sciences Corporate Overview Dashboard

The Corporate Overview Dashboard  is a central place for all high-level information about a customer’s sites and provides the most valuable attack information like signal trends and visualizations of attack traffic across sites so security staff can investigate and remediate potential security incident quickly. With this dashboard, there’s no need to drill down into separate reports and run queries or searches to up-level the high-value information—it’s all in one place.

Shared Lists

Shared Lists are a crucial part of Power Rules, our feature that enables customers to easily define, monitor, and take action on any web application or API transaction, providing protection beyond OWASP injection attacks. And now, with Shared Lists, customers can further augment signal visibility and trigger conditions with your own trusted data sources. Lists allow for parameterizing Rules with potential attack indicators such as IPs, user agents, countries, wildcards, and more across all a customer’s sites.

Let’s say your organization needs to block OFAC-sanctioned countries for regulatory compliance. Instead of setting up a rule of known bad IP addresses for each app, your team can now centrally manage a single list and apply it across all your apps. Moreover, we allow for granularity so you do not block traffic from an entire region, but only those nations in that region.

Corporate Signals

 

CorpSignals-1Corporate Signals allow customers to easily gain visibility into web requests across all of their sites. Our signals provide a sample of requests, the ability to alert on increases in traffic, and time series graphs.

Previously, customers created signals at the site level. For customers with many sites, this was a maintenance burden. Now they can easily apply a single signal across all their sites.

Corporate Integrations

CorpIntegrations-1

Similar to our current site-level integrations that allow our customers to send a Slack notification when a malicious IP address is flagged, this feature broadcasts alerts on events but across all sites, not just one.

We alert your on events including user registrations, sites created, and changes to authentication settings via Slack, MS Teams, and email—so these events are visible nearly immediately: instead of logging into the Signal Sciences console, your team is alerted to these events via tools they already use on a daily basis.

Conclusion

Part of our ongoing mission is to empower security and DevOps teams to prioritize their resources so they can more effectively defend against application attacks.

Don’t be the security team that struggles and wonders how to increase the visibility necessary to beat the adversary. Be the team that builds security resilience—the ability to continually withstand attack attempts—because your team members can see farther and do more to effectively to stop an application layer attack before it starts.