Web Application and API Protection (WAAP) as a First Line of Defense

Automated and Elastic Application Security for Modern Architectures

Application security is complicated and even more so in this multi-cloud, multi-platform IT environment. 94% of enterprises are moving to the multi-cloud and 88% are adopting microservices architectures driving the need for security innovation.1

Todays Security Challenges: Increased Threat Landscape, Increased Use of Cloud and Ineffective Security Tools
Source: ESG Report – Modernizing Application Protection with VMware

Get the Most with Comprehensive Web Application Protection

Web application and API protection (WAAP) needs to be multifaceted and dynamic to address today’s threat landscape and improve ingress security. This requires a solution that can adapt to the constantly evolving attacks. A system that can reduce manual intervention and the potential for operational human error is critical to success.

Simplicity

Current application architectures are complex and it is impossible to effectively manage them manually. Time to deploy and operational efficiency become key factors in the security tool selection process. A comprehensive, but simple to deploy and manage ingress solution is critical to a successful security strategy.

  • Separate the control plane from the data plane for a centralized point of control
  • Detailed visibility and intelligent analytics for operational management
  • Minimize manual processes and potential for error

Context-Aware

Context-aware security solutions are necessary for today’s applications. Security requires an understanding of the application and data that it is protecting. It is important that the solution understands how and why applications are using the data.

  • Meet compliance standards such as PCI-DSS, HIPAA, and GDPR
  • Understand the application behavior and provide tailored security policies
  • Real-time updates to the security policies to protect against threats, known and unknown

Elasticity

Elasticity is essential in today’s dynamic application delivery environments. The multi-cloud and microservices architectures add and remove resources in real-time to meet client demands. The ingress security solution must be able to scale up and down along with the application.

  • Applications are being deployed across multiple clouds
  • Microservices mean that application instances are constantly being created and removed

First Line of Web Application Protection Defense

VMware is addressing ingress app security with VMware NSX Advanced Load Balancer (Avi). Avi delivers an integrated application delivery and security platform that is simple to use, robust, and scalable platform with advanced features to protect applications and their APIs.

VMware NSX Advanced Load Balancer (Avi)

Intelligent Web Application Security with Point-and-Click Simplicity

The Avi web application and API protection solution provides a comprehensive solution to protect the application infrastructure with ease while providing needed visibility and automation.

Intelligent Web Application Security with Point-and-Click Simplicity

Integrated Application Delivery and Web Application Security

VMware NSX Advanced Load Balancer (Avi) provides a comprehensive web application and API security architecture including context-aware Web Application Firewall (WAF), bot detection and management, DDoS mitigation, SSL/TLS encryption, ACL and application rate limiting. The solution is able to enforce security through closed-loop analytics and learning heuristics that provides open web application security project (OWASP) Top 10 protection, support for compliance regulations such as PCI DSS, HIPAA, and GDPR, and signature-based detection.

For current threat information, there is Avi with Cloud Services to provide new threat updates including IP reputation, bot detection, CRS signatures and more while minimizing false positives with advanced application security analytics, detection, and enforcement modes to detect common application vulnerabilities. The solution provides an optimized security pipeline to maximize the efficiency for traditionally resource intensive operations. With real-time app security insights and analytics, it provides actionable insights on performance, end-user interactions and security events in a single dashboard with end-to-end visibility.

Advantages of Managing Web Application and API Protection Using Avi

  • Advanced learning for increased threat accuracy
  • Application-specific policies
  • Threat updates for real-time protection
  • Input protection

    SQL Injection, Cross-site Scripting (XSS) etc.

  • HTTP validation

    — Encoding bypass detection, HTTP response splitting and HTTP parameter pollution

  • Data leakage protection

    — Error message suppression and protection against leakage of PII such as credit card or SSN numbers

  • Automated BOT attack blocking

    — Scanner detection,blockage of brute force attacks, and GeoIP blocking

  • Accurate and analytics-driven security policies
  • Automatic policy configurations
  • Elastic per-app autoscaling
  • Built-in security analytics across data centers
  • Security insights to eliminate false positives


Web App Security for Today and Tomorrow

Avi’s technology is designed for modern application architecture. Multi-cloud and containers mean that technologies must shift from a legacy appliance-based architecture to a more flexible and dynamic model.

Avi delivers a full featured ingress security solution to meet today’s application environments whether in legacy datacenters, multi-cloud, or in containerized microservices environments. The automation and analytics enhance the security operations and streamlines the DevOps process.


1Pulse State of Load Balancing 2022 Multi Cloud Survey Report