Web Application Security With Simplicity, Visibility and Performance
A New Way to Identify & Prevent Web Application Threats and Attacks
Traditional web application security solutions such as appliance-based web application firewall (WAF Security) solutions are complex to manage, rigid to scale, and lack application security insights. These web application security issues, combined with increased rate and severity of web application attacks have made the need for a modern, secure web application framework critical for today’s enterprise.
Comprehensive Web Application Protection With Avi Vantage
Intelligent Web Application Firewall
Appliance-based hardware web application firewalls (WAFs) rely on complex rules, lack app security insights, and require costly overprovisioning to compensate for lack of elasticity. In contrast, Avi’s iWAF is 100% software WAF security solution and provides scalable app security, threat detection, and application protection using:
- Point-and-click simplicity with unparalleled visibility and intelligence
- On-demand autoscaling in response to application security challenges
- Central policy management and analytics-driven security policies
Application Rate Limiting and DDoS Protection
Avi Vantage includes many options for rate shaping and throttling of traffic. This may be applied at the virtual service, pool/server, or client level.
- Per-application rate limiting and granular control
- Protection against L4 and L7 denial of service (DoS) attacks
- Customizable via data scripts to create specific policies
Encryption, Authentication and L3-L7 ACLs
With web application attacks on the rise, websites need strong encryption such as Secure Socket Layer (SSL) / Transport Layer Security (TLS). Avi natively implements:
- HTTP Strict Transport Security (HSTS)
- RSA and Elliptic Curve Cryptography (ECC) certificates
- Perfect Forward Secrecy (PFS) with point-and-click features
- URL and IP port based allow-list and deny-list through access control lists (ACLs)
Provide Comprehensive Web Application Security Tools
VMware NSX® Advanced Load Balancer™ (by Avi Networks) provides a comprehensive web application security architecture including DDoS mitigation, SSL/TLS encryption, ACL and application rate limiting. It also features an Intelligent Web Application Firewall (iWAF) with distributed security fabric to enforce security through closed-loop analytics and WAF learning mode that covers open web application security project (OWASP) CRS protection, support for compliance regulations such as PCI DSS, HIPAA, and GDPR, and signature-based detection.
Avi Pulse cloud services provide new threat updates including IP reputation, bot detection, CRS signatures and more, and minimize false positives with advanced application security analytics, detection, and enforcement modes to detect common application vulnerabilities. iWAF provides an optimized security pipeline to maximize the efficiency for traditionally resource intensive operations. With real-time app security insights and analytics iWAF provides actionable insights on performance, end-user interactions and security events in a single dashboard with end-to-end visibility
Advantages of Managing Web Application Security Using Avi iWAF
- Central management of all distributed WAF instances
- Point-and-click policy configurations with rule exceptions customizable for each application
- Granular application security insights on traffic flows
- Scalable WAF capabilities with per app and per-tenant deployments
-
Input protection
— SQL Injection, Cross-site Scripting (XSS) etc.
-
HTTP validation
— Encoding bypass detection, HTTP response splitting and HTTP parameter pollution
-
Data leakage protection
— Error message suppression and protection against leakage of PII such as credit card or SSN numbers
-
Automated BOT attack blocking
— Scanner detection,blockage of brute force attacks, and GeoIP blocking
- Accurate and analytics-driven security policies
- Automatic policy configurations
- Elastic per-app autoscaling
- Built-in security analytics across data centers
- Security insights to eliminate false positives