DOSarrest's WAF is the one of the best cloud based WAF's available today. Why ? because its not reliant on a massive database of known malicious signatures that requires constant updates of new signatures when they become known. This inferior but still widely employed method is also known as a "Negative Security " model. DOSarrest's WAF is based on a "Positive Security " model . To see more on the difference between the 2 models, please read this blog article.
If the code on your webserver is up to date, patches are applied as soon as they become available and you are doing regular Vulnerability Testing , you can get away with not utilizing a WAF…maybe. In today's typical website environment, where websites are sometimes being updated, changed, application add-ons added and removed, etc on a daily or weekly basis, security holes can be inadvertently exposed. A well managed WAF is added protection. The best way to think of it is, it's like a "Virtual Patch".Request a Quote
DOSarrest's Cloud based WAF, allows customers to easily block any Layer 7 threat as well as define any rule-set that may be specific to one or more applications that may be running on their webserver. Enabling WAF protection provides customers with all of OWASP's CRS(Core Rules Set or top 10) Which includes :
Any new vulnerabilities or zero day attacks that may be uncovered such as Heartbleed, Poodle, etc are already in place, because we are not like the other cloud based services, we use a positive security based model WAF. Zero day attacks are pretty much a thing of the past. No need to apply patches in the middle of the night to keep your webserver safe.
Most other WAF appliances and services rely on signatures or pattern matches to protect webservers, the problem with this method is that, new variations or small modifications to a particular string of malicious code can slip through and cause problems.
DOSarrest's cloud based WAF service does not rely on signatures, instead the system analyses every packet and looks for exact matches on specific characters and not strings or signatures that are known to potentially cause problems, when a match is found, it is given a score, once a predetermined threshold score has been exceeded the packet is dropped and never makes it to the customers' webserver.
The WAF service inspects and analyses every packet at these levels:
Flexibility- The WAF service can be configured to apply to every directory on a website or only on specific URI's
Some rules can be too strict for some websites, which can cause the website to not function properly. In such cases Whitelists allow you to use some forbidden symbols and rules when you need them. A white list can be applied site wide or on a particular URI. Our WAF service allows customers to employ "Learning Mode" which allows you to log and see violations but allows the request to go through. Customers can use learning mode to see and understand if their WAF configuration is too strict and make adjustments or white-list. As with all of our services it's up to you, our 24/7 SOC can manage this for you if you'd like.