Application delivery is complex and involves many teams. Organizations need to provide these teams with the tools and insights they need to maximize the availability, performance and security of the application delivery infrastructure. Teams require in-context insights into the status of delivery components and easy-to-use workflows to manage and remediate application issues.
Progress LoadMaster 360 provides a consolidated dashboard and SaaS experience that enables admins to do their jobs more efficiently and in sync with the other IT teams. Deploying a unified experience to gain insights into the entire estate, LoadMaster 360 helps customers realize value faster and maximize their application experience.
Throughout 2024 and beyond, we intend to regularly add valuable new features and enhancements to existing ones. Our latest version, LoadMaster 360 Release 1.1, delivers an impressive update to our Web Application Firewall (WAF) functionality along with several other new features.
With cybercriminal attacks on the rise, organizations need to do more than ever to mitigate risks to their applications. Application security is a multifaceted and ever-changing task that must be applied at multiple levels of the application delivery chain. The network must be secured before requests reach the backend application servers. Deploying a WAF-enabled LoadMaster as part of your network infrastructure helps deliver in-depth security for your web servers and applications.
You may already be familiar with the LoadMaster WAF, which has been part of LoadMaster since October 2023. The WAF enables the secure deployment of web applications, preventing Layer 7 attacks while maintaining core load balancing services and maintaining consistent application delivery and security. Put more simply, the WAF inspects the traffic to your applications and confirms that it's legitimate traffic. This powerful tool for protecting your applications is distinctly different from a network firewall..
When the WAF is enabled, the WAF engine scans every incoming HTTP packet – running through each assigned rule individually and deciding what action to take if a rule is triggered. The rules can be run on requests and responses. WAF can protect against OWASP Top 10 attacks,, such as:
The WAF is available with the LoadMaster Enterprise Plus subscription tier.. Users can deploy it alone or in addition to other security solutions, including the other LoadMaster layered protection capabilities (Single Sign-On, pre-authentication, two-factor authentication, etc.). WAF functionality directly augments the existing LoadMaster security features to create a layered defense for web applications – helping to enable the safe, compliant and productive use of published services.
While not difficult to implement, the LoadMaster WAF does require custom tuning for your specific application and server traffic. This manual tuning can be time-intensive and challenging for non-experts.
For example, many customers enable all the OWASP-based filters on their WAF, which provides abundant protection and effectively blocks legitimate and safe traffic to their applications. That’s why careful tuning is so important. When non-expert users turn on untuned rules, this will have a high-performance impact—likely resulting in many unnecessary false-positive alerts and slowing down traffic. The more rules you use in a WAF, the more it can impact the application and user experience.
Many customers already adept at using a WAF still find it time-consuming to get right. We knew we could do better LoadMaster, a product known for its ease of use. The capabilities of LoadMaster 360 provided us with an ideal method to improve how you can tune the WAF and continuously view its impact on your application and server traffic.
If you’ve ever been asked to show the WAF’s impact, this new feature can visually prove the value over days, weeks and months at the application or LoadMaster level. We call it the “Enhanced WAF.”
The Enhanced WAF is an entirely new set of capabilities built into LoadMaster 360 for configuring, tuning and continuously monitoring the WAF. Enhanced WAF helps secure your web applications and provides additional application security information more quickly.
Enhanced WAF helps:
Enhanced WAF strikes the right balance between enhancing your web application security and providing your legitimate users with an optimal application experience.
First, you must be subscribed to the Enterprise Plus tier.. You then set up your WAF as you normally do in the LoadMaster interface. If you have a WAF license and WAF Support, LoadMaster provides several commercial rules, such as ip_reputation. These rules are targeted to protect against specific threats, primarily the OWASP Top 10. With the WAF-enabled LoadMaster, you can choose whether to use Kemp-provided rules, custom rules that can be uploaded or a combination of both.
Once you have set up the WAF, you can open LoadMaster 360 and view the setup. The Enhanced WAF feature elevates analytics to monitor and report on the WAF activities of applications and LoadMasters.
The WAF Tuning features let you view individual false positive events, view the activity from intelligently parsed logs and configure rule exclusions to properly tune your ruleset to only allow legitimate traffic. These smart capabilities will help you minimize false positive responses and quickly reach a more secure stance.
The LoadMaster 360 Enhanced WAF provides detailed visibility into its value and performance. Users are notified when to pay attention to potential application security issues and can more easily configure and customize the LoadMaster WAF technology.
Information you can view includes:
With the Enhanced WAF, you can deliver improved security insights, minimize the time required for WAF configuration and tuning and reduce the occurrence of false positive alerts.
The Enhanced WAF can help your organization protect its web applications against increasingly sophisticated cyberattacks. Your users receive an improved application experience through the benefit of greater visibility, smart false positive identification and controlled false positive remediation.
We’re thrilled to have the Enhanced WAF as a critical capability within LoadMaster 360 release 1.1. We designed it to simplify your administrative work and provide new and actionable insights into the security of your web applications. Now, more than ever, you can continuously monitor and manage the security of your services, applications and LoadMaster fleet.
We recently announced the availability of Loadmaster 360 release 1.1. You can visit the feature web page for additional details.
The LoadMaster WAF is available with the Enterprise Plus subscription tier, and LoadMaster 360 is available to all customers. If you do not have a license, you can reach out to your account manager or contact our team for a live demo and trial.