Protecting Applications in the Azure Cloud with a web application firewall
When considering a Defense-in-Depth strategy for the Cloud, the applications themselves are probably the greatest risk factor. Vulnerabilities in applications, be it from poor coding or inadequate access controls, account for a substantial proportion of that risk. According to Trustwave: “Analysts have estimated 75 percent of attacks now target the application layer, exploiting more than 6,000 known vulnerabilities”
Considering the Cloud, that risk is perhaps greater than when deploying applications in-house. For example, it may not always be possible to thoroughly test every code drop in a fast-paced DevOps delivery model. Also, the sheer variety of applications available in the cloud presents another challenge as the user may not have the required level of visibility or control over the security implications of using a new application. And finally, compared to a well-designed, well-secured traditional datacenter, the cloud is often viewed as presenting a potentially broader attack surface, especially when it can be accessed by a plethora of mobile devices or other malicious forces on the internet.
When seeking assurance that applications are well secured, an application firewall can provide timely protection for applications with known vulnerabilities in cases where a software patch is not available. In a similar fashion, an application firewall can help ensure compliance to regulations such as HIPAA and PCI-DSS by removing the need for extensive source code reviews to look for vulnerabilities.
As more and more applications are migrated to Azure, it’s important to apply the same security policies in the cloud as on-premises. This is easy to achieve with LoadMaster. The Virtual LoadMaster (VLM) for Azure incorporates KEMP’s WAF, combining Layer 7 Web Application Firewall protection with other application delivery services including intelligent load balancing, intrusion detection and intrusion prevention.
Common threats handled by the WAF in LoadMaster include the OWASP ‘Top Ten” threats, such as SQL injection and cross-site scripting (XSS) and sensitive data such as credit card numbers can be protected from possible exfiltration. It is built on ModSecurity, the world’s most deployed web application firewall engine, and augmented by constantly updated threat intelligence from Trustwave. With the LoadMaster receiving regular updates of rules, applications are continuously protected from known and emerging threats.
LoadMaster provides visibility into thwarted attacks through the web user interface and log files can also be distributed for consumption by third-party SIEM (Security Information and Event Management) tools.