What is F5 Advanced Web Application Firewall?
In this blog
With the emergence of software as a service (SaaS) as the primary software consumption model for both consumers and businesses, security and resilience have become critical concerns for application owners—especially since all the IT assets required to drive and deliver their applications reside in the cloud. And as an increasing amount of sensitive data is exposed to the internet via today's SaaS applications, software developers and users alike require sophisticated security controls for protecting against potential data theft, vulnerabilities/software glitches, and multi-layer security compromises and denial of service (DoS) attacks.
In contrast, desktop software users of the past focused strictly on features and front-end usability versus security and resilience and availability.
In this article, we'll explore the features and benefits of F5 Advanced Web Application Firewall (AWAF), the leading web application firewall solution in this category. Developed by the creators of BIG-IP, AWAF enables organizations to protect their applications' data and users and maintain the confidentiality, availability and performance of their mission-critical applications.
AWAF is F5's web application firewall (WAF) designed to protect web applications running in traditional on-premises, virtual and cloud (e.g., public, private, hybrid) IT environments. The solution protects against both existing and unknown vulnerabilities and validates compliance to key regulatory mandates (e.g., HIPAA, PCI DSS, HITRUST) and features a browser-based interface that provides network device configuration, centralized security policy management, and easy-to-read audit reports via a single pane of glass.
Policies are a foundational component that drives much of AWAF's functionality—its robust security policies protect web applications from common application layer threats (e.g., buffer overflows, cookie poisoning, web scraping, SQL injection, parameter tampering, cross-site scripting, brute force attacks). F5 AWAF includes a set of built-in policy templates for creating quick controls to secure common applications. And for continuously adaptive security controls, AWAF can automatically develop a security policy based on observed traffic patterns; alternatively, users can manually create their own policies based on specific criteria (e.g., amount of protection required, organizational risk appetite or tolerance).
A WAF protects web applications by filtering and monitoring HTTP traffic between a web application and the internet. This occurs on OSI model layer 7, where user-facing applications and web pages are requested and delivered; not coincidentally, many cyber-attack methods such as denial of service (DoS) and distributed denial-of-service (DDoS) also use this layer to carry out attacks. AWAF is effective at using various security mechanisms to protect Layer 7 applications.
When a user or host makes a request to the web application server, the WAF examines the request to verify that it meets the criteria of the security policy protecting the application. If in compliance, the request is forwarded to the web application—if not, the system may block the request and take other risk mitigation measures (e.g., create a rule from the anomalous traffic patterns, generate violations or alerts, and more.
It's worth noting that WAFs may incorporate a positive or negative security model—or in the case of F5 AWAF, use both; suffice to say, WAFs that integrate both positive and negative security models are more effective at blocking both known and unknown threats.
A negative security model is one in which the WAF continuously monitors for known "bad" events. Upon detecting a known suspicious traffic pattern (i.e., an attack signature), the WAF blocks the malicious traffic from reaching the application. Attack signatures have been traditionally used to detect and thwart attacks such as cross-site scripting, worms, SQL injections, and threats targeting widely used databases, applications and operating systems.
In contrast, a positive security model assumes all connections are untrusted and requires trust assignment to occur before granting access to the web application. In this sense, only known good requests or results are delivered based on a combination of validated user sessions or input and valid application responses.
As mentioned previously, AWAF combines both positive and negative secure model features to identify and mitigate threats according to defined policies. Application traffic analyzed by AWAF can also be load balanced like the web application servers being protected—for example, a typical configuration would see F5 AWAF load balanced across several servers protecting a highly available SaaS offering; if malicious activity is detected, AWAF terminates the request, sends a customized error page to the client, and prevents the traffic from reaching the back-end systems.
The following are some highlights of F5 AWAF key features and benefits.
F5 AWAF is capable of blocking a broad range of web application attacks and threats, including the most sophisticated application-level DoS/DDoS and SQL injection attacks. And to mitigate the risk of front-end web application weakness and vulnerabilities, AWAF also protects SaaS applications using the latest front-end development methodologies and tools (e.g., AJAX widgets and components, JSON data payloads).
F5 AWAF ships with advanced, built-in and ready-to-use compliance controls and remote auditing functions for enabling organizations to better comply with various compliance frameworks and security standards (e.g., PCI-DSS, HIPAA, Basel II, HITRUST). For example, AWAF's granular PCI-DSS reporting capabilities help organizations ascertain whether they are in compliance while helping administrators follow the correct procedures towards meeting compliance requirements.
Along with ready-to-use compliance controls, F5 AWAF ships with pre-built and certified application security policies for rapid deployments that require minimal configuration effort. For example, security controls for common enterprise applications (e.g., MS Outlook Web, Oracle E-Business Financials, Microsoft MS SharePoint) can be deployed quickly out-of-the-box; additionally, internal or custom applications can be secured with rapid deployment policies.
AWAF works across F5's entire platform portfolio, from virtual editions (VE) for protecting virtual private cloud applications to on-premises deployments installed on BIG-IP appliances and VIPRION multi-line-card chassis appliances. AWAF ensures application availability by mitigating attacks regardless of location or environment—on-premises, in the cloud or a hybrid of the two.
F5 AWAF is a core component of the BIG-IP suite of application delivery services and products—a portfolio that consolidates traffic management; network firewall; application access; SSL inspection, decryption and re-encryption; DNS security; and DoS/DDoS protection, to name a few.