Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Tech Talks

979 Aufrufe

Veröffentlicht am

Learning Objectives:
- Get an inside look into Managed Rules for AWS WAF
- Learn how to set up Managed Rules for AWS WAF and the best practices
- Learn about the security experts that offer Managed Rules for AWS WAF

  • Als Erste(r) kommentieren

Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Tech Talks

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sundar Jayashekar, Sr. Product Manager (AWS) Jarrod Levitan, Chief Cloud Officer (TriNimbus) Mike Fisher, Solutions Architect (TriNimbus) January 30th, 2018 Managed Rules on AWS WAF A Customer Story
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect from this session 1. Service Introduction 2. Key Benefits 3. New Announcement! 4. Customer Story - TriNimbus
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a WAF? Web Application Firewall – Monitors HTTP/S requests and protects web applications from malicious activities Layer 7 inspection and mitigation tool
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can we do with AWS WAF? • Rate based rules • IP Match & Geo-IP filters • Regex & String Match • Size constraints • CloudWatch Metrics/Alarms • Sampled Logs • Count Action mode • SQLi • XSS • IP Blacklists Malicious traffic blocking Web traffic filtering Active monitoring & tuning
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Threats AWS WAF can help with Application Layer Bad BotsDDoS OWASP type attacks HTTP floods Abusive users Content scrapers Scanners & probes CrawlersSQL injection XSS Application exploits
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF available on Amazon CloudFront Application Load Balancer (ALB)
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What do customers like about AWS WAF? Fast Incidence Response Easy to deploy Affordable Full API Support Managed platform
  8. 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How are Customers using AWS WAF? 1. Custom Rules 3. Security Automation2. Managed Rules You can combine all three!
  9. 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New capabilities since June 2017 1. Rate Based Rules 2. OWASP Top 10 templates 3. Geo IP based restriction 4. RegEx Support 5. Managed Rules 6. Additional Regions for WAF/Shield We listen to our customers and iterate quickly
  10. 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What customers asked? “I don’t want expensive Pro-Serv engagements to write and tune my rules” “I want to focus on writing web applications and not security rules” “I don’t have the resources to write rules that keep up with the bad guys”
  11. 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. So at re:Invent 2017 we announced… Managed Rules on AWS WAF with 5 Featured Sellers and 11 new Products!
  12. 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are Seller Managed Rules? • A set of WAF-Rules (sometimes in the 100’s) written and managed by trusted security vendors • Available on AWS Marketplace and the WAF Console • Deployed on AWS WAF • Pay-As-You-Go pricing
  13. 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. At Launch we said … We will continue to add security vendors and provide more Rule choices to customers ….
  14. 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. We are happy to Pre-Announce today! Coming soon … 3 New Products!
  15. 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Featured Sellers
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. F5 Managed Rules for AWS WAF SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource Apache, Apache Struts, Bash, Elasticsearch, IIS, JBoss, JSP, Java, Joomla, MySQL, Node.js, PHP, PHPMyAdmin, Perl, Ruby On Rails, and WordPress. Vulnerability scanners, web scrapers, DDoS tools, and forum spam tools.
  17. 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key Benefits of Managed Rules 1. Rules managed by security experts 2. Choice of protections 3. Auto-updates 4. Pay as you go 5. Easy to Deploy
  18. 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deploy in 3 easy steps Find rules on AWS WAF console or AWS marketplace Click and subscribe Associate rules in AWS WAF
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TriNimbus – Customer Story
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Born in the Cloud in 2013 • AWS Premier Consulting Partner • Offices in Vancouver, Calgary, Toronto, Montreal and Macedonia • Top 50 fastest growing startups in Canada (Canadian Business Magazine) About TriNimbus
  21. 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our Core Capabilities • Expert team of Solution Architects and DevOps Engineers • Co-sourcing: Integrating with your Agile teams • 24/7 DevOps and DevSecOps managed services • Architecture, operations, migrations, disaster recovery, cost optimization, compliance About TriNimbus
  22. 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Growing the AWS User Groups Community Across Canada • Organize AWS User Groups in 9 cities across Canada • 4000+ members and growing • Education focused presentations by AWS customers, evangelists and best-of-breed technology partners • Creating opportunities to learn, interact, and share ideas About TriNimbus
  23. 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The ActiveDEMAND Story
  24. 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. About ActiveDEMAND ActiveDEMAND is a marketing technology company that provides Marketing Automation to SMBs and marketing agencies globally • Call tracking • Email marketing • Social media marketing • KPI dashboards
  25. 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Problem • Suffering from intermittent DDoS attacks from a small number of bad actors • Attacks would quickly overwhelm their fixed number of compute resources • Web services would become completely unavailable during attacks
  26. 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Original Architecture • Amazon CloudFront in front of static assets only • Elastic Load Balancer in front of a fixed number of Amazon EC2 instances
  27. 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC and EC2 Best Practices
  28. 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS WAF and Dynamic Content Delivery
  29. 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why we Chose AWS WAF • Very easy to add due to the client already using Amazon CloudFront • DDoS were typically from a small number of source IP addresses; This made them easy to block with IP match conditions • Very cost effective to implement for a few rules
  30. 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Results • ActiveDEMAND rolled out this updated infrastructure architecture for all new customers • There have been no detected service interruptions for any customers on this new platform during the year it has been in production
  31. 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Restrict ELB Access to Amazon CloudFront IP Addresses Going Forward • AWS publishes IP ranges for their services in JSON format • Also publish updates to an SNS topic they manage • Subscribe to the SNS topic with a Lambda function which processes the JSON and updates the ELB's security group
  32. 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take advantage of new AWS capabilities • Use AWS WAF rate-based rules instead of manually updating blacklisted IP addresses • Dedicated DDoS protection with AWS Shield Advanced • Subscribe to a managed rule group instead of manually implementing SQL injection and size constraint conditions Going Forward
  33. 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Blog: Revisiting the AWS WAF Take a look back at the all improvements that have been released for AWS WAF on its journey from Minimal Viable Product to Most Valuable Player https://goo.gl/R37X6g Further Reading
  34. 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. For more details on Managed Rules https://aws.amazon.com/mp/security/WAFManagedRules/
  35. 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

×