WAF (Web Application Firewall)

Get Started

Web Application Protection from Web Vulnerabilities and Attacks

By monitoring website traffic, WAF service protects web applications from different level firewalls and IPS (Intrusion Protection System) can protect. WAF service can effectively detect and analyze HTTP and HTTPS based security threats that attempt to take advantage of website vulnerabilities.

Overview

  • Robust Detection & Response

    By monitoring HTTP, HTTPS port traffic of customer-defined IPs, WAF service monitors for hacker's attack attempts in real-time. WAF service categorizes attacks including SQL injection, cross-site scripting (XSS) and web scans. And it can effectively respond to new web attack tactics by providing various defense mechanisms necessary for web security.

  • Reliable Web Service Operation Support

    WAF service respond to new security threats by performing web firewall signature pattern and firmware updates. WAF service can also support reliable web service operations by detecting hacking attempts such as bad bots and other new web security threats including Open Web Application Security Project (OWASP) top 10, top 8 vulnerability attacks defined by the National Intelligence Service and zero-day attacks.

  • Convenient Security Management

    WAF service provides the means for preemptive countermeasure against security threats by monitoring security events in real-time and notify customers. Additionally, monthly reports provide insights into detected events.

01

04

Service Architecture

Samsung Cloud Platform
  • Security Zone : DDoS Protection → (Secured Firewall → IPS) → WAF
  • Service Pool : VPC ( Blocking of Web Attacks → disc )
  • 24/7 Security Monitoring → Block Policy → WAF Blocking of Web Attacks
Attacker → Hacking Attacks → Samsung Cloud Platform Legitimate Service User → Samsung Cloud Platform Attacker → Hacking Attacks → Samsung Cloud Platform

Key Features

  • Intrusion detection and analysis, provide monitoring information
    1. 24/7 event monitoring (alert raising, monthly reports)
    2. Attack categorization through web firewall event analysis (injection, XSS, file include, file upload/download, web scan, etc.)
    3. Detect latest attack patterns (e.g. Apache Struts vulnerability)
  • Intrusion response
    1. Provide IP information in the event of attempted attacks on registered URLs
      (Network firewall on Samsung Cloud Platform recommends blocking)
  • Web firewall operation
    1. Automatically update security threats collected by TI (e.g. signature pattern) and update firmware
    2. Manage web application firewall failures
    3. Provide blocked policy list of each customer
    4. Provide detailed information about User-Agent and Referer

Pricing

    • Billing
    • Based on throughput
    • Minimum contract period : 1 year (Charged monthly)
Let’s talk

Whether you’re looking for a specific business solution or just need some questions answered, we’re here to help