Security vendor Webscale Networks launched its Cloud Web Application Firewall (WAF) service on Feb. 28, providing organizations with features to help defend against online attacks. The new WAF service is focused on helping to support ecommerce businesses and can be used to enable some requirements needed for Payment Card Industry Data Security Standard (PCI-DSS) compliance.
“Since we’re an ADC (Application Delivery Controller) and sit on the data path, we can see all the sessions and that gives us a lot of insight,” Sonal Puri, CEO of Webscale, told eWEEK.
The core Webscale Networks platform is a cloud-based ADC stack that helps to enable multiple types of web delivery and security functions. The WAF capability is now the first standalone feature that Webscale is offering for those that don’t want or need a full ADC stack.
Jay Smith, Founder and CTO of Webscale Networks explained that the WAF is compatible with the widely deployed open-source ModSecurity WAF, providing organizations with the ability to use the same rule sets.
Going beyond ModSecurity rules, Smith noted that Webscale’s WAF has a so-called ‘shield mode’ that makes use the company’s ADC to help provide protection against application layer attacks as well as Distributed Denial of Service (DDoS) attacks. The service also provides IP address white/blacklisting to permit or deny access based on a given address.
While, the Webscale WAF provides a measure of DDoS protection, it’s not necessarily intended to be a solution to solve the largest types of volumetric attacks. Smith noted that large volumetric attacks that utilize massive volumes of bandwidth are typically not what he sees impacting his customers.
“The real world attacks that we see are valid layer 7 HTTP attacks,” Smith told eWEEK. “We’re focused on mitigating the day-to-day problems.”
The distributed nature of Webscale’s service is a core element of the platform and can be scaled across multiple cloud providers including Amazon AWS, Microsoft Azure, Google Cloud as well as OpenStack based cloud deployments.
“As a SaaS (Software-as-a-Service) offering we’re managing the number and volume of ADC resources being applied to any given account, so they always have the capacity to service whatever traffic is coming in,” Smith said.
Smith said that Webscale has built its own orchestration system to handle the management of software assets across different clouds. He explained that Webscale’s architecture includes separate data and a control planes. As such, the data plane can be provisioned wherever Webscale or a customer wants. He added that the control plane itself is a distributed system that is deployed at multiple cloud providers for continuous availability.
The market for cloud delivered WAF services is a competitive one, with multiple vendors including Imperva, Akamai and Qualys among others. Puri noted that what helps to differentiate Webscale from its competitors is the focus on ecommerce companies.
“We’re not a generic one size fits all WAF,” Puri said. “We are multi-cloud capability so that also provides a lot of benefits.”