Web Application Firewall Updates
In the 7.2.54 LoadMaster release, Kemp has introduced several key updates to enhance the current capabilities of our Web Application Firewall (WAF) to build a more compelling and relevant solution for our end-users.
The main updates introduced in the 7.2.54 release include:
Open Web Application Security Project® (OWASP) Core Rule Set (CRS)
The Open Web Application Security Project® (OWASP) Core Rule Set (CRS) is included as the main set of rules-based protection. The OWASP CRS will be the primary method for configuration, detection, analysis, and enforcement in the Kemp WAF.
OWASP CRS natively provides deeper insights into application traffic attacks. The WAF and GSLB features can also leverage updated reputation data daily, to validate where the traffic hitting your application is coming from and blocking those from known bad actors.
The WAF feature from Kemp is being enhanced to support utilizing the anomaly scoring and paranoia modes available with the CRS to better enable tuning and reducing any false positives.
Enhanced False Positive Analysis
We have added anomaly scoring and paranoia mode to better enable customers to tune and reduce false positives. Additionally, real-time per Virtual Service logging of events whilst performing false positive analysis has been introduced. This will allow customers to perform false positive analysis against their applications to enable customers to get enhanced visibility of attacks and fine-tune protection.
Enhanced WAF Visualization
We have enhanced the LoadMaster user interface to better display WAF events, logs and statistics. This provides end-users with a better understanding of the positive impact that WAF provides.
The LoadMaster user interface for WAF, is being significantly modified to allow easy selection of countries to block and is reflected in enhanced statistics.
Benefits of OWASP CRS
OWASP CRS is a set of generic attack detection rules to protect web applications from a wide range of attacks, including OWASP Top Ten. The CRS provides protection against many common attack categories, including SQL Injection, Cross-Site Scripting, Local File Inclusion, etc. These generic rules provide a broader baseline of protection and are pre-tuned to reduce false positives. These are more likely to assist with new and unknown attack vectors. Application-specific rules may only target specific vulnerabilities and not address other malicious traffic.
Other Benefits of OWASP CRS include
Support for compliance regulations such as PCI DSS, HIPAA and GDPR
Per application deployment for protection of specific applications with different security policies
Monitor attacks against your web applications by using a real-time WAF log
OWASP Top 10 attack protection
Benefits of Enhanced False Positive Analysis
Guided False Positive analysis of user's configurations enabling fine tuned protection of the application with customizable paranoia levels that control the strictness of the policy.
Additionally, real-time per Virtual Service logging of events and rules triggered whilst performing false positive analysis is available to make the WAF operation more transparent to users.
Legacy WAF rules are being retired on 29th June 2021 and no further updates will be available. Customers can continue to use their currently configured rules. Kemp encourages you to migrate your configuration to the new WAF service.
For further details on Web Application Firewall updates, refer to the Kemp Web Application Firewall Feature Description