Intelligent Web Application Firewall (WAF)
Web Application Security with Point-and-Click Simplicity and Web-Scale Performance
Complete Application Security Management
Avi Networks delivers multi-cloud application services including a Software Load Balancer, Intelligent Web Application Firewall (WAF) and Container Ingress. Avi’s WAF delivers simplified and highly scalable application security, with visibility and security insights that help customize a comprehensive application security policy per application or tenant.
Avi WAF offers a comprehensive set of web application security features and helps achieve compliance with GDPR, HIPAA and PCI DSS. It minimizes false positives with a positive security model, WAF learning mode and advanced application security analytics. WAF protects applications from DDoS attacks and OWASP top 10 threats with real-time app security insights and visibility.
WAF is delivered as part of the Avi Platform which provides a distributed web security fabric with central policy management, on-demand autoscaling, and built-in analytics for securing multi-cloud applications.
I believe there is no valid reason to provision a web application on the internet without a WAF. This is especially important to us since Swisslos needs to be compliant with industry regulations and certifications.
Optimized App Security Pipeline
- Application allow-list effectively bypasses known, trusted sources such as DAST scan output and internal IP addresses
- Positive security with WAF learning mode efficiently models good traffic behavior with automatically programmed rules
- Signature-based protection is based on core rule set (CRS), live feeds from Avi Pulse cloud services and application-specific frameworks
Real-Time App Security Insights
- Real-time visibility and application security analytics includes SSL versions, ciphers, real-time DDoS attack data, and system health scores
- Granular app security insights on traffic flows and rule matches help inform precise policies
- One-click customization of rules and exceptions significantly reduces the problem of false-positives
Centralized Application Security Management
- OWASP Top 10 threats including Input protection (SQL injection, cross-site scripting (XSS), local/remote file inclusion, remote code execution, PHP code injection, path traversal, session fixation)
- HTTP validation (limit HTTP allow method, encoding bypass detection, HTTP response splitting, HTTP parameter pollution)
- IP protection (GeoIP blocking)
- Data leakage protection (error message suppression, leakage of personally identifiable information such as credit card or SSN numbers)
Multi-Cloud Security Fabric with Simplicity
- A comprehensive application security stack includes WAF, application rate limiting, DDoS protection, SSL/TLS encryption, access control list (ACL), authentication and authorization, and L3-L7 security rules.
- Per-app deployments and elastic autoscaling across data centers and multi-cloud environments
- GDPR, HIPAA, and PCI compliance with a scalable and distributed application security platform
- A distributed web application security fabric uses built-in analytics to make intelligent decisions
