Web Application Security For Multi-Cloud Applications
Avi iWAF helps achieve compliance with GDPR, HIPAA and PCI DSS with a range of web application security features. It minimizes false positives with advanced security analytics, detection and enforcement modes, and protects applications from DDoS attacks and OWASP Top 10 threats with real-time app security insights and visibility.
iWAF is delivered as part of the Avi Vantage Platform which provides a distributed web security fabric with central policy management, on-demand autoscaling, and built-in analytics for securing multi-cloud applications.
Centralized Security Management
Simplified policy customization and administration through central management to keep web applications compliant with GDPR, HIPAA and PCI DSS.
Multi-Cloud Security Fabric
Elastic, on-demand autoscaling of application services in response to real-time traffic conditions across both on-premises and cloud environments.
Automation and Programmability
Protection against common vulnerabilities, such as SQL injection and Cross-site Scripting (XSS), while providing the ability to customize the core rule set (CRS) for each application and automate policy configurations with REST APIs.
Real-Time Security Analytics
Real-time visibility into application traffic, user experience, security threats, and application performance to identify and protect against sophisticated attacks. Avi’s WAF technology delivers granular security intelligence to monitor, react to changes quickly and make intelligent decisions.
- IP protection (GeoIP blocking)
- Data leakage protection (error message suppression, leakage of personally identifiable information such as credit card or SSN numbers)
- Input protection (SQL injection, cross-site scripting (XSS), local/remote file inclusion, remote code execution, PHP code injection, path traversal, session fixation)
- HTTP validation (limit HTTP allow method, encoding bypass detection, HTTP response splitting, HTTP parameter pollution)
- Security stack includes WAF, applicate rate limiting, DDoS protection, SSL/TLS, white/black list and L3-L7 security rules
- Per-app deployments and elastic scaling across data centers and multi-cloud environments
- GDPR, HIPAA, and PCI compliance with a scalable and distributed software application services platform
- Distributed web application security fabric enforces security using built-in analytics to make intelligent decisions
Secure Web Applications and Achieve Compliance
Security breaches are on the rise and web application attacks rank #1 according to the Verizon Data Breach Investigations in 2017 and 2018. Learn how Avi iWAF and a comprehensive set of security features help achieve:
- Point-and-click simplicity for policies with central control
- Elastic scale with highly performant, automatic scale-out architecture
- Granular app security insights on traffic flows and rule matches to enable precise security policies
- Compliance with GDPR, HIPAA and PCI
Automation and Programmability
- Automated attack blocking (scanner detection, brute force attacks)
- 0-day attack protection with WAF based on machine learning (Shellshock, HTTPoxy)
- Application specific security (Drupal, WordPress)
Real-Time Visibility and Security Analytics
- Visualizing security details including information about SSL versions, ciphers used in transactions, real-time DDoS attack data, and system health scores
- Granular security insights on traffic flows and rule matches help inform precise policies
- One-click customization of rules and exceptions to significantly reduce the problem of false-positives