Web Application Security With Simplicity, Visibility and Performance

Traditional web application security solutions such as appliance-based web application firewall (WAF) solutions are complex to manage, rigid to scale, and lack application security insights. These web application security issues, combined with increased rate and severity of web application attacks have made the need for a modern, secure web application framework critical for today’s enterprise.

Web Application Security - Avi Vantage Diagram

 

 

Comprehensive Web Application Protection With Avi Vantage

Intelligent Web Application Firewall

Appliance-based hardware web application firewalls (WAFs) rely on complex rules, lack app security insights, and require costly overprovisioning to compensate for lack of elasticity. In contrast, Avi’s iWAF is 100% software WAF solution and provides scalable app security, threat detection, and application protection using:

  • Point-and-click simplicity with unparalleled visibility and intelligence
  • On-demand autoscaling in response to application security challenges
  • Central policy management and analytics-driven security policies

Application Rate Limiting and DDoS Protection

Avi Vantage includes many options for rate shaping and throttling of traffic. This may be applied at the virtual service, pool/server, or client level.

  • Per-application rate limiting and granular control
  • Protection against L4 and L7 denial of service (DoS) attacks
  • Customizable via data scripts to create specific policies

Encryption, Authentication and L3-L7 ACLs

With web application attacks on the rise, websites need strong encryption such as Secure Socket Layer (SSL) / Transport Layer Security (TLS). Avi natively implements:

  • HTTP Strict Transport Security (HSTS)
  • RSA and Elliptic Curve Cryptography (ECC) certificates
  • Perfect Forward Secrecy (PFS) with point-and-click features
  • URL and IP port based allow-list and deny-list through access control lists (ACLs)

Intelligent Web Application Security with Point-and-Click Simplicity

The Avi iWAF provides web application security enforcement and intelligence. Learn more about iWAF benefits and how you can secure web applications and achieve compliance:

  • GDPR – Safeguard personally identifiable information (PII)
  • PCI – Protect online cardholder data and meet PCI 6.6 requirements
  • HIPAA – Provide audit trail for electronic protected health information (ePHI)
Intelligent Web Application Security with Point-and-Click Simplicity

Provide Comprehensive Web Application Security Tools

VMware NSX® Advanced Load Balancer™ (by Avi Networks) provides a comprehensive web application security architecture including DDoS mitigation, SSL/TLS encryption, ACL and application rate limiting. It also features an Intelligent Web Application Firewall (iWAF) with distributed web application security fabric to enforce security through closed-loop analytics and WAF learning mode that covers open web application security project (OWASP) CRS protection, support for compliance regulations such as PCI DSS, HIPAA, and GDPR, and signature-based detection.

Avi Pulse cloud services provide new threat updates including IP reputation, bot detection, CRS signatures and more, and minimize false positives with advanced web application security analytics, detection, and enforcement modes. iWAF provides an optimized security pipeline to maximize the efficiency for traditionally resource intensive operations. With real-time app security insights and analytics iWAF provides actionable insights on performance, end-user interactions and security events in a single dashboard with end-to-end visibility

Advantages of Managing Web Application Security Using Avi iWAF

  • Central management of all distributed WAF instances
  • Point-and-click policy configurations with rule exceptions customizable for each application
  • Granular application security insights on traffic flows
  • Scalable WAF capabilities with per app and per-tenant deployments
  • Input protection

    — SQL Injection, Cross-site Scripting (XSS) etc.

  • HTTP validation

    — Encoding bypass detection, HTTP response splitting and HTTP parameter pollution

  • Data leakage protection

    — Error message suppression and protection against leakage of PII such as credit card or SSN numbers

  • Automated BOT attack blocking

    — Scanner detection,blockage of brute force attacks, and GeoIP blocking

  • Accurate and analytics-driven security policies
  • Automatic policy configurations
  • Elastic per-app autoscaling
  • Built-in security analytics across data centers
  • Security insights to eliminate false positives
Virtual Summit