Interview with Anand Hariharan, VP of Products for Webscale Networks
What are the biggest challenges companies are facing in regards to running their critical web applications effectively?
AH: The biggest pain points that we are hearing from customers are around the security, availability and performance of their critical web applications. Security is becoming an even bigger challenge in recent years, due to the increase of malicious attacks on e-commerce applications, which is why we recently launched the Webscale Cloud Web Application Firewall (WAF).
What is different about Webscale’s Cloud WAF from other solutions?
AH: The market is flush with WAF solutions that combat malicious attacks at the edge of a web application, closest to the end user. However, Webscale’s Cloud WAF is the first to focus on critical e-commerce platforms and integrate application awareness by building out robust protection at the edge and at the application backend infrastructure, in a single as-a-Service solution.
Webscale’s core platform is a cloud-native ADC (application delivery controller) stack that helps to enable multiple performance and security functions. The WAF capability is the first standalone product that we are offering for those that need comprehensive security but don’t want or need a full ADC stack. It is built on top of the widely deployed open-source ModSecurity, providing organizations the ability to use their existing WAF rule sets.
What security vulnerabilities does it target? What are its top features?
AH: Webscale’s Cloud WAF is aimed at providing robust protection at the application layer from attacks which can be catastrophic to the reputation and business of the e-commerce application owner. Webscale’s decentralized and software-defined application delivery architecture allows the data plane to reside in close proximity to the application, giving it unprecedented, real-time insight into all activity, while its control plane is able to make changes and deploy necessary safeguards in real-time. The platform is completely application aware and targeted, enabling it to protect against application-specific vulnerabilities as well as identify anomalies and issue resolutions before disruption is caused. As a true cloud-based solution, Webscale is also able to learn across its large base of customers, allowing for any security fixes applied on one customer to immediately be distributed across our entire customer base.
Web applications, especially e-commerce are increasingly faced with DDoS (Distributed denial of service) attacks aimed at exploiting the application for financial gain. The Cloud WAF can help prevent application-level DDoS attacks by validating sessions to only allow humans in and keep bad bots out.
From a technical perspective, why is Webscale’s Cloud WAF so effective?
AH: At the browser level, the Webscale Cloud WAF enables best-in-class HTTPS support with the latest SSL/TLS standards, without having to make any changes to the application infrastructure. Deploying SSL/TLS at the Webscale level ensures better offload and encryption from the application servers, enabling more efficient use of infrastructure. With the recent rollout of our HTTP/2 support and Service Provider-grade PCI-DSS certification, Webscale also added industry-standard protection for sensitive customer information, to deliver strong security and increased performance. The WAF has strong blacklisting and whitelisting capabilities and can block or allow requests or sessions by IP address, device type or geographic location. It also allows for blocking against the OWASP top 10 threats as well as application specific or custom rulesets. In the event of a DDoS attack, Webscale enables Shield Mode, instantly blocking bad traffic and admitting genuine users, keeping the website fast and available.
Through real-time threat insights, Webscale can quickly detect problems, identify solutions and apply fixes through the highly flexible rules capabilities of the integrated WAF.
What are you customers saying about their deployments of Webscale Cloud WAF so far?
AH: We’ve had a great initial response from e-commerce customers. For example, Event Network manages more than 80 online storefronts for our customers and was previously seeing DDoS attacks propagating from all over the world, affecting multiple domains every hour. Neither they nor their hosting provider could keep up, and they experienced shut downs that cost valuable revenue. However, since we’ve started working together, Event Network has experienced 100 percent uptime.
When is Webscale’s Cloud WAF available and what does it cost?
AH: Webscale Cloud WAF is available now a-la-carte for $299 per domain per month with no contracts of any kind . All the capabilities of the Cloud WAF are also included in the Webscale Pro and Enterprise converged platforms. For more information on Webscale products, visit our website: www.webscalenetworks.com/products/.