Product Overview: Signal Sciences Next-Gen WAF and RASP
Signal Sciences, now integrated with Fastly, offers a cutting-edge Web Application Firewall (WAF) and Runtime Application Self-Protection (RASP) solution designed to protect modern web applications, APIs, and microservices from a wide array of threats.
What it Does
The Signal Sciences Next-Gen WAF provides comprehensive web application and API protection (WAAP) across various environments, including containers, on-premises, cloud, and edge deployments. This unified solution is engineered to address the limitations of legacy WAFs, which often struggle with false positives, limited DevOps integrations, and incompatibility with diverse application architectures.
Key Features and Functionality
Advanced Detection and Blocking
- SmartParse: Signal Sciences employs a proprietary detection method called SmartParse, which evaluates the context of each request to identify malicious or anomalous payloads. This approach significantly reduces false positives compared to traditional regex-based WAFs.
Flexible Deployment
- The solution offers flexible deployment options, allowing it to be installed easily behind existing edge security tools and protecting applications without disrupting their functionality. It supports multi-cloud, hybrid cloud, and on-premises environments, as well as containerized and microservices architectures.
Power Rules and Customizable Protection
- Power Rules: Users can define custom rules using a user-friendly interface, without the need for complicated scripting languages or regex modifications. These rules enable the monitoring of specific business logic and the implementation of tailored security measures. Additionally, users can upload lists of countries, IP addresses, strings, or wildcards to enhance their custom rulesets.
Bot Mitigation and Rate Limiting
- Signal Sciences includes robust bot mitigation and rate limiting features. It can identify and block bots and scrapers, and it allows for the configuration of thresholds to block and alert suspicious or threatening traffic, thereby reducing web server and API utilization.
Integration and Automation
- The platform integrates seamlessly with over 30 common DevOps and security tools, such as Slack, Jira, PagerDuty, Datadog, Splunk, and Cisco Threat Response. This integration enables automated incident responses and streamlined workflow management.
Runtime Application Self-Protection (RASP)
- Signal Sciences’ RASP technology embeds a code module into the application itself and deploys an agent onto each application server. This setup provides deep visibility into application behavior, allowing for more accurate threat detection and response. It also integrates with CI/CD pipelines, ensuring security configurations are automatically updated with application changes.
Real-Time Visibility and Reporting
- The solution offers real-time reporting capabilities, historical threat data, and detailed logging through a single management console. This console allows for the tagging of request logs, providing key metadata and header information for manual review and analysis of detected threats.
Mobile Application Protection
- Signal Sciences extends its protection to mobile applications by monitoring and securing API traffic, detecting and blocking malicious requests, and providing visibility into unique business logic without impacting performance.
Operational Efficiency and Security
- Automated Response: With a high level of accuracy in threat detection, Signal Sciences enables automated response behavior, reducing operational costs. Approximately 95% of its customers run the product in fully automated mode.
- Performance Optimization: The solution is designed to optimize and secure application experiences without performance impact, ensuring site uptime and performance through meaningful metrics and data points.
In summary, Signal Sciences Next-Gen WAF and RASP is a powerful, flexible, and highly accurate security solution tailored for modern software delivery paradigms, offering comprehensive protection, ease of use, and seamless integration with existing DevOps and security infrastructures.