A lean, self service, new approach to web application security - Read Time - 4:00

Signal Sciences, a new Arctiq Ecosystem partner, is an “emerging”, “next generation” Web Application Firewall (WAF) company providing modern Web Application Security (WAS). This technical blog has a companion - demo video -  below which will allow you to quickly understand the value Signal Sciences brings to the market. We will also show you how to use some vulnerability and testing tools for PEN testing, allowing you to evaluation your own web applications.

So what is Signal Sciences?

Signal Sciences built the industry’s first SaaS-based next generation Web Application Firewall in response to frustrations trying to use legacy WAFs and a goal of accelerating business initiatives like DevOps and cloud adoption. The Signal Sciences NGWAF works seamlessly across cloud, physical and containerized infrastructure, providing actionable security prioritization based on where your applications are targeted, and blocking attacks without breaking production traffic.

Next generation of web application security - No hardware required!

Signal Sciences is transforming the way web application security works. Providing you the insight you need to prioritize security resources to address attacks as they occur. Their mission is to help security and development teams see clearly and make informed decisions to confidently run your web applications. Signal Sciences operates as a SaaS (Software as a Service) and have a very lightweight 100% software based approach.

Let’s talk about a real use case for a customer who has been hosting a web application in a private data center. Like many customers, they have been using physical Web Application Firewalls to secure their applications. Their physical appliances’ security modules have been in learning mode for quite some time. Building the custom rules was something they always wanted to do but never really had the time or knowledge to implement using the data captured from learning mode.

Screen Shot 2016-06-14 at 11.04.10 PM.png

Fast forward >> the customer now wants to move some web applications to the Cloud. Since they cannot move the physical WAF appliance with the application, they need to look at alternative solutions. One option is to utilize a virtual appliance and try to architect the application similar to how it existed in their private data center.  Another option is to utilize Signal Sciences SaaS service  to protect and provide visibility into the application. There is no requirement to put the application in learning mode or maintain a large set of attack signatures "that is all part of the service".  In a few minutes you can configure your site and have the service up and running.

To demonstrate the power of this service, I am going to be utilizing NIKTO to generate attacks on my wordpress website. I have a very light weight Signal Sciences agent and module installed on Apache.  All configured on my Ubuntu Linux virtual machine running in the public clod.

Check out this short video to get a feel for the Signal Sciences Service in action:

Let’s examine the data flow during an attack:

1 - An HTTP request containing an attack is sent to your web application or API
2 - Signal Sciences Module and Agent handles the request.
3 - Relevant attack signals are pushed to the Signal Sciences Cloud Analysis Engine.
     Your response time is not affected by this activity.  Traffic flows as it would normally.
4 - Adaptive rules are returned to the Agent and Module, data reported to SS dashboard.
     This is where you can have the service full blocking mode, protecting your application.
5 - The Signal Sciences Dashboard provides prioritization of real-time visibility.
6 - API and third-party integration provide alerting flexibility. Slack notifications.

Blocking that won't break your app - Anomaly data is aggregated in the Signal Sciences back-end, and informs hyper-reliable decisions. The result: If a request is blocked, there is a solid reason why.

Visible security - The true power comes from gaining insights from anomalies and attack chains in real time, responding quickly and being able to use this knowledge to shut down attacks as soon as they happen.

  • Get the data needed to make strategic decisions
  • Get detailed insights into your most attacked applications and functionality, type of attack, time of attack and point of origin
  • Focus limited resources
  • Armed with strategic data, you can make informed decisions where to focus resources to combat attacks
  • Continuously view real time responses
  • Attack data can be shared easily in real time with dev and security teams.
  • Customize data the way you want to see it
  • Integrate security into your application development process

Want to learn more?  

Take the first step, we would be happy to have a deeper discussion and provide a live demo or kick off a proof of concept.

Kyle Bassett