【Table of contents】
-
1. Introduction
In this blog, we’ll take a closer look at AWS WAF and managed rules. We will explain their advantages, and how to use AWS WAF as it is, or together with managed rules.
-
2. What is AWS WAF?
AWS WAF is a Web Application Firewall provided by Amazon Web Services, which has the largest share of the global cloud service market. It is mainly used to protect websites from attacks on web applications. It is necessary to protect the 7th layer (application layer) of the OSI reference model. For example, it blocks web attacks such as SQL injection and cross-site scripting.
-
a) Advantages of AWS WAF
Now, let's take a closer look at the benefits of implementing AWS WAF.
- ・Cost effective
AWS WAF is much cheaper than other traditional WAFs. Although there are plenty of other cloud-based and on-premise WAFs, AWS WAF can be installed with no initial cost and with a low running cost of as little as $20 a month. Traditional WAFs incur at least some initial fee, ranging from several thousand dollars to hundreds of thousands of dollars, while others have high running costs based on the level of vendor support. Compared to that, AWS WAF is very cheap and cost effective due to its zero initial fee and low running cost.
- ・Ease of deployment
AWS WAF is just a few clicks away and takes at most 10 minutes to deploy. Other cloud-based and on-premise WAFs require you to complete contracts and have licenses to be installed, which can take somewhere from a few hours to a few days to implement. However, AWS WAF does not require any such work and you are able to deploy it right away.
- ・Agile protection against web attacks
Web applications are subject to a variety of web attacks, and therefore, there is a need to protect your web application from such risks. Failing to do so could result in customer information being leaked or web applications being tampered with. With AWS WAF, you will be able to protect your web applications from major security attacks. Therefore, by implementing AWS WAF, you can significantly reduce the risk of being damaged by security attacks.
Also, previously, AWS WAF could only set up to 10 rules to defend against security attacks, but this has been improved in late November 2019 to allow more rules to be applied. This makes it possible to defend web applications against a variety of attacks in the future.
These were some of the advantages of implementing AWS WAF. Just by looking at this, you can see that AWS WAF is a security product that is cheap and quick to deploy.
- ・Cost effective
-
b) Disadvantages of AWS WAF
Next, let's look at the disadvantages of AWS WAF, which are as follows:
- ・Only web applications built on AWS can be protected
Since AWS WAF is a service provided by AWS for its users, it can only protect web applications that are built on AWS. If you want to protect your web applications built on on-premise or any other cloud, you'll need to customize it accordingly. Also, AWS WAF can only be associated with API Gateway, Application Load Balancer, or CloudFront.
- ・Difficult to operate
AWS WAF is somewhat difficult to operate on a daily basis as it requires a high level of rule-making knowledge. For example, the rules for blocking attacks must be changed manually, which requires the ability to analyze security attacks and the knowledge to obtain the latest information on vulnerabilities and create rules accordingly. Also, the rules you change must be properly tested to verify that they can defend against attacks on your web applications.
As you can see, there are disadvantages to AWS WAF as well. Especially, the difficulty to operate is a serious disadvantage that must be considered when using AWS WAF. However, if you use the "Managed Rules", it will make operating AWS WAF a lot easier. Let’s see how.
- ・Only web applications built on AWS can be protected
-
-
3. What are Managed Rules?
Managed rules are a set of pre-configured rules in which various settings such as conditions and filters are written, curated and managed by AWS Marketplace Sellers, allowing you to quickly secure your system with AWS WAF. Using managed rules eliminates the need to create rules on the user's side, making it easier, cheaper, and faster to start using WAF. Let's take a closer look at its advantages.
-
a) Advantages of managed rules
Some of the advantages of managed rules include the following.
- ・Rules managed by security experts
Managed rules are written by security experts who have extensive and up-to-date knowledge of threats and vulnerabilities. Therefore, you can expect a proper response to a variety of network threats and vulnerabilities. The rules that are created will be useful in many situations, since the elements that matter to many users are referenced. Even when a new vulnerability is discovered in the middleware or a new style of threat appears, the managed rules are automatically updated by the AWS Marketplace sellers to accommodate them. This helps users focus on their core business, rather than managing security rules.
- ・Easy to get started
You can subscribe to managed rules with a few clicks and pay only for what you use, without having to sign up for any expensive professional services.
- ・Rules managed by security experts
-
b) Choosing the managed rules
Currently, there are only two security vendors that offer managed rules for AWS WAF on AWS Marketplace, as well as one offered by AWS itself, called AWS managed rules (AMR). The actual selection screen looks like the following.
※Currently, there are 6 companies that provide managed rules for AWS WAF Classic.
Out of these 3, how to decide which ruleset is best for you?
AWS managed rules (AMR) are divided into smaller rule groups and require a bit of expertise to choose. For example, you’ll need to choose from baseline rule groups, use-case specific rules groups, or IP reputation rule groups. If you have any expertise in security, AWS's managed rules will do, if not, the managed rules offered by security vendors offer protection against OWASP TOP 10. If you're a little unsure about your security knowledge, you should definitely go with one of the rulesets offered by the security vendors, instead of AMR.
-
-
4. Conclusion
Using managed rules can dramatically ease the operation of AWS WAF. If you use AWS WAF, please consider using managed rules.
