【Table of contents】

1. 1. Introduction
2. 2. What is WAF?
   • a) Types of WAF
   • b) Advantages of WAF
   • c) Disadvantages of WAF
3. 3. What is WafCharm?
   • a) Advantages of WafCharm
4. 4. Conclusion

• 1. Introduction

  In this blog, we will describe WAF and WafCharm in detail. We will also elaborate about the usage and advantages of each.

• 2. What is WAF?

  WAF (Web Application Firewall) is a tool used to protect web sites from attacks on web applications and is necessary to protect the seventh layer (application layer) in the OSI reference model. For example, it blocks web attacks such as SQL injection and cross-site scripting.

  • a) Types of WAF

    There are a variety of WAF products available. For example, there are hardware-based WAFs that can be deployed in data centers and other locations as devices, and there are cloud-based WAFs that can be used as cloud services. There are also WAFs provided by providers of public cloud services such as Amazon Web Services (AWS) and Oracle Cloud Infrastructure (OCI).

  • b) Advantages of WAF

    The main advantages of WAF are as follows.

    • ・It can prevent web applications from security attacks
      For example, web applications on the Internet are always vulnerable to various security attacks. If you cannot properly defend against these security attacks, your company could suffer tremendous damage. For example, a major security attack, such as an SQL injection attack, can lead to the loss of customer information, and a WAF can help mitigate this risk.
       
    • ・It is possible to meet the requirements for obtaining security certification such as PCIDSS
      For example, if a web application handles credit card numbers or personal information, users will not want to use it unless it is secure. Therefore, by obtaining security certifications such as PCIDSS and ISO27001, you can assure users of your safety. In order to obtain such certifications, implementation of WAF is usually one of the conditions. In this way, by implementing a WAF, you can advertise the safety of your web application to the outside world.

  • c) Disadvantages of WAF

    The main disadvantage of a WAF is the difficulty of its operation. Web application vulnerabilities are discovered and reported almost every day around the world, and the WAF defense rules to prevent these attacks must be changed on a daily basis. It also requires specialized knowledge of what rules can be set to prevent such security attacks. When a critical vulnerability is announced, you should also consider limiting the availability of your web application.

    In addition, WAFs are not perfect and often block the normal access, resulting in false-positives, and it is necessary to analyze the blocked communication to reduce the false-positive rate. In other words, operating a WAF requires daily monitoring and a high level of expertise, which makes it very challenging.

• 3. What is WafCharm?

  WafCharm, provided by the Cyber Security Cloud Inc., is a service for automation of AWS WAF operations using AI & Big Data. It is not a WAF, nor is it a defense rule to prevent security attacks. It is a service to be used in combination with AWS WAF and is available to all AWS users.

  • a) Advantages of WafCharm

    Let's take a closer look at the benefits of using WafCharm and AWS WAF as a set.

    • ・Ease of operation
      The biggest advantage is that it makes AWS WAF operation easier. As mentioned earlier, attacks on web applications are increasing every day, and WAF operation requires daily monitoring and changes in defense rules. Therefore, since WafCharm uses AI to automatically find the most optimal rules for your web application, it is no longer necessary to worry about creating new rules and implementing security measures on a daily basis and you can concentrate on your service development. In addition, there is also a report generation function which shows the kind of security attacks received, so it can be used to analyze the current situation, identify rules that have been mis-detected, and fine-tune those defense rules for better protection.
       
    • ・Easy and quick introduction
      Deployment of WafCharm requires AWS operation, but the operation instructions can be found on the WafCharm website for easy deployment. In addition, WafCharm also offers a free 30-day trial, so users can try using it, before making a decision.

• 4. Conclusion

  In this blog, we described the difference between WAF and WafCharm for beginners. WAF is to block security attacks, whereas WafCharm is a tool to support AWS WAF operation. If you want to start using AWS WAF, you may want to consider using WafCharm.