Web Application Firewall SonicWall Web Application Firewall offers a comprehensive foundation for web application security, data leak prevention and performance, on prem or in the cloud The SonicWall Web Application Firewall performance. WAF learns, interrogates Benefits: (WAF) Series enables a defense-in-depth and baselines regular web application Web Application Threat Management strategy to protect your web applications usage behaviors and identifies anomalies running in a private, public or hybrid that may be indicative of attempts to • Shrink attack surface with full management and control of web cloud environment. It offers a complete, compromise the application, steal data application traffic out-of-box compliance solution for and/or cause service disruption. application-centric security that is easy to • Interrogate the behavior and logic manage and deploy. WAF employs a combination of signature- of web communication beyond based and application profiling deep- protocol activities The SonicWall WAF is a full-featured packet inspection. Its high performance • Detect and alert on anomalies in web application firewall that arms real-time intrusion scanning engine uses web application behavior organizations with advanced web security event-driven architecture to dynamically Web Application Protection tools and services to protect their data defend against evolving threats. These and web properties against modern, include those outlined by the Open • Protect against known and zero-day web-based threats. It applies deep Web Application Security Project vulnerabilities with Capture ATP, virtual patching and custom rules packet inspection of Layer 7 web traffic (OWASP), as well as more advanced against a regularly updated database of web application threats like Denial • Defend against latest vulnerabilities known signatures, denies access upon of Service (DoS) attacks and context- and threats outlined by OWASP detecting web application vulnerabilities aware exploits. Moreover, WAF also Top Ten and redirects users to an explanatory prevents data loss with data masking and • Preserve web servers' integrity and error page. This helps keep compliance page-blocking techniques for specified performance against application data unexposed and web properties patterns of sensitive data like Payment DoS/DDoS attacks safe, undisrupted and in peak operating Data Leak Prevention (DLP) • Prevent data theft via data masking and page-blocking techniques • Bar attackers from gaining access Classified Malware Streaming Data to users’ accounts and all accounts PDF RANSOMWARE Locky on web servers with precise access Email security controls RANSOMWARE BLOCK Data File WannaCry Artifact 1 Accelerate Application Delivery 101001001010 TROJAN 010100101101 Spartan Artifact 2 MACHINE 010010100100 LEARNING • Enable caching, compression and 101001010010 Artifact 3 other HTTP/TCP optimizations to 110101010010 Deep Learning UNKNOWN 010100100010 accelerate application delivery Artifact 4 Algorithms CLOUD CAPTURE 101100100101 SANDBOX • Reduce workload and boost A Hypervisor performance by offloading SSL Endpoint transactions A B C D B Emulation C Virtualization • Perform Layer-7 load balancing to D RTDMI distribute the load across clustered web servers Bad BLOCK Good until SENT VERDICT Card Information (PCI) and government downloads or injections are sent to the customers can easily implement HTTPS issued identification. SonicWall Capture ATP service in the for their websites using this service. cloud for analysis using deep learning For optimal protection against malicious algorithms. It has the option to hold them Economy of Scale downloads, malware injections or at the gateway until a verdict is rendered. advanced threats, WAF leverages WAF provides economy of scale benefits SonicWall Capture Labs threat research. Unique only to SonicWall, this multi- of virtualization and can be deployed as a It also adds SonicWall Capture Advanced engine sandbox platform applies virtual appliance in private clouds based Threat Protection (ATP) and Real-Time a combination of third-party and on VMWare or Microsoft Hyper-V; or Deep Memory Inspection (RTDMITM) proprietary static and dynamic processing in AWS or Microsoft Azure public cloud service options to its suite of web tools for threat prevention. These environments. This gives organizations security services. Additionally, APIs include a pool of over 60 reputable virus all the security advantages of a physical are provided to give administrators scanners, RTDMI, virtualized sandboxing, WAF with the operational and economic the ability to monitor and orchestrate full system emulation and hypervisor- benefits of virtualization, including WAF operations programmatically for level analysis technologies. system scalability and agility, speed of improved web security automation system provisioning, simple management and efficiency. Simultaneously, each inspection and cost reduction. technique executes suspicious code Cross-vector threat intelligence and analyzes behavior and provides Acceleration features include load comprehensive visibility to malicious balancing, content caching, compression Capture Labs performs threat hunting activity. At the same time, it resists and connection multiplexing improve and intelligence sharing across the evasion tactics for optimized zero-day performance of protected websites and entire SonicWall security ecosystem threat discovery and defense. significantly reduce transactional costs. including WAF. The research team vets A robust dashboard provides an easy-to- cross-vector threat information from Let's Encrypt integration use, web-based management interface. a variety of sources, including a million This features status page overview of all globally placed security sensors while To help organizations deliver greater monitoring and blocking activities, such continuously developing and patching security to website visitors and elevate as signature database status information WAF with dynamic threat signatures for their SEO placement, WAF integrates and threats detected and prevented up-to-date web application protection. with the Let's Encrypt service. This since boot-up. complimentary Certificate Authority Multi-engine advanced threat analysis (CA) service includes issuing, monitoring, The WAF Series is available in four renewing and decommissioning website models that represent their SonicWall Capture ATP Service extends certificates, for easy SSL/TLS certificate licensed inspection capacities to web application protection to detect and life-cycle management. Completely accommodate various monthly traffic prevent zero-day attacks. Suspicious file managed by the SonicWall WAF, volume with unlimited domain. The Known Web Threat Prevention Anti-Evasion Protection Application Load Balancing Content updates based Submitting files Data on threat research for sandboxing Protection DoS Protection Bot SonicWall Web Application Firewall HTTP/SSL Application Signature-based Web deep packet delivery exploit application inspection controller prevention profiling engine User Web Server(s) Custom Rules & Patterns Hacker Website SME subscribed Licensed Capacity activates platforms for various private/public WEBSITE LICENSED WAF’s complete suite of security services cloud security use cases. The WAF MODEL CAPACITY up to the prescribed monthly capacity. Series is available for deployment on the PRO 10 GB per Month Services include Capture ATP with following platforms: RTDMI™ technology to inspect web SMALL 50 GB per Month traffic and web transactions. It then 1. Private Cloud: MEDIUM 200 GB per Month resets each month. Licensed Capacity • VMware ESXi LARGE 500 GB per Month options are stackable to address growing • Microsoft Hyper-V capacity needs. 2. Public Cloud: Deployment options • Amazon Web Services (AWS) SonicWall WAF can be deployed on a • Microsoft Azure wide variety of virtualized and cloud Summary of WAF Features Web Application Security • Hypervisor level analysis • Automatic Software Updates • OWASP Top 10 Protection • Full system emulation • API Support • CSRF Protection • Broad file type examination Monitoring & Reporting • Cookie Tampering Protection • Automated and manual submission • SNMP Support • Website Fingerprint Detection • Real-time threat intelligence updates • Event / Audit Logging & Syslog • Sensitive Data Protection - Masking • Block until verdict • Email alerts and Blocking Botnet Protection • System monitoring & Diagnostics • Rate Limiting and DoS Protection • Geo-IP- and Threat Intel-based • Threats Dashboard • Anti-evasive inspection protection filtering • Health Dashboard • Automatic Signature updates • Blacklisting and Whitelisting • PDF Report Exports • Web Application Profiling & • Blocking and Captcha-based Auto-Rule Generation Remediation Support Platforms & Licensing • Access Policies (using Geo, IP, URL Secure Web Application Delivery • VMWare & MS Hyper-V and AWS or User) & MS Azure (BYOL) • Secure Web App. Offloading • Custom Rules & Rule-chaining • Subscription License based • SSL Inspection & PFS • Custom Error response on capacity • Session Logout Timer • Secure Session Logout • Layer-7 Load Balancing • HTTP Strict Transport Security • Web App. Health Monitoring Partner Enabled Services (HSTS) Support • Web App. Acceleration -content Need help to plan, deploy caching, compression and TCP or optimize your SonicWall • Let's Encrypt service optimization solution? SonicWall Advanced Services Partners are trained • Authentication with MFA support Administration