2022 SP// WAF Release Recap: New Ways to Customize Protection
As we head into the third week of October—and our second week of edge computing conferences—we realized we’d be remiss if we didn’t take time to celebrate Cyber Security Awareness Month. StackPath is many things; a global, private CDN, a competitive edge compute platform, and one of the best tech companies to work with for five years in a row… but today, I’d like to highlight our work on our SP// WAF, an enterprise-class WAF that provides our customers with the level of security, simplicity or sophistication, and services that meet their specific needs.
We’ve invested a lot of resources this year alone into upping our WAF offering. For our first post for Cyber Security Awareness Month, we’d like to recap some of our key differentiators from 2022.
As part of the WAF Rules Editor, SP// WAF users can now create custom rules revolving around tags to help filter their incoming traffic. These tags contain information about specific end-users and get attached to their requests. There are two types of tag rules: Tag Based Rules and Tag Generating Rules.
Tag Based Rules are rules where the condition is to see if a tag is present on a certain request. StackPath provides users with a list of default tags they can use out of the box. Once a request is tagged, it can be actioned on using a tag based rule.
Tag Generating Rules allow users to create their own tags that can then be used in a Tag Based Rule; we call these user-defined tags. Once a tag is generated, it can be used as the condition statement in a tag based rule.
Log Streaming for WAF
Log streaming captures performance logs at the edge in near real-time. With it, you can view all the available metrics and the corresponding values or choose which request-response cycle metrics you want to collect. At StackPath, you can now use the same bucket for a site with WAF logging. Additionally, in monitor mode, SP// WAF will log requests and related policies to help customers understand the type of traffic that will be allowed or blocked.
This feature is currently limited availability only. To get enabled, contact sales.
JA3 is a method of concatenating and hashing fields on the TLS handshake where this hash will result in a unique signature for the type of client that made the request. The most significant benefit of this method is that any client, browser or not, that was able to make the TLS handshake (only on a secure connection) will provide this hash. It can be easily integrated into the security system and help with the risk assessment of the clients.
Custom Pages are a feature of our WAF Professional and WAF Enterprise packages that allow users to create custom WAF sanction screens outside of StackPath defaults. This can be done easily through the StackPath portal by leveraging the setup wizard and templates StackPath provides.
IP Spotlight is one of our key offerings focused on observability, transparency, and simplicity in data. IP Spotlight is a feature that allows our customers to investigate an IP address and gather more meaningful data about it. Including:
- IP threat summary & risk assessment score
- Use of botnets
- “known for” activities
- IP ownership information
- Request information
- Geographic information
- Attack distribution over time
- And more!
In essence, it shows our users all the information we’ve gathered on any entered IP address so that they can make more data-driven decisions regarding securing their web presence.
Arguably one of our more consequential releases this year was our new WAF Packages. In May, we launched three new subscription levels for the SP// WAF. We’ve collected feedback for over a decade that led us to create graduated tiers that let businesses choose and use the right level of security for their needs.
First, WAF Essentials is designed for the needs of businesses with smaller web presences. With Essentials, users get protection against OWASP Top 10 threats, bot, and other automated traffic, and layer 7 DDoS protection. Essentials is available with just a month-to-month commitment.
Next is WAF Professional, ideal for businesses with more moderate web presences. Professional includes everything in Essentials but with higher monthly usage and access to additional features and resources, like custom screens and WAF Professional Service Hours.
Finally, we have WAF Enterprise, made for businesses with extensive web operations and the need for the highest level of configuration and control. Enterprise includes everything in the first two packages, with much larger monthly usage, as well as our most advanced rule builder, enterprise-grade support, and white-glove onboarding.
Stay tuned for more content, and upcoming feature announcements around SP// WAF during Cyber Security Awareness Month!