| INTEGRA | |
AGILE. SECURE. TRANSFORMATIVE. |
|
 |
Case Study - Leading Luxury Real Estate Developer in Dubai uses AWS WAF to protect assets. |
 |
One of the major master developers in Dubai migrated from an on-premise hosted web presence to AWS which functions as a single integrated web front that ties to multiple backend systems - including lead capturing and processing with integration to SFDC and online software that customizes villa layouts, custom designs and interior customizations. The reasons for wanting the migration was frequent downtimes, slow responses and service unavailability. |
|
Being the most visited part of their entire digital infrastructure - having almost 6 million hits a month, it is a priority business critical component. Our client is one of the biggest developers in the region, and they are naturally exposed to all kinds of attacks and efforts to compromise their systems. It was imperative that the infrastructure is protected with all resources at hand so that there is no downtime and that the attacks are prevented. It was observed that there had been multiple instances of Denial of Service attacks, probe for operating system and application vulnerabilities and attempted SQL injection attacks. |
|
We recommended the customer leverage AWS WAF, which is a web application firewall to enable them create custom, application-specific rules that block common attack patterns that could affect the digital estate availability and compromise security. The Top 10 OWASP WAF rules provided by AWS was used as the base. All the preconfigured protective features that define the rules included in an AWS WAF web access control list (web ACL) was selected. Once the solution was deployed, AWS WAF began inspecting web requests to the user’s existing Amazon CloudFront distributions or Application Load Balancers, and blocked them when applicable. |
| How the environment is protected | ||||||||||||||||||
The AWS WAF was configured with a set of rules (called a web access control list (web ACL)) that allow, block, or count web requests based on customizable web security rules and conditions that was pre-defined. The AWS WAF is used to protect the environment against common web exploits which could affect workload availability and performance, compromise security, or consume excessive resources. To customize the WAF, we used a combination of AWS pre-defined rules as well as wrote customized rules that helps protect the customer environment against attacks that are specific to the region or workload.
| ||||||||||||||||||
The image below shows the architecture of the Integra SOC ELK stack and the integration with customer accounts. This is a generic representation and is common to all customers.
|
The WAF security automations implemented based on OWASP Top 10 rules were able to block 90 percent of all non legitimate traffic as compared to before the AWS WAF was deployed with the rest being blocked by application specific controls. Traffic to and from the infrastrucure was monitored and is visible near real time with the AWS WAF, AWS Application Load Balancer (ALB) and Amazon CloudFront logs and Amazon CloudWatch logs. We also customized the access of specific applications/user by means of Whitelisting/Blacklisting and rate limiting features. There were repeated Denial of Service attempts from certain IP’s coming from certain countries, so country level blocking for varying time or graylisting was automatically enabled, and the attempts were thwarted. |
| AWS Components Used | ||||||||||||||||||
|
Integra Technologies FZE |
|
|
|
||||||
Copyright © 2004-2022 Integra Technologies FZE |
|||||||||
