INTEGRA | AGILE. SECURE. TRANSFORMATIVE. |
|
Case Study - Startup Fintech Company uses AWS WAF to protect sensitive workloads |
The fintech company is an online B2C (and B2B) portal which brings sellers of personal items to the ‘best priced’ and geographically closest buyer with the additional optionality for the seller to ‘buyback’ their item in the near future. These local retail stores (Members) who regularly buy and sell personal items like second-hand electronics and other goods. These Members put in bid prices and quantities for each individual item on our Portal. |
The company is a startup that is focused on providing financial solutions to customers. The safety of the customer and financial data is of paramount importance, both in terms of regulatory and compliance requirements as well as the reputation of the company. Assets to be protected include web applications that serve as the entry points for consumer customers, businesses using secure access, as well as administrators of both the application servers and databases. Furthermore, external connectivity to third party SaaS solutions like MongoDB Atlas is also present in the environment, adding to the surfaces to be protected. As the business started gaining popularity and the use base increased, it was observed that there was increasing attempts to gain unauthorized access and to compromise the enivronment. Large scale brute-force attacks, SQL injection attacks and Denial of Service attempts - though while not widely distributed, were enough to create concern, given that the operational domain was financial services. It was imperative that these attempts did not get past the perimeter. |
To prevent compromise or non-availability of the critical workloads, AWS WAF was deployed at all entry points into the infrastructure - Regional AWS Web Application Firewalls in the Amazon Application Load Balancers (ALB) and Global WAF for the Content Delivery Network, Amazon CloudFront. The Top 10 OWASP WAF rules provided by AWS was used as the base set and a set of customizations for specific workload related requirements were developed by our internal teams. All the preconfigured protective features that define the rules included in an AWS WAF web access control list (web ACL) was selected. Once the solution was deployed, AWS WAF began inspecting web requests to the user’s existing Amazon CloudFront distributions or Application Load Balancers, and blocked them when applicable. |
How the environment is protected | ||||||||||||||||||
The AWS WAF was configured with a set of rules (called a web access control list (web ACL)) that allow, block, or count web requests based on customizable web security rules and conditions that was pre-defined. The AWS WAF is used to protect the environment against common web exploits which could affect workload availability and performance, compromise security, or consume excessive resources. To customize the WAF, we used a combination of AWS pre-defined rules as well as wrote customized rules that helps protect the customer environment against attacks that are specific to the region or workload.
| ||||||||||||||||||
The image below shows the architecture of the Integra SOC ELK stack and the integration with customer accounts. This is a generic representation and is common to all customers. |
The benefits of using AWS WAF to protect the workloads were immediate and clearly visible. A low predictable cost, compared to thousands of dollars for legacy WAFs, was most important to the finance and planning teams. Zero upfront costs and marginal running costs made sense to the customer, especially since it was important to optimize costs at all points. The second benefit was the ease of deployment. Integra teams were able to deploy and start protection of the customers workload within a few hours, with the pre-built OWASP Top 10 Rules and our customizations that we applied on top of the base rules. Our customized rules were built based on the years of experience we had protecting workloads on AWS. The customer was very happy with the very low lead time, and the immediate impact of the deployment in enhancing security of their infrastructure. The third benefit of using AWS WAF was the ability to customize rules and build upon the base rules. This allows for greater control of how attacks are identified, prevented and false postives reduced. Compared to AWS WAFv1 , v2 removes restrictions on the number of rules, and this greatly enhances options when it comes to building and deploying custom rules. |
AWS Components Used | ||||||||||||||||||
|
THIRD PARTY Integrations AND APPLICATIONS | ||||||||||||
|
Integra Technologies FZE |
|
|
|
||||||
Copyright © 2004-2022 Integra Technologies FZE |