Protect Your Web Applications with Amazon Web Services WAF Ready Partners

by Mysty Lawrence and Joanne Moore | on

By Mysty Lawrence, Edge Partner Sales Specialist – Amazon Web Services
By Joanne Moore, Sr. Launch Product Manager – Amazon Web Services

As organizations continue to build and migrate more of their applications in the cloud, bad actors deploy increasingly sophisticated attacks that can lead to loss of revenue, customer trust, and brand reputation. Ensuring websites and applications are protected from external threats has become a top concern for businesses of all shapes and sizes.

Amazon Web Services Web Application Firewall (WAF) is a web application firewall that helps protect web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. Amazon Web Services WAF gives customers control over how traffic reaches their applications by enabling them to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting.

Thousands of customers use Amazon Web Services WAF to ensure their applications are secured and protected from unauthorized traffic.

We’re excited to announce the Amazon Web Services WAF Ready specialization to help customers deploy and maintain their application layer security solution with Amazon Web Services WAF Ready Partner software products.

Amazon Web Services WAF Ready products are vetted by Amazon Web Services Partner Solutions Architects for their sound architecture, adherence to Amazon Web Services (Amazon Web Services) best practices, and market adoption, including proven customer success. Amazon Web Services WAF Ready Partners provide robust WAF rule sets and mitigation tools that customers can choose from depending on their specific application use case.

Additionally, Amazon Web Services WAF Ready Partners stay ahead of the attack curve and can help mitigate zero-day vulnerabilities so that customers don’t have to worry about continually updating their rule sets based on novel or new attack vectors. Beyond detection and mitigation, Amazon Web Services WAF Ready Partners provide customers with pre-built integrations to help ingest and analyze WAF event data.

Launch Partner Showcase

The Amazon Web Services Service Ready Program is designed to validate software products built by Amazon Web Services Partners that work with specific Amazon Web Services services.

We invite you to explore the WAF Ready Partners recommended by Amazon Web Services:

Cloudbric

  • Malicious IP Reputation Rule Set : Cloudbric Labs provides a comprehensive list of Malicious IP Reputation based on threat intelligence gathered from over 700,000 sites in 95 countries, reducing the amount of time required for identifying and processing, and in turn, helping minimize the damages caused by these threats.
  • OWASP Top 10 Rule Set : Cloudbric utilizes a logic-based intelligent WAF engine that was voted as Asia Pacific’s no.1 for 5 consecutive years. Automated updates ensures it protects against the OWASP Top 10 vulnerabilities and new threats.

Cyber Security Cloud

  • API Gateway/Serverless : Cyber Security Cloud Managed Rules are designed to mitigate and minimize vulnerabilities, including all those on OWASP API Security Top 10 Threats list. By using our rulesets, you can start protecting your API Gateway right away with a low false-positive rate and a higher defense capability.
  • HighSecurity OWASP Set : Cyber Security Cloud Managed Rules are designed to mitigate and minimize vulnerabilities, including all those on OWASP Top 10 Threats list. With the HighSecurity OWASP Set, you can start protecting your web applications right away with a low false-positive rate and a higher defense capability.
  • WafCharm : With WafCharm, Amazon Web Services WAF operations are automated as it automatically configures, curates, and updates Amazon Web Services WAF rules that best fit your environment. With a full team of security experts, WafCharm always stays ahead of new vulnerabilities by creating and applying new WAF rules. This ensures that your website is protected against the latest threats and vulnerabilities. Without disrupting or altering the existing rules or system, your IT and security teams can focus on other strategic initiatives.

F5

  • Web exploits OWASP Rules : Protect against web exploits. F5 Web Exploits Rules for Amazon Web Services WAF, provides protection against web attacks that are part of the OWASP Top 10, such as: SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource.
  • API Security Rules : Protects against API attacks, web attacks (such as XML external entity attacks), and server side request forgery. The rule set includes support for XML and JSON payloads, and common web API frameworks.
  • Common Vulnerabilities and Exposures (CVE) Rules : Protect against common vulnerabilities and exposures (CVE). CVE Rules for Amazon Web Services WAF provides protection for high profile CVEs targeting the following systems: Apache, Apache Struts, Bash, Elasticsearch, IIS, JBoss, JSP, Java, Joomla, MySQL, Node.js, PHP, PHPMyAdmin, Perl, Ruby On Rails, and WordPress.
  • Bot Protection Rules : Protect against automated attacks. Bot Protections Rules is a partner managed rule group for Amazon Web Services WAF that stops a broad range of malicious bots activities such as vulnerability scanners, web scrapers, DDoS tools, and forum spam tools.

Fortinet
Fortinet’s Complete OWASP Top 10 Managed Rules deliver comprehensive web application protection against the OWASP Top 10 threats, including protection against SQL Injection, Cross Site Scripting, General and Known Exploits, Malicious Bots, and Common Vulnerabilities and Exposures (CVE). Security signatures are automatically updated with the latest threat protections and updates from FortiGuard Labs.

Fortra (formerly Alert Logic)
Alert Logic provides managed detection and response solutions that integrate security technology, human analytics, and responsive communication to provide high quality, cloud-optimized security services. Alert Logic’s cloud-native technology and team of security experts protect organizations 24/7.

GeoComply
GeoComply’s location fraud detection solution, GeoGuard DB , provides multi-layered fraud protection against VPNs, DNS proxies, peer-to-peer networks, and other methods used to manipulate IP address data and spoof user location using IP geolocation fraud applications and tools. Continuously updated, GeoGuard DB ensures protection remains effective.

Imperva
Imperva’s Managed Rules for IP Reputation allows you to take a proactive approach to security by providing an extensive IP allow list/deny list which is regularly monitored and updated. Imperva’s reputation feed leverages crowd-sourcing from aggregated attack data to update its list with newly detected malicious sources, taking the burden off of IT teams to account for undiscovered threats.

MonitorApp
MonitorApp is a plug and play Industrial Internet of Things tool for extracting, processing, and displaying floor data in real time. MonitorApp is one of the only Manufacturing Collaboration Platform with KPIs, tasks, real data, IoT sensors, and more.

Salt Security
The Salt Security API Protection Platform secures the APIs at the heart of all modern applications. Salt collects API traffic across the entire app landscape and use AI/ML and big data to discover all APIs and their exposed data, stop attacks, and eliminate vulnerabilities at their source.

ThreatSTOP
ThreatSTOP’s Managed Rules for Amazon Web Services WAF drops malicious and unwanted connection attempts before they can do damage and cost money. ThreatSTOP’s Managed Rules can help reduce financial fraud, stop automated bots and scanners from chewing-up resources, and save time and effort meeting compliance.

Customers: Learn About Amazon Web Services WAF Ready Partners

Amazon Web Services WAF Ready Partners make it easy for customers to deploy and maintain their application layer security solution with a wide selection of software products that support Amazon Web Services WAF.

We invite you to learn more about Amazon Web Services WAF Ready Partners .

Partners: Looking to Validate Your Amazon Web Services WAF Software Offering?

Amazon Web Services Partners with Amazon Web Services WAF software offerings can learn more about becoming an Amazon Web Services Service Ready Partner.

To validate your Amazon Web Services WAF software through the Amazon Web Services Service Ready Program, you must be a validated member of the Software Path and pass the Amazon Web Services Foundational Technical Review (FTR) prior to applying.

For program requirements, review the Program Guide and access the application in Amazon Web Services Partner Central (log in required).

The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.