Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Amazon Launches Web Application Firewall for AWS

Amazon announced on Tuesday the availability of AWS WAF, a web application firewall that helps Amazon Web Services customers protect their apps from common exploits.

Amazon announced on Tuesday the availability of AWS WAF, a web application firewall that helps Amazon Web Services customers protect their apps from common exploits.

AWS WAF, launched on the first day of Amazon’s AWS re:Invent 2015 conference, is designed to give users control over the type of traffic that is allowed or not allowed to reach their web applications. By defining Access Control Lists (ACLs), rules, and actions, users can block SQL injection, cross-site scripting (XSS) and other common attack patterns. Rules can also be created for each user’s specific application.

The new security product also includes a full-featured API that can be used to automate the creation, deployment and maintenance of rules.

Jeff Barr, chief evangelist for Amazon Web Services, published a blog post detailing the various AWS WAF concepts, including conditions, rules, web ACLs, and actions.

Barr explained that conditions are designed for inspecting incoming requests. They can analyze the incoming IP address and various parameters of the request, such as URI, query string, HTTP header, and HTTP method.

Rules rely on these conditions to block or allow certain types of requests, while actions dictate the action that is taken when a request matches the conditions in a rule. ACLs reference one or more of these rules and the action that is taken for each of them.

Before the rules and filters are deployed, users need to identify the Amazon CloudFront distribution they want to protect with AWS WAF.

Understanding these concepts is important for calculating the costs of running the service. According to Amazon, there are no minimum charges and pricing is calculated based on the number of defined ACLs and the number of rules deployed for them.

Advertisement. Scroll to continue reading.

The charge for each ACL is $5 per month, and the charge per rule per ACL per month is $1. The volume of web requests handled by AWS WAF is also charged by Amazon, with $0.60 for every million requests. Amazon has pointed out that there are no additional charges for reusing an ACL across multiple CloudFront distributions.

AWS WAF is not the only security product offered by Amazon to AWS customers. At last year’s re:Invent conference, the company launched three new enterprise security and governance solutions for AWS. In June, Amazon released a new open source implementation of the TLS protocol that the company plans on integrating into several AWS services.

Related: Amazon Details Government Data Requests in First Transparency Report

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights