Safeguarding web applications and APIs.
Unlike other cloud WAAP/WAF solutions, Continent 8's pricing is transparent and all-encompassing. All functionalities and features are accessible from the onset, with no hidden costs.
Our solution is designed using Fortinet on-premise devices' DNA, providing customers with the sophistication and adaptability typically associated with on-premise systems, but with the ease of cloud-based services.
We've strategically positioned our WAAP platform close to our network's customer origin servers, eliminating the need to redirect traffic and avoiding any added latency commonly experienced with other cloud WAAP solutions.
Every aspect of the WAAP - each module, function, and feature - can be fully tailored to your needs using APIs or tools such as Terraform and Ansible.
Our platform not only detects anomalies but also suggests rules for enhanced security, capable of self-optimisation.
Enjoy the advantage of Fortinet's 20+ years of industry-leading security expertise, seamlessly integrated with public cloud technology within Continent 8's network. Our Cloud WAAP receives real-time updates from FortiGuard Labs, assuring immediate protection. Unlike minimal, signature-based WAFs, our Cloud WAAP provides comprehensive protection against sophisticated and emerging threats, minimising false positives.
Complete and robust protection against the OWASP Top 10, zero-day attacks, including API and bot protection, all reinforced by AI-based ML technology for anomaly detection and security enhancements.
Experience accelerated content delivery, enhanced user experience, and instant app protection. Enjoy the simplicity of setup and maintenance through a web-based wizard, offering the convenience of a cloud WAAP with the performance and adaptability of an on-premise solution. No infrastructure installation is needed.
Our WAAP is designed for easy use and doesn't require constant tuning. It enables easy understanding of your security status and helps you meet regulatory compliance effortlessly.
Whether you prefer default security policies or tailored ones, our Cloud WAAP empowers you by allowing basic users to start quickly while giving advanced users full control for fine-tuning. Continent 8's optional Professional Services are available to assist with configuration and maintenance of customer WAAP deployments.
Effortlessly adjust and override policies for your specific needs or apply a global configuration. As an ISP, our protection layers against cyber attacks include large scale upstream filtering, dynamic network edge filtering, C8 Shield, volumetric DDoS scrubbing, application traffic/connection rate limiting, and Security Information Event Management and Managed Detection and Response. This multi-layered approach provides unparalleled mitigation against large-scale and zero-day attacks.
Businesses that experience high volumes of web traffic or are at risk of DDoS attacks due to profile or organisation type, can use this feature to maintain the availability of their applications, ensuring that legitimate users can access their services without disruption. DDoS protection mechanisms identify traffic patterns and differentiate between legitimate and malicious traffic. Techniques like traffic scrubbing, rate limiting, and IP blocking help to filter out the malicious traffic. Additionally, our advanced DDoS protection solutions use machine learning and artificial intelligence to adapt and respond to evolving threats.
WAF is a key function of a WAAP service. Organisations that want to protect their web applications from common attack vectors, such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI), can leverage WAF functionality to block malicious requests and prevent security breaches. Protection against the OWASP Top 10 Vulnerabilities. A WAF operates at the application layer (Layer 7) of the OSI model and inspects incoming HTTP/HTTPS requests for potential threats. WAFs use rulesets and policies, including custom rules, to block malicious requests. Our WAFs also suppots virtual patching to address known vulnerabilities without requiring changes to the application code – PCI:DSS compliance requires that a WAF is enabled to achieve compliance.
Companies with APIs for third-party developers or internal use can utilise API security features to protect their APIs from abuse, unauthorised access, and data breaches. This can help maintain the integrity of the APIs and safeguard sensitive information. API security involves securing both the API infrastructure and data. Techniques include input validation, output encoding, enforcing access control policies, and using secure communication protocols like TLS. Additionally, API security includes monitoring and analytics to detect and respond to suspicious behaviour or breaches.
Online businesses facing issues with content scraping, fake account creation, and fraudulent activities can leverage bot management functionality to identify and block malicious bots while allowing legitimate traffic to pass through. Bot management involves identifying and categorising different types of bots based on their behaviour and intent. This is achieved using techniques such as rate limiting, user agent analysis, JavaScript challenges, CAPTCHAs, and machine learning algorithms. Bot management solutions then allow, block, or throttle the identified bots based on their categorisation and the organisation's security policies.
Organisations that require user authentication for their web applications can use credential stuffing prevention features to detect and block automated attempts to gain unauthorised access using stolen or compromised credentials. Credential stuffing prevention techniques aim to detect and block automated login attempts using stolen credentials. Methods include monitoring for unusual login patterns, implementing CAPTCHAs, and enforcing multi-factor authentication (MFA). IP reputation analysis and device fingerprinting can also help identify potential credential stuffing attacks.
Companies that need to manage access to their web applications and APIs can utilise access control and authentication features to implement role-based access, multi-factor authentication (MFA), and single sign-on (SSO) capabilities to enhance security and user experience. Access control mechanisms enforce role-based permissions, ensuring that users only access resources they are authorised for. Authentication features verify the user's identity using methods like password-based authentication, multi-factor authentication (MFA), and single sign-on (SSO). Additionally, OAuth and OpenID Connect protocols can be used for secure, standardised third-party authentication and authorisation.
Organisations with limited resources or strict performance requirements can use rate limiting and traffic shaping features to control the volume of incoming requests, preventing server overload and ensuring optimal performance for legitimate users. This can also be used to prevent particular DDoS attacks. Rate limiting restricts the number of requests a client can make within a specified time frame, while traffic shaping prioritises and allocates bandwidth based on predefined rules. These techniques help prevent server overload and ensure optimal performance for legitimate users. They are implemented through algorithms like leaky bucket, token bucket, or fair queuing.
Businesses that handle sensitive information, such as payment card data or personally identifiable information (PII), can employ DLP features to monitor and prevent the exposure of sensitive data through their web applications and APIs. DLP solutions monitor and filter data transfers to prevent the exposure of sensitive information. DLP systems use techniques like pattern matching, regular expressions, and machine learning to identify sensitive data. Policies can be configured to block, alert, or quarantine data transfers containing sensitive information.
Companies looking to gain insights into their security posture and understand the nature of threats targeting their web applications and APIs can benefit from threat intelligence and analytics features. These functionalities can help identify patterns, trends, and potential vulnerabilities, enabling proactive security measures. AI (Artificial Intelligence) vulnerability scanning is also included with the WAAP service to identify any unforeseen vulnerabilities or vulnerability chaining. Using AI, the WAAP service will analyse the vulnerability scan results and can suggest new rules to put in place to reduce the attack surface area and increase the organisations security posture. Threat intelligence and analytics involve gathering, analysing, and correlating data from various sources (e.g., logs, network traffic, and threat feeds) to detect potential threats, vulnerabilities, and attack patterns. Machine learning and artificial intelligence can be employed to process large volumes of data and identify anomalies, helping organisations to proactively address security risks.
Organisations aiming to optimise performance while ensuring the security of their web applications can use secure content delivery and caching features. This functionality can help accelerate content delivery, reduce latency, and protect against threats like man-in-the-middle attacks. Secure content delivery is achieved through encrypted protocols like TLS (Transport Layer Security) and HTTPS, which provide end-to-end encryption between the client and server. Caching involves temporarily storing copies of web content closer to the end-users to improve performance and reduce latency. Cache security measures include cache poisoning prevention, cache key obfuscation, and ensuring that sensitive data is not accidentally cached.
