Safeguarding web applications and APIs.

WAAP

Product Overview

Continent 8's Web Application and API Protection (WAAP) service provides security for applications against vulnerabilities inherent in the application's code. This applies to both back-office and production web applications/sites. As businesses expand their integrations with partners and introduce new applications and features, the risk of vulnerabilities increases due to broader exposure of web applications and APIs. Continent 8's Cloud WAAP service maintains the security of these applications and the content they present. Our WAAP system utilises a multi-layered protection strategy that includes IP reputation analysis, attack signatures, and URL/HTTP protocol compliance checks to ward off known threats. Besides DDoS and the OWASP top 10, Continent 8 also guards web applications and APIs against malicious bots and both known and emerging vulnerabilities. We employ Fortinet technology to deploy a Cloud WAAP platform across our global network, safeguarding customers worldwide, irrespective of whether they are co-located with Continent 8. Our cloud WAAP DNA is in sync with Fortinet's on-premise WAAP devices, ensuring a wealth of standard features and functions manageable through an intuitive user interface. With Continent 8's WAAP, all features come as standard – there are no additional licenses needed to increase functionality or remove limitations. Secure a website/application within minutes, customise rules, or create exceptions either through the user interface, API access, or even via tools like Terraform/Ansible. Our potent AI and Machine Learning capabilities not only identify anomalies and malicious bots but also auto-tune configurations to assure efficient protection for custom applications and dynamic features.
  • 246m
    +
    Web application attacks in the gaming industry in 2020

Why Continent 8?

  • All-inclusive without restrictions

    Unlike other cloud WAAP/WAF solutions, Continent 8's pricing is transparent and all-encompassing. All functionalities and features are accessible from the onset, with no hidden costs.

  • On-premise capabilities with cloud convenience

    Our solution is designed using Fortinet on-premise devices' DNA, providing customers with the sophistication and adaptability typically associated with on-premise systems, but with the ease of cloud-based services.

  • Optimised performance with minimal latency

    We've strategically positioned our WAAP platform close to our network's customer origin servers, eliminating the need to redirect traffic and avoiding any added latency commonly experienced with other cloud WAAP solutions.

  • Full customisability with APIs, Terraform, and Ansible

    Every aspect of the WAAP - each module, function, and feature - can be fully tailored to your needs using APIs or tools such as Terraform and Ansible.

  • Cutting-edge AI and machine learning technology

    Our platform not only detects anomalies but also suggests rules for enhanced security, capable of self-optimisation.

Benefits

  • Fortinet's expertise within Continent 8's boundary

    Enjoy the advantage of Fortinet's 20+ years of industry-leading security expertise, seamlessly integrated with public cloud technology within Continent 8's network. Our Cloud WAAP receives real-time updates from FortiGuard Labs, assuring immediate protection. Unlike minimal, signature-based WAFs, our Cloud WAAP provides comprehensive protection against sophisticated and emerging threats, minimising false positives.

  • Uncompromised security

    Complete and robust protection against the OWASP Top 10, zero-day attacks, including API and bot protection, all reinforced by AI-based ML technology for anomaly detection and security enhancements.

  • Enhanced performance

    Experience accelerated content delivery, enhanced user experience, and instant app protection. Enjoy the simplicity of setup and maintenance through a web-based wizard, offering the convenience of a cloud WAAP with the performance and adaptability of an on-premise solution. No infrastructure installation is needed.

  • User-friendly interface

    Our WAAP is designed for easy use and doesn't require constant tuning. It enables easy understanding of your security status and helps you meet regulatory compliance effortlessly.

  • Flexible and customisable

    Whether you prefer default security policies or tailored ones, our Cloud WAAP empowers you by allowing basic users to start quickly while giving advanced users full control for fine-tuning. Continent 8's optional Professional Services are available to assist with configuration and maintenance of customer WAAP deployments.

  • Exception management and layered protection

    Effortlessly adjust and override policies for your specific needs or apply a global configuration. As an ISP, our protection layers against cyber attacks include large scale upstream filtering, dynamic network edge filtering, C8 Shield, volumetric DDoS scrubbing, application traffic/connection rate limiting, and Security Information Event Management and Managed Detection and Response. This multi-layered approach provides unparalleled mitigation against large-scale and zero-day attacks.

Use Cases

  • Distributed Denial of Service (DDoS) protection

    Businesses that experience high volumes of web traffic or are at risk of DDoS attacks due to profile or organisation type, can use this feature to maintain the availability of their applications, ensuring that legitimate users can access their services without disruption. DDoS protection mechanisms identify traffic patterns and differentiate between legitimate and malicious traffic. Techniques like traffic scrubbing, rate limiting, and IP blocking help to filter out the malicious traffic. Additionally, our advanced DDoS protection solutions use machine learning and artificial intelligence to adapt and respond to evolving threats.

  • Web Application Firewall (WAF)

    WAF is a key function of a WAAP service. Organisations that want to protect their web applications from common attack vectors, such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI), can leverage WAF functionality to block malicious requests and prevent security breaches. Protection against the OWASP Top 10 Vulnerabilities. A WAF operates at the application layer (Layer 7) of the OSI model and inspects incoming HTTP/HTTPS requests for potential threats. WAFs use rulesets and policies, including custom rules, to block malicious requests. Our WAFs also suppots virtual patching to address known vulnerabilities without requiring changes to the application code – PCI:DSS compliance requires that a WAF is enabled to achieve compliance.

  • API security

    Companies with APIs for third-party developers or internal use can utilise API security features to protect their APIs from abuse, unauthorised access, and data breaches. This can help maintain the integrity of the APIs and safeguard sensitive information. API security involves securing both the API infrastructure and data. Techniques include input validation, output encoding, enforcing access control policies, and using secure communication protocols like TLS. Additionally, API security includes monitoring and analytics to detect and respond to suspicious behaviour or breaches.

  • Bot management

    Online businesses facing issues with content scraping, fake account creation, and fraudulent activities can leverage bot management functionality to identify and block malicious bots while allowing legitimate traffic to pass through. Bot management involves identifying and categorising different types of bots based on their behaviour and intent. This is achieved using techniques such as rate limiting, user agent analysis, JavaScript challenges, CAPTCHAs, and machine learning algorithms. Bot management solutions then allow, block, or throttle the identified bots based on their categorisation and the organisation's security policies.

  • Credential stuffing prevention

    Organisations that require user authentication for their web applications can use credential stuffing prevention features to detect and block automated attempts to gain unauthorised access using stolen or compromised credentials. Credential stuffing prevention techniques aim to detect and block automated login attempts using stolen credentials. Methods include monitoring for unusual login patterns, implementing CAPTCHAs, and enforcing multi-factor authentication (MFA). IP reputation analysis and device fingerprinting can also help identify potential credential stuffing attacks.

  • Access control and authentication

    Companies that need to manage access to their web applications and APIs can utilise access control and authentication features to implement role-based access, multi-factor authentication (MFA), and single sign-on (SSO) capabilities to enhance security and user experience. Access control mechanisms enforce role-based permissions, ensuring that users only access resources they are authorised for. Authentication features verify the user's identity using methods like password-based authentication, multi-factor authentication (MFA), and single sign-on (SSO). Additionally, OAuth and OpenID Connect protocols can be used for secure, standardised third-party authentication and authorisation.

  • Rate limiting and traffic shaping

    Organisations with limited resources or strict performance requirements can use rate limiting and traffic shaping features to control the volume of incoming requests, preventing server overload and ensuring optimal performance for legitimate users. This can also be used to prevent particular DDoS attacks. Rate limiting restricts the number of requests a client can make within a specified time frame, while traffic shaping prioritises and allocates bandwidth based on predefined rules. These techniques help prevent server overload and ensure optimal performance for legitimate users. They are implemented through algorithms like leaky bucket, token bucket, or fair queuing.

  • Data loss prevention (DLP)

    Businesses that handle sensitive information, such as payment card data or personally identifiable information (PII), can employ DLP features to monitor and prevent the exposure of sensitive data through their web applications and APIs. DLP solutions monitor and filter data transfers to prevent the exposure of sensitive information. DLP systems use techniques like pattern matching, regular expressions, and machine learning to identify sensitive data. Policies can be configured to block, alert, or quarantine data transfers containing sensitive information.

  • Threat intelligence, analytics and vulnerability scanning

    Companies looking to gain insights into their security posture and understand the nature of threats targeting their web applications and APIs can benefit from threat intelligence and analytics features. These functionalities can help identify patterns, trends, and potential vulnerabilities, enabling proactive security measures. AI (Artificial Intelligence) vulnerability scanning is also included with the WAAP service to identify any unforeseen vulnerabilities or vulnerability chaining. Using AI, the WAAP service will analyse the vulnerability scan results and can suggest new rules to put in place to reduce the attack surface area and increase the organisations security posture. Threat intelligence and analytics involve gathering, analysing, and correlating data from various sources (e.g., logs, network traffic, and threat feeds) to detect potential threats, vulnerabilities, and attack patterns. Machine learning and artificial intelligence can be employed to process large volumes of data and identify anomalies, helping organisations to proactively address security risks.

  • Secure content delivery and caching

    Organisations aiming to optimise performance while ensuring the security of their web applications can use secure content delivery and caching features. This functionality can help accelerate content delivery, reduce latency, and protect against threats like man-in-the-middle attacks. Secure content delivery is achieved through encrypted protocols like TLS (Transport Layer Security) and HTTPS, which provide end-to-end encryption between the client and server. Caching involves temporarily storing copies of web content closer to the end-users to improve performance and reduce latency. Cache security measures include cache poisoning prevention, cache key obfuscation, and ensuring that sensitive data is not accidentally cached.

Secure
WAAP

To discover more about our WAAP solutions, simply fill out this form.

Get in touch

You may also be interested in:

Connect
Manage
Secure
AWS

Continent 8 Technologies launches new managed and professional services for regulated betting and gaming industry as part of exclusive AWS Solution Provider Program

Continent 8 Technologies, the trusted partner and provider of global managed hosting, connectivity, cloud and cybersecurity solutions to the...

READ MORE

International Gaming Standards Association welcomes industry leader and standards champion Continent 8 Technologies

The International Gaming Standards Association (IGSA) is pleased to welcome Continent 8 Technologies, the award-winning global managed hosting,...

READ MORE

SBC Webinar: Extending AWS capabilities for regulated betting and gaming environments

The world of regulated betting and gaming is rapidly evolving as organisations embrace the AWS cloud to leverage the scalability benefits of...

READ MORE

Let's work together.

GET IN TOUCH

Asia +65 3165 4649
Europe +44 1624 694625
Latin America +54 11 5168 5637
North America +1 514 461 5120