The SignalSciences Web Protection Platform (WPP) is unique in that it starts out looking like a web application firewall (WAF) but actually is a whole lot more. While the outward functionality strongly resembles a WAF the underlying capabilities take a somewhat different approach. This is an approach, the company claims, reduces false positives to the point where around 95% of their customers put the tool into automatic blocking mode immediately. For most WAF deployments that can be a dangerous decision since blocking the wrong thing can break an application. Not so with Signal Sciences.
Signal Sciences uses the concept of flagging IPs that appear to be malicious. After a period of time if the analyst does not establish that the actions of the address truly are malicious the flag is removed. At that point, the analyst can remove the flag, blacklist or whitelist the IP. Malicious activity flagged is about what you’d expect. It covers typical web app attacks completely. This, effectively, decouples detection from decision and blocking tasks.
The WPP is a cloud-based SaaS application. When your web site receives a request, the request is forwarded to the Signal Sciences agent which immediately analyzes it. The agent decides to block or allow the request. This becomes a signal and if blocked a malicious signal is put into the flagged category for you to decide about. Thus, any false positives can be cleared before they have any effect on the system. Malicious signals are passed to the cloud backend for further analysis. If the flag is not cleared within a specified period it is removed automatically. Automatic blocking also can be set. Only request metadata is passed to the cloud for performance and privacy reasons.
Even though there are some excellent dashboards as part of the tool, there are some very simple integrations with third party products such as SIEMs using a REST API. However, one of the most unique pieces of this interesting product is how it integrates with the DevOps process. By providing a menu of installation options (we install in the server, source code, or as a reverse proxy), WPP is language, framework, and infrastructure agnostic.
The key to writing secure code, besides following secure coding practices, is understanding where and how your applications are being attacked. WPP has a feedback mechanism that communicates with typical DevOps tools. What the WPP learns while performing its security tasks it communicates into the DevOps process. It does this without the need to write special code in your applications. All you do is hook the WPP library and leave the rest to it. That is a huge saving in time and effort. Especially nice is the ongoing updating of your application security through the WPP. The product is compatible with next generation web application firewalls, runtime application self-protection and reverse proxies.
WPP truly is ubiquitous in that it supports any cloud, physical or container deployment architecture. It is deployed as a light weight module and an agent into the application to be protected, and works in any application infrastructure, integrating into the tools and processes that developers, engineers, and security professional already use. The module supports NGINX, Apache and IIS web servers in addition to PHP, .NET, Java, GO and other application languages.
Although relatively new, we are confident that WPP will live up to its advance billing given its pedigree and its advisors. The founders came from Etsy and Netflix, the forerunners of the DevOps approach. The advisors read like a who’s who of the industry and there are enough users to process over 65 billion requests per week.
The web site largely is a marketing site but there is a bit of useful information there so don’t discount the sales approach. There is an excellent collection of white papers, webinars and data sheets, all of which are well-prepared and will help you understand the new approaches in the tool. Pricing is flexible depending upon your use of the tools (e.g., traffic volume through your web site). Support is available but is quoted separately.
Overall, we think that this may be the precursor to new ways of integrating development and security. This has been a problem for decades and WPP may have the solution. Given the often-poor quality of today’s applications, we certainly hope so.
Product: Signal Sciences Web Protection Platform
Company: Signal Sciences
Price: Sliding scale based on the average throughput per second of your website.
What it does: Beyond being just a web application firewall, WPP integrates web security with the DevOps process to ensure that your web applications are secure and stay secure.
What we liked: The clever w ay that security and development have been merged within the DevOps process.
The bottom line: If you are doing internal application development, you need this tool.