Automating AWS WAF: Pioneering future security

Well, thank you all for for joining today's presentation. Uh my name is Tyler Wendland. I'm the Director of Business Development here for Cybersecurity Cloud in North America.

Um prior to my experience at Cybersecurity Cloud, I actually spent 4.5 years at AWS. So very familiar with AWS and all the fun things that come with it.

Um our topic today is "Automating AWS WAF - Pioneering Future Security."

So a quick look at today's agenda:

• I'm quickly gonna introduce my organization, Cybersecurity Cloud.
• I'm then gonna talk about the AWS and Cybersecurity Cloud alliance.
• I'll then talk about our legacy Managed Rule product who actually lives inside the AWS Marketplace.
• I'll then get into the meat and potatoes of the presentation as I like to say, what is WAF Charm, the right use cases for WAF Charm, how WAF Charm can help, how WAF Charm works under the hood, and finally, some customer case studies that we have.

So without further ado, let's get started.

First off, who is Cybersecurity Cloud? Cyber Security Cloud or CSC is a Japanese based organization that specializes in cybersecurity or cyber security solutions. We operate in over 90 countries across the globe and we have over 6000 customers subscribed to our cybersecurity products.

Additionally, we were the AWS Marketplace Partner of the Year Award winner in the APJ market in the year 2022. And for WAF market leader in Japan, we're actually the number one WAF market leader. So by number of users of WAF in Japan, we sit on top.

Additionally, we've seen continuous growth over the past three years and we're publicly traded on the Japan stock market.

Now to quickly touch on the AWS and Cybersecurity Cloud alliance:

• Like I just mentioned, we were the 2022 AWS Marketplace Partner of the Year Award winner in the APJ market. So we're back here this year, we're a sponsor of AWS re:Invent this year. We actually have a booth just right over there in the DataZone. So if you have any questions after this presentation, we'd love to see you over there. You can come meet the rest of my colleagues, you can come get some fun swag and all those cool things.

• Additionally, we achieved a Service Ready and a Differentiated partner in the Software Path this year in 2023 which is very important to us as we continue to grow inside of AWS.

• And as you can see, since our product WAF Charm launched in 2019, we now have over 1000 active users of our product.

Now, just briefly, I'd like to touch on our legacy Managed Rule offering.

Now, quickly, we are only one of seven organizations that's trusted by AWS to provide Managed Rules inside the AWS Marketplace. Our Managed Rules are designed to mitigate and minimize all vulnerabilities on the OWASP Top 10 threat list.

And so our, while our Managed Rules is a very, very, very powerful tool, it's an award winning product, our new next gen product, WAF Charm has so much more to offer.

So you might be asking yourself what is WAF Charm? Let's get into it.

WAF Charm is an enterprise class solution tailored specifically for AWS WAF, complete with industry leading OWASP Top 10 rule set and full emphasis on Layer 7 protection and fortification.

Using WAF Charm, you can operate your AWS WAF smoothly without the need for a dedicated security engineer, freeing you from day to day operation of your AWS WAF.

Additionally, WAF Charm is resource based protection compared to domain based protection. So that means we live inside your AWS environment. There's no need to migrate outside of AWS. There's no need to set up a domain controller, none of that, all of it is done inside your AWS environment, all the metrics, all the configurations, everything is done inside of AWS.

Additionally, WAF Charm works with all services and solutions identifiable by AWS WAF. So that would be Amazon CloudFront, Elastic Load Balancer, anything that is identifiable by AWS WAF, we work with it.

So what you can do with WAF Charm is you can leverage AWS WAF and WAF Charm to automate, simplify and fortify your environment.

WAF Charm will curate and update your AWS WAF rules to respond to new vulnerabilities consistently. Rules are fully customizable, continuously monitored and automatically updated. And additionally, our customization and tech support are provided at no additional cost.

So let's look at some right use cases for WAF Charm:

• Do you need a native firewall inside of AWS and not an external solution? Like I just mentioned, we are resource based protection. So we live inside of AWS. You don't need to go outside of AWS. All metrics are done inside of the environment.

• Do you need assistance configuring your AWS WAF? This is what WAF Charm specializes in, you can think of it as a true "set it and forget it" solution. Meaning that once WAF Charm is installed, you do not need manual intervention or interaction to run your AWS WAF. WAF Charm will take care of the day to day operation for you.

• Do you have a problem with watching your infrastructure security 24/7? I'll share a quick story here - one of my customers, a smaller SMB size, is very resource constrained and they don't have the ability to assign security engineers to watch their infrastructure security 24/7. They take advantage of WAF Charm's ability here by having WAF Charm installed and watch for any sort of attacks on their Layer 7 inside of AWS.

• Additionally, WAF Charm will help you keep up to date with the constant changes on CVEs. So if you need help managing that, this is where WAF Charm's automation can really help you out.

• Additionally, do you have problems dealing with false positives and negatives? I'll share another story here - one of my customers, a larger enterprise size, consistently had issues dealing with false positives and negatives and spent over 20 hours a week dealing with them. Once they installed WAF Charm, those 20 hours were freed up for their team and they did not need manual intervention. WAF Charm's automation takes care of false positives and negatives for you.

• And do you have transparency into the cost of your security? Because WAF Charm lives inside your AWS environment, the cost is right there. You don't need to go outside. You don't need to look inside of any other vendor, anything like that. Everything is done inside of your AWS environment.

So how WAF Charm can help:

• You can use our Autopilot feature to eliminate up to 75% of the operational overhead and manual requirement to run your AWS WAF.

• And in less than 10 minutes of installation, your system will have all of the following:

  • Up to 26 managed rules and signatures designed specifically against OWASP Top 7 attacks to mitigate and stop those vulnerabilities, including all those on the OWASP Top 10 threat list.

  • We have a global IP blocking list that is curated since we are a globally based organization. This is done through the years and years that we've had this product out. We have our global IP block list.

  • In addition, we have a DDoS early prevention warning system. So what our DDoS prevention system does is it identifies early rate-based anomalies inside your web traffic and not only stops that DDoS attack from occurring and notify you what's going on, but new rules are automatically created to help protect you against future DDoS attacks.

  • And finally, we have full security transparency under the hood. All configurations are done and live inside your AWS environment.

• And like I mentioned before, all of our technical support and professional resources are provided at no additional cost to the end user.

So here, this is just a quick snapshot of what WAF Charm looks like inside the AWS environment. Since AWS WAF is protection in real time, WAF Charm is protection in real time. WAF Charm automates the configuration of your AWS WAF. So you can easily expand your WAF with any other services inside of AWS that is identifiable by WAF. And like I've mentioned a couple of different times here, free customization and collaboration is available. Our security professionals are on the clock 24/7. We are a globally based technical support organization. So if you need help on Christmas day, you need help on New Year's Eve, whatever it might be, we'll be there to help support you.

Now, here this is a look as the rules that live inside of AWS with WAF Charm. So you can control your rules and signatures inside your AWS environment. You can do this through our automation or you can do this manually by yourself.

Additionally, with WAF Charm, you can fortify your infrastructure with the power of AWS WAF and our professional services help.

Now, one thing I'd like to call out here is WAF Charm is solution agnostic. So if you have pre-existing Managed Rules that currently live inside your WAF, WAF Charm works seamlessly with them. If you have pre-existing domain based protection, WAF Charm works seamlessly with them to provide fortification inside your environment.

Now, here, I'd like to give a quick snapshot of how WAF Charm works under the hood. So on the left, you'll see an end using end user AWS environment and on the right, you'll see WAF Charm. What WAF Charm does is WAF Charm will actually go and analyze your access logs. So from CloudFront, Elastic Load Balancer, S3, whatever it might be, WAF Charm analyzes those logs and actually learns your web traffic to not only continuously update the rules that you already have installed with WAF Charm, but create new rules to help stop any attacks and mitigate and minimize vulnerabilities inside of AWS WAF.

Now, here, I'd like to kind of touch on the differences between our legacy award winning product Managed Rules and our next gen product and that, like I said, kind of the meat and potatoes of today's presentation WAF Charm.

As you can see with Managed Rules, there are no rule customization available and the rule setting requires manual operation, automatically added block listed IPs is not supported inside of Managed Rules. With false positive response, manual operation is required and Manage Rule does not support the web monitoring function.

However, with WAF Charm:

• Rule customization is provided free and technical support is available.
• The rule setting is automated and customer support is available. That's a theme in this presentation, by the way.
• Automatically added blacklisted IPs is supported with WAF Charm.
• False positive response is automated inside of WAF Charm.
• And the web monitoring function is fully supported with WAF Charm.

Now, here these are some of the different functionalities that WAF Charm provides and I'm not going to bore you guys with reading all of these different functionalities because let's be honest, there's a lot on there. But what I want to call out is all of this is done and then handled by CSC WAF Charm's bundle.

So you can either take advantage of all these our automation function or through our free technical support and if you have any questions on any of these functions, if you'd like to learn more how any of this works. Like I said, our booth is just right over there, number 1301 in the DataZone, we'd love to walk you through any of these functions and kind of show you how they work.

Now, I'd like to go through a couple of different customer case studies that we have as far as some successes with WAF Charm.

Our first organization is Freee. Freee is a Japan based fintech company providing accounting SaaS for SMEs with features like automated data entry for tax filing.

The difficulties before WAF Charm was installed:

• WAF rule management and log investigations were difficult to do due to limited resources.
• Additionally, they wanted to avoid using Managed Rules because they are black box and lack clear explanation.

With WAF Charm installed:

• Freee was able to reduce the human hours by leaving management up to WAF Charm, which it, which it with its high accurate block rate.
• And it allowed the teams to concentrate on other tasks with security services.
• Additionally, WAF Charm is not black box and provides accountability and explanations for customers.

And just a quick look at here their quote here: "WAF Charm blocks over 90% of suspicious access. It is a must have security tool operated on behalf of us."

Another organization that I'd like to call out is a company called CocoNala. CocoNala is a Japanese company operating an online platform for selling personal skills across various categories.

The problem before WAF was installed:

• Security measures were based on incidents due to a lack of resources and demands for change from lying on relying on Managed Rules in order to quickly respond to stronger and diverse issues.

Once WAF Charm was installed:

• They were able to implement proactive protection by establishing operations using WAF Charm.
• And additionally, a two layer approach was used with WAF Charm and Managed Rules enabled protection against SQL injections and DDoS attacks.

So this is what I was mentioning earlier as far as organizations can take advantage of not only Managed Rules but also WAF Charm to provide additional fortification inside of your AWS WAF.

And finally, the last organization that I like to call out, it's a company called Rancor. Rancor is a media company that provides campaign services that simplify and streamline candidates events and voting by precinct for US elections.

The problem before WAF Charm was installed:

• Blending malicious traffic with our conversations and goals drastically decreased our conversation rates. Having no way to determine the quality of traffic causes our marketing campaigns to lose confidence.
• Additionally, they needed a way to track IP addresses and also block access from unwanted IPs.

The outcome once WAF Charm was installed:

• AWS WAF rules can be customized and tuned to fit your business model.
• The rules and signatures are up to date and keep up with new vulnerabilities.
• And additionally, the effects of their marketing campaigns were easily explained to their customers by blocking unwanted traffic.

So just a quick look at their quote: "AWS WAF with WAF Charm helps protect our malicious traffic with recent attacks."

In summary, first off, I want to say thank you all for sitting through this presentation and hopefully I showed you a little, got gave you a little insight into how our organization works. But really what WAF Charm is, is enterprise level security, demystified and simplified in just two easy steps.

And in less than 10 minutes, you are set and ready to go with WAF Charm. Automatic updates are provided. Security professionals are available at the tip of your fingers and like I've mentioned multiple times, all of our technical support and professional services are provided at no additional cost.

We're an enterprise class solution at SMB prices. Check us out. We have a free 30 day/60 day POC if you want to try WAF Charm, if you'd like to learn more, whatever it might be, we're here to help any way that we can.

So come check us out. We're just over there, Booth 1301. We'd love to learn how your business is currently leveraging AWS WAF and how we might be able to help you guys in the ever changing environment of cybersecurity.

Thank you all very much for the time today. There's my email address, there's my LinkedIn. Hope you guys go enjoy happy hour and have a beer on me. Thank you all very much for the time. I'll be up here if you have any questions.