About the functions of cloud-based WAF “Scutum”

This is Ohara from the technical sales department.

we will introduce the functions of
"Scutum" that we handle *Scutum is a service of "Secure Sky Technology Co., Ltd."

"WAF" (Web Application Firewall) is a firewall specialized for applications on websites
, mainly for websites that accept input from users or
generate dynamic pages
plays a role in protecting against unauthorized attacks. Unlike general firewalls,
it is characterized by the ability to analyze data content at the application level.

Cloud model (SaaS model) that changes the conventional wisdom of WAF

Conventional general WAF solutions
are provided in the form of software that is embedded in hardware appliances and servers, and are assumed to be operated in-house
. Maintaining WAF operations
placed a heavy burden on engineers.

As you can see, although the concept of WAF itself is very good,
the current situation is that it has not actually become very popular.

Scutum is cloud-based (SaaS-based) to overcome the issues associated with traditional WAF.
We provide web application firewall functionality via the Scutum Center.

setup is completed by simply changing the DNS settings so that the original IP address of your web server

It is possible to build a more secure web service environment without having to have extra equipment of your own.

Easy to install

Question : Is it possible to encrypt communications when handling personal information? (Anti-wiretapping)
Answer : It is possible to support communication encrypted by SSL.

Question : Is it possible to detect content tampering?
Answer : Although "Scutum" cannot detect when content has been tampered with, it

can be
combined with a service called "GRED" *However, recovery of tampered web content is not covered.

Question : Is it possible to detect unauthorized access?
Answer : It is possible to defend against external attacks such as the following.

● Defense function
A function that blocks the corresponding communication when it detects a pre-registered unauthorized communication pattern.

● Monitoring function
A function that records the corresponding communication when it detects a pre-registered unauthorized communication pattern.
(Communication itself is not blocked)

●Log function
A function that allows you to record and view communications that are detected as fraudulent and are detected by Scutum.

● Software update function
A function to update the software to improve Scutum's defense functions.

● Signature update function
A function that updates unauthorized communication patterns to the latest state in order to improve the effectiveness of defense.

● Specific URL exclusion function
A function that excludes web pages that do not require protection from protection targets.

● Report function
Statistics function (attack source, attack type, action), top aggregation of attack sources and attack types, etc.

● IP Address Rejection/Allowing Function
A function that rejects communication from a specific IP address or allows only communication from a specific IP address.

● SSL communication function
A function that decodes and protects encrypted communication.

Question : Is it possible to prevent communication and execution of illegal SQL statements and OS commands? (SQL injection, etc.)
Answer : It is possible to detect it using the default defense function.

Question : Is it possible to detect and prevent suspicious logins?
Answer : We have also implemented defensive signatures against brute force attacks, etc.

Question : Do you keep logs of unauthorized access?
Answer : The retention period for detected logs is one year.

Question : Is it possible to block communications from unexpected sources and communication protocols?
Answer : It is possible to restrict access by IP address using the function on the management screen.

* Regarding communication protocols, only http(80) / https(443) can be used.
If the origin server side uses a firewall or other such device to not accept communications other than through Scutum,
access will not be possible even if you try to communicate with the origin server using other protocols.

A more secure environment will be created by only accepting communications via Scutum on the web server side

Question : Is it possible to store WAF operating status logs? (Understanding the operating status and reporting function)
Answer : You can check the defense log from the management screen.

summary

These are the characteristics of "Scutum".

Since it is a SaaS type, there is no need to prepare a separate appliance, and the service can be started by simply changing the DNS settings
, freeing you from the troublesome management and operation of web content security.

If you also want to strengthen server-side security,
we recommend using Trend Micro's "Trend Micro Security as a Service"