About the features of the cloud-based WAF "Scutum"
table of contents
This is Ohara from the Technical Sales Department
This time, we will introduce the features of "Scutum," a WAF service that we handle . *Scutum is a service provided by SecureSky Technology Co., Ltd.
A WAF (Web Application Firewall) is a firewall specifically designed for applications on websites. Its
primary role is to protect websites that accept user input or
generate dynamic pages in response to requests from malicious attacks.
Unlike general firewalls,
a key feature is its ability to analyze data content at the application level.
Cloud model (SaaS model) that changes conventional WAF concepts
Conventional WAF solutions are typically provided as software embedded in hardware appliance servers and are designed for on-site operation. This means that maintaining stable WAF operation places a heavy burden on engineers , requiring complex server and network configuration changes
Thus, while the concept of WAF itself is excellent,
it has not actually become widespread.
Scutum is cloud-based (SaaS) to overcome the challenges of traditional WAFs.
It provides web application firewall functionality through the Scutum Center.
With Scutum, setup is complete simply by changing your DNS settings so that your web server's original IP address becomes the IP address for the Scutum service
It is possible to build a more secure web service environment without having to own any extra equipment
Easy to install
■ Installation in as little as 3 days
From application to start of use, you can start using the service with just a few simple procedures (in as little as three days)
■Can be installed and removed without changing the system configuration
All the customer has to do is switch the DNS, and it can be implemented immediately
■ Installation and cancellation can be done without stopping the service
There is no need to worry about website service being interrupted when installing or disabling the WAF function
FAQ
Question: Is it possible to encrypt communications when handling personal information? (To prevent eavesdropping)
Answer: We can support encrypted communications using SSL.
Question : Is content tampering detection possible? Answer : While "Scutum" cannot detect if content has been tampered with, it can be combined with a service called "GRED" to provide a web content tampering prevention and detection service . *However, recovery of tampered web content is not covered.
Question: Is it possible to detect unauthorized access?
Answer: It is possible to defend against external attacks such as those listed below.
● Defense function:
A function that blocks communication if it detects a pre-registered malicious communication pattern.
● Monitoring function:
This function records any malicious communication patterns that are pre-registered.
(The communication itself is not blocked.)
● A function that records and allows viewing of suspicious communications detected by the Scutum logging function
● Software update function
: A function to update the software in order to improve Scutum's defense functions, etc.
● Signature update function:
A function that updates malicious communication patterns to the latest version in order to improve the effectiveness of the security update function.
● Specific URL exclusion function:
A function that excludes unnecessary web pages from being protected.
● Reporting and
statistical functions (attack source, attack type, action), top-ranking attack sources and attack types, etc.
● IP Address Rejection/Allowance Function:
A function that rejects communication from specific IP addresses, or allows communication only from specific IP addresses.
● SSL communication function:
A function that decrypts and protects encrypted communications.
Question: Is it possible to prevent the communication and execution of malicious SQL statements and OS commands? (e.g., SQL injection)
Answer: It is possible to detect these using the default defense features.
Question: Is it possible to detect and prevent suspicious logins?
Answer: We have implemented defensive signatures against brute-force attacks and the like.
Question: Do you keep logs of unauthorized access?
Answer: We keep detected logs for one year.
Question: Is it possible to block communications from unexpected sources or using unexpected communication protocols?
Answer: Access can be restricted by IP address using the functions available on the management screen.
*Only HTTP (80) and HTTPS (443) are available as communication protocols.
If the origin server is configured to block all communication except via Scutum using a firewall or similar mechanism, you will
not be able to access the origin server using any other protocol.
*By restricting the web server to accepting only communications via Scutum, a
more secure environment is created.
Question: Is it possible to store WAF operational status logs? (For monitoring operational status and reporting functions)
Answer: You can check the defense logs from the management screen.
summary
These are the features of "Scutum"
Because it's a SaaS model, there's no need to prepare a separate appliance, and the service can be started simply by changing the DNS settings
, freeing you from the troublesome management and operation of web content security.
Furthermore, if you want to strengthen server-side security, we recommend using "Scutum" in conjunction with Trend Micro's "Trend Micro Security as a Service."
1
Loading...1 
The person who wrote this article
About the author
