Cloud-based WAF service “Scutum”

About Scutum

Scutum is a cloud-based (SaaS-based) web application firewall (WAF) service that protects customers from web application vulnerabilities such as SQL injection and cross-site scripting. It plays a role in protecting websites that generate dynamic pages in response to requests from unauthorized attacks.

Unlike general firewalls, it can analyze data content at the application level, so it provides flexible web application security for everything from small sites to cloud computing environments.

Features of Scutum

Cloud-based WAF service “Scutum”

Cloud model (SaaS model) that changes the conventional wisdom of WAF

Conventional general WAF solutions are provided in the form of software embedded in hardware appliances and servers, and are assumed to be operated in-house. Maintaining WAF operations placed a heavy burden on engineers. In this way, although the concept of WAF itself is very good, the current situation is that it has not actually become very popular.

Scutum is cloud-based (SaaS) to overcome the issues associated with traditional WAFs, and provides web application firewall functionality via the Scutum Center.

In addition, you can complete the setup by simply changing the DNS settings so that the original IP address of your web server becomes the IP address of the Scutum service. It is possible to build a service environment.

Main security features

Communication to websites is relayed directly to the Scutum center by changing the DNS, and unauthorized communication is monitored and blocked in the process.

1 block function A function that blocks communications that appear to be attacks on websites.
2 Monitoring function A function to record communications that appear to be attacks on websites (communications themselves are not blocked)
3 Defense log viewing function A function that allows you to save and view blocked (monitored) communications as a log.
4 Report function Function to report the following contents on the management screen
- Top 5 attack sources (IP addresses)
- Top 5 attack types
- Monthly download of defense logs
5 Software update function Ability to update software to improve defense effectiveness
6 Defense logic update function A function that constantly updates unauthorized communication patterns to improve defense effectiveness.
7 Specific URL exclusion function A function that excludes parts of a website that you do not want to use the WAF function from being protected.
8 IP address rejection/
permission setting function
A function that rejects communication from a specific IP address or allows communication only from a specific IP address.
9
IP address management function for vulnerability inspection

A function that does not block/monitor communications from the set IP address when performing vulnerability diagnosis on websites, etc.
10 SSL/TLS communication function Function to decrypt and protect encrypted communications
11 API function A function that allows you to obtain defense logs and detailed attack request contents detected by Scutum via API.

Main attacks that can be defended against

Covers many of the major attacks against web application vulnerabilities. The defense logic is constantly updated to respond to new vulnerabilities, allowing customers to maintain the latest security measures without having to be particularly aware of them.

Attack category Attack name
certification round robin
password list attack
client side attack cross-site scripting
CSRF (Cross Site Request Forgery)
*Paid customization available
Execution with command SQL injection
buffer overflow
OS command injection
XPath injection
Format string attack
LDAP injection
SSI injection
remote file inclusion
Insecure deserialization (Java/PHP)
Information disclosure Directory indexing
* Customization available for a fee
information leak
path traversal
Guess resource location
Attack targeting XXE vulnerability

Attacks targeting specific middleware/
frameworks, etc.
ShellShock attack
Attacks targeting Apache Struts2 vulnerabilities (OGNL injection, etc.)
POODLE attack
SSL BEAST attack
HTTP request smuggling
Spreading malware Drive-by download attacks (virus spread by Gumblar, etc.)
Denial of service DoS attacks that exploit platform vulnerabilities (ApacheKiller, hashDoS, etc.)
DoS attack from a small number of IP addresses (massive normal traffic, slowloris, SYN flood attack, etc.)
DDoS attack from multiple IP addresses
* Paid option available

Administrator function list

Management functions can be easily and securely accessed via a web browser from the individual management screen on the subscriber-only page.

1 WAF function control
2 Web server settings
3 IP address denial/permission settings
4 SSL/TLS settings (select SSL/TLS version/cipher suite to allow connection)
5 View log
6 SSL certificate renewal
7 Setting excluded URLs
8 change Password
9 E-mail address change
10 API key management
11 Capture function management
*Optional support
Contact us/Download materials