Yes, The Managed Fortra WAF protects you from both denial-of-service (DoS) and distributed denial-of-service (DDoS) by eliminating or mitigating the impact of both types of attacks.
The strength of protection depends on where and how the WAF is deployed, in particular for DDoS protection, where protection against large-scale (“state actor level”) DDoS attacks must be based on infrastructure that scales beyond the capacity of the attacker to stop and absorb the attack requests that flood your web server, preventing them from reaching their target.
DoS – Denial-of-Service
Fortra Managed WAF protects against DoS activity from individual clients by:
- Detecting automated/dubious client activity
- Preventing or slowing down automated clients from reaching the protected web application by blocking the source IP, issuing challenges (CAPTCHAs), and throttling the source IP to limit request rate
- Mitigating impact of resource consuming HTTP requests, such as “Slowloris,” by spooling the entire request before forwarding it to the protected web application
DDoS – Distributed Denial-of-Service
Once an attack moves into the realm of DDoS, including HTTP Floods, that may be comprised of perfectly “normal” requests from a large number of clients and thus, initially, difficult to distinguish from a sudden rise in web application popularity; protection ultimately becomes a question of “who has the bigger gun?”. To fend off a large-scale DDoS attack while reducing the impact to valid and benign client traffic, preventing the web application from becoming DDoS’ed, protection needs to be pushed closer to the perimeter of the infrastructure that hosts the WAF and the protected web application to infrastructure that has the necessary capacity to absorb the traffic load and enforce controls that prevent the DDoS client army from reaching the targeted web application while ensuring that requests from valid clients get through.
The most comprehensive DDoS protection is accomplished by deploying in a mature and scalable IaaS environment, such as AWS or Azure, as this will eliminate the gateway to the network where your web stack is deployed from becoming a DDoS target.
Fortra Managed WAF automatically detects surges in traffic above normal and integrates with both cloud environments to automatically push protection into scalable infrastructure and enable controls that mitigate or prevent the attack.
The actual DDoS Protection controls available depend on the IaaS provider and whether it is an API or a web application serving human visitors that you want to protect. For example, both AWS and Azure have network infrastructure proven to withstand DDoS attacks at the state actor level (hundreds of millions of requests per second). The Fortra Managed WAF can automatically orchestrate AWS and Azure’s infrastructure through baselining of normal traffic and automated response action during to mitigate DDoS attacks.
For more information, see DDoS and Resource Attacks Mitigation in Fortra WAF on the Alert Logic Documentation site.
Comments
0 comments
Please sign in to leave a comment.