Recently, I had the opportunity to participate in a podcast with the team at F5. Christine Puccio – VP of Global Cloud Alliances and Heath Parrott – Senior Global Solutions Architect for Cloud discussed their latest announcement: the integration between F5 Essential App Protect, a web application firewall (WAF) SaaS solution and Amazon CloudFront, a content delivery network (CDN) solution from Amazon Web Services (AWS). Before discussing the announcement specifically, I thought it would be best to provide a bit of insight into these complementary technologies.
What is a web application firewall (WAF)?
A web application firewall (WAF) protects web applications from a variety of application layer attacks, such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks to apps are the leading cause of breaches—they are the gateway to your valuable data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.
While web application firewalls have been around since the 1990s, modern WAFs started to evolve in the early 2000s, focusing on protecting the growing e-commerce industry. Over the following decades, WAFs have gain wide acceptance and are part of numerous regulatory and information security compliance controls, including the Payment Card Industry Data Security Standard (PCI DSS).
What is a content delivery network (CDN)?
A content delivery network (CDN) is a system of computers networked together across the internet that cooperate transparently to deliver content. Requests for content are intelligently directed to nodes that are optimized for performance to ensure that applications are readily available.
Put simply, CDNs provide faster loads of webpages, putting core content on geographically closer (and therefore generally faster) resources while load balancing and caching web services. Many cloud providers have a geographically dispersed CDN solution based on their global infrastructure, securely delivering data, videos, applications, and APIs with low latency and high transfer speeds.
The F5 and AWS relationship seems obvious: both are respected leaders in the space, with the leading offerings in WAFs and CDNs – F5 with their Essential App Protect Service and AWS with Amazon CloudFront. By integrating these two best-in-class services, clients will be able gain a high-performance CDN without sacrificing security, integrated from the initial implementation with support from AWS and F5.
There are four key takeaways from the podcast that are worth repeating:
Essential App Protect is fast – like, really fast. It uses WAF technology and NGINX for quick and efficient HTTP processing traffic. And the AWS CDN – Amazon CloudFront – ensures that all web traffic has the highest possible performance.
Highly available. The F5 Essential App Protect and Amazon CloudFront provide best-in-class availability with a resilient end-to-end architecture that can be auto-scaled.
Security is first. Sometimes, deploying an WAF is an afterthought to the web architecture. Not so here. From the very first implementation steps, Essential App Protect secures the origin traffic flow.
Trusted, proven solution for security and CDN. The Essential App Protect service and Amazon CloudFront are both industry leading services. Working together, they meet all the regulatory and industry best practice controls, monitoring the security of incoming traffic. Plus, the integrated setup is quick and painless, and – using the AWS terminology – removes the “undifferentiated heavy lifting” that generally comes with non-integrated cloud services.
The security industry is full of these “relationship” announcements, claiming to add value by some insignificant integration or API exposure. Not the case here: the F5 and AWS relationship is the real thing – two industry leaders providing complete service integration and improving the functionality and security of their customers. This is a win for F5 and AWS, and a win for the customer.
You can download a podcast of a discussion about this integration with Christine, Heath and myself here: