F5 WAF / AWS CloudFront Integration...

Oct 20, 2020 8:00:00 AM

Recently, I had the opportunity to participate in a podcast with the team at F5. Christine Puccio – VP of Global Cloud Alliances and Heath Parrott – Senior Global Solutions Architect for Cloud discussed their latest announcement: the integration between F5 Essential App Protect, a web application firewall (WAF) SaaS solution and Amazon CloudFront, a content delivery network (CDN) solution from Amazon Web Services (AWS). Before discussing the announcement specifically, I thought it would be best to provide a bit of insight into these complementary technologies.

What is a web application firewall (WAF)?

A web application firewall (WAF) protects web applications from a variety of application layer attacks, such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks to apps are the leading cause of breaches—they are the gateway to your valuable data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.

While web application firewalls have been around since the 1990s, modern WAFs started to evolve in the early 2000s, focusing on protecting the growing e-commerce industry. Over the following decades, WAFs have gain wide acceptance and are part of numerous regulatory and information security compliance controls, including the Payment Card Industry Data Security Standard (PCI DSS).

What is a content delivery network (CDN)?

A content delivery network (CDN) is a system of computers networked together across the internet that cooperate transparently to deliver content. Requests for content are intelligently directed to nodes that are optimized for performance to ensure that applications are readily available.

Put simply, CDNs provide faster loads of webpages, putting core content on geographically closer (and therefore generally faster) resources while load balancing and caching web services. Many cloud providers have a geographically dispersed CDN solution based on their global infrastructure, securely delivering data, videos, applications, and APIs with low latency and high transfer speeds.

The F5 and AWS relationship seems obvious: both are respected leaders in the space, with the leading offerings in WAFs and CDNs – F5 with their Essential App Protect Service and AWS with Amazon CloudFront. By integrating these two best-in-class services, clients will be able gain a high-performance CDN without sacrificing security, integrated from the initial implementation with support from AWS and F5.

There are four key takeaways from the podcast that are worth repeating:

Essential App Protect is fast – like, really fast. It uses WAF technology and NGINX for quick and efficient HTTP processing traffic. And the AWS CDN – Amazon CloudFront – ensures that all web traffic has the highest possible performance.

Highly available. The F5 Essential App Protect and Amazon CloudFront provide best-in-class availability with a resilient end-to-end architecture that can be auto-scaled.

Security is first. Sometimes, deploying an WAF is an afterthought to the web architecture. Not so here. From the very first implementation steps, Essential App Protect secures the origin traffic flow.

Trusted, proven solution for security and CDN. The Essential App Protect service and Amazon CloudFront are both industry leading services. Working together, they meet all the regulatory and industry best practice controls, monitoring the security of incoming traffic. Plus, the integrated setup is quick and painless, and – using the AWS terminology – removes the “undifferentiated heavy lifting” that generally comes with non-integrated cloud services.

The security industry is full of these “relationship” announcements, claiming to add value by some insignificant integration or API exposure. Not the case here: the F5 and AWS relationship is the real thing – two industry leaders providing complete service integration and improving the functionality and security of their customers. This is a win for F5 and AWS, and a win for the customer.

You can download a podcast of a discussion about this integration with Christine, Heath and myself here:



Chris Steffen

Written by Chris Steffen

Chris brings over 20 years of industry experience to Enterprise Management Associates, focusing on IT management/leadership, cloud security, and regulatory compliance.

Chris has had a variety of roles as a professional, from Camping Director for the Boy Scouts to Press Secretary for the Colorado Speaker of the House. His technical career started in the financial services vertical as the systems administrator for a credit reporting company. As the company continued to grow, Chris built the Network Operations, Information Security, and Technical Compliance practices before leaving as the Principal Technical Architect. He was the Director of IT for a manufacturing company and the Chief Evangelist for several technical companies, focusing on cloud security.

Prior to joining EMA, Chris served as the CIO of a financial services company and supervised the technology-related functions of the enterprise, including the development and implementation of the company’s technical vision and management of the technical staff. He also guided the company through a NIST 800-53 evaluation and successfully obtained an Authority to Operate (ATO).

Chris holds several technical certifications, including Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA), and was awarded the Microsoft Most Valuable Professional Award five times for virtualization and cloud and data center management (CDM).

B.A., Political Science (Summa Cum Laude), Metropolitan State College of Denver

    Lists by Topic

    see all

    Posts by Topic

    see all

    Recent Posts