WAF for Compliance
Compliance in eCommerce, FinTech, HealthTech and other industries means rigorously protecting user data and APIs, implementing compensating controls, and monitoring for attempted violations. Wallarm solution is fundamental In protecting apps & APIs from attacks and building vigorous security processes.
SOC 2 Type 2
  • SOC or “system and organization controls,” is a system of controls and procedures that proves a cloud service provider safeguards the data entrusted to them by the users. A SOC-certification means the controls have been audited by an independent third party.
  • Wallarm helps satisfying many of the common criteria requirements:
  • Monitoring activities (CC4) is accomplished with the scanner, pentesting service and on-going monitoring for attacks
  • Logical and Physical Access Controls (CC6) is strengthened with Wallarm WAF protecting APIs in real-time, Wallarm DAST discovering application vulnerabilities and Wallarm FAST CI/CD integrated security testing
  • System Operations (CC7) relies on Wallarm FAST finding security flaws before the apps are released, virtual patches and risk assessment with Active Threat Verification
  • Processing Integrity (PI) is ensured with protection from API logic bomb and advance detection of insufficient input and output validation.
GDPR
  • The General Data Protection Regulation (GDPR) became enforceable as of May 25, 2018, replacing the EU Data Protection Directive, also known as Directive 95/46/EC. It aims to apply a single data protection standard to all states and citizens of Europe to enforce high-level data protection consistency throughout the EU.
  • Wallarm helps satisfying many of GDPR requirements:
  • Protection from unauthorized access (Articles 24, 32) is addressed by WAF protection from OWASP Top 10 threats and protection from credential stuffing
  • Faster breach detection and monitoring (Articles 30, 33) is helped with advanced incident detection and SIEM-integrated event logging
  • Improved risk assessment (Articles 34, 35) are the features delivered by Active Threat Verification where attacks are matched with possible vulnerabilities in the APIs/ Apps
PCI DSS
  • All entities that store, process or transmit cardholder data and/or sensitive authentication data must comply with the core standard called PCI Data Security Standard (PCI DSS). Guidance in the PCI DSS mainly addresses the security of merchant payment environments but was recently extended with the PCI Software Security Framework.
  • Wallarm helps satisfying many of PCI DSS requirements:
  • Password management (PCI DSS 2) is helped with credential stuffing protection and scanning for the use of default passwords
  • Protect cardholder data (PCI DSS 3) is assisted with Wallarm WAF detection of information disclosure and privilege escalation that can potentially result in leaks of sensitive data
  • Secure Systems and Applications (PCI DSS 6) is where Wallarm contributes the most to PCI compliance. Wallarm contributes to secure coding practices, Layer 7 protection, risk assessment with active threat verification, vulnerability discovery and more.

Certified environments

Public clouds:

AWSGCPHeroku

Private / Hybrid clouds:

Docker / Kubernetes

Reporting and Notifications

Full API for SIEM integration and Events reporting

Customized reports

Out-of-the-box integrations

Splunk

Prometheus

Syslog

Slack

Telegram

OpsGenie

The environment is very dynamic, and there are a lot of applications and APIs to protect, so we needed a solution that is automated, self-tuning, and centrally managed.
We tried to use mod_security, but there was a lot of pain with the complicated rules / signatures and non-stop false positives.
Wallarm was able to profile the normal operation the web infrastructure and identify the application-layer (L7) DDoS attack.
Schedule a live product demo