In establishing security through solutions such as firewalls, IP Reputation is a crucial metric for identifying and blocking malicious traffic. It assesses the risk of an IP using factors such as traffic volume, traffic type, presence of malware, and whether the IP has been involved in illegal activities like hacking or phishing. Managing IP Reputation is an important aspect of web security as traffic can be allowed or blocked based on the credibility of IPs, which is determined by their history.

Cloudbric Managed Rules for IP Reputation Management

Penta Security provides a solution for managing IP Reputation through “Cloudbric Managed Rules.”

🛡️ Malicious IP Protection

Cloudbric Managed Rules for AWS WAF – Malicious IP Protection was created to protect the websites and web applications against the traffic originating from various threat IPs. It utilizes the Threat DB of Cloudbric Labs, which collects and analyzes the threat intelligence from 700,000 websites in 148 countries to create a Malicious IP Reputation list and respond to the Malicious IP traffic.

🛡️ Anonymous IP Protection

Cloudbric Managed Rules for AWS WAF – Anonymous IP Protection provides integrated security against Anonymous IPs originating from various sources including VPNs, Data Centers, DNS Proxies, Tor Networks, Relays, and P2P Networks. It utilizes the Anonymous IP list, managed and updated by Cloudbric Labs, to detect and respond to Anonymous IPs that can easily be exploited for malicious purposes and prevent threats such as geo-location based fraud, DDoS, or license and copyright infringements.

Cloudbric Managed Rules for AWS WAF

Cloudbric Managed Rules for AWS WAF is created based on the security technologies and expertise of WAPPLES which has protected the web services for enterprises since 2005. Cloudbric Managed Rules have recently proven its performance by displaying a detection rate of 97.31% against other Managed Rules, which has been validated through a report (Penta Security Cloudbric Managed Rules – Comparative Effectiveness of the API Security-Related Managed Rule Groups for AWS WAF) published by an independent third-party IT testing, validation, and analysis organization, The Tolly Group.

✅ Expertise in Security

Cloudbric Managed Rules for AWS WAF utilizes the latest threat intelligence collected and analyzed by Penta Security’s own Cyber Threat Intelligence (CTI) to respond to web threats against web applications and APIs.

✅ Continuous Security Management

Cloudbric Managed Rules respond to the latest threats and maintain a stable level of security through continuous updates and management by security experts with over 20 years of experience in the field.

✅ Official Partner of AWS

Penta Security is an official launch partner for AWS WAF Ready, provider partner of AWS Activate, and AWS Public Sector Partner, and all Cloudbric products provided in AWS Marketplace by Penta Security have been validated by AWS through the Foundational Technical Review.

If you are looking to establish a safe web security environment without the need of security expertise, subscribe to Cloudbric Managed Rules for AWS WAF today!

👉 For more information
👉 To subscribe to Cloudbric Managed Rules

In February 2016, the global content streaming service, Netflix, officially announced that it would block all VPNs and proxy use on its platform. This decision came as a response to the abuse of Anonymous IPs, which had been a persistent issue for the service. Although many users would employ Anonymous IPs for privacy and security reasons, some exploited them for illegal purposes. One example was Netflix users using VPNs to bypass the geo-restrictions on contents that are not available in their region. The geo-restrictions were put in place due to licensing agreements, but users soon discovered that accessing the platform through an IP from another country allowed them to stream the geo-restricted content. As a result, Netflix was forced to address the issues related to license and copyright infringement.

Anonymous IP utilizes methods such as VPNs, Tor Nodes, Proxies, and Data Centers to mask the IPs and the geolocation to protect the privacy of the user and provide a secure access to the web. However, it is also a double-edged sword that can very well be used for illegal activities such as:

• Manipulation of public opinion or reviews.
• Distribution of malware while concealing the distributor’s identity.
• Bypassing geo-pricing, which violates company policy.
• License and copyright infringement.
  As such, detecting and blocking Anonymous IPs can be a smart move for companies and organizations of all industries to reduce the risk of cyber threats.
  Many companies and organizations already make use of various solutions to respond to Anonymous IPs. Like Netflix, a significant number of content streaming services and other companies in the media & entertainment industry have adopted Anonymous IP-related solutions to protect their media contents. Some companies use Anonymous IP-related solutions to prevent DDoS attacks carried out by zombie PCs infected via Data Centers. Online game companies block illegal access to geo-blocked servers, and finance companies, including cryptocurrency platforms, prevent fraud by blocking attempts to bypass the geolocation restrictions.
  Such solutions are largely categorized into two types: IP Reputation Database (often referred to as “IP Reputation Checkers”) and IP Reputation Filters. There are pros and cons to both types of solutions, and the choice between them depends on the available resources and the needs of the user.

  IP Reputation Database

  IP Reputation Filters

  Focuses on providing detailed information about the IPs. Such information includes the method of creating Anonymous IPs, geolocation data, and domain information. The IP Reputation Database is constantly updated. The user is given more flexibility as the user can utilize the information to configure the security settings as fit. However, a deep understanding of security is required for the user to configure a robust security. Because the IP Reputation Database is constantly updated, the user has to subscribe to the database service, and in many cases, the user may be charged per query.

  Focuses on providing a proactive security solution by detecting and blocking the traffic based on the Anonymous IP list. IP Reputation Filters are often included in a Web Application Firewall (WAF) solution, and do not provide as much flexibility as the users configuring the security settings themselves. The performance of the IP Reputation Filter may depend on the source of the Anonymous IP list, update cycle, and the performance of WAF. However, users do not need expert-level security knowledge. Security measures can be quickly implemented. Resources required in configuring the security settings are greatly reduced.

  •  
  • Penta Security’s direction in responding to Anonymous IPs is IP Reputation Filters. Penta Security currently provides a managed rule group, Cloudbric Managed Rules for AWS WAF – Anonymous IP Protection, in the AWS Marketplace.
  •  

  

  •  
  • Taking advantage of the characteristics of managed rule groups for AWS WAF, which enables the user to quickly adopt the security rules predefined by security vendors simply through subscribing to the product, Penta Security provides a quick and easy solution for AWS WAF users to detect and block any threats that can be caused by Anonymous IPs. Penta Security’s Cloudbric Managed Rules for AWS WAF – Anonymous IP Protection is defined based on the Anonymous IP List, which is continuously updated with the latest IP Reputation data, collected and analyzed by Penta Security’s own Cyber Threat Intelligence (CTI). With a cost efficient, pay-as-you-go pricing, users are able to implement a robust security solution against Anonymous IPs without the need for security expertise by subscribing to the product.
  •  
  • Cloudbric Managed Rules for AWS WAF – Anonymous IP Protection is available at

  👉link.
  

   

   

API security has become a major focus in cybersecurity in recent years. The global research firm, Gartner recognized the importance of API security and proposed a new model of web application security, which they named Web Application and API Security (WAAP). API, which stands for Application Programming Interface, is a mechanism that enables two software components to communicate with each other using a set of definitions and protocols. APIs are generally used to provide access to data and services, allowing the developers to build new applications and tools by leveraging existing data and functionality.

For instance, if a new food delivery app requires a map to display local restaurants, it would be inefficient for the developers to create a new map and gather all the restaurant data themselves. Instead, they could use an existing map API, such as Google Maps, to retrieve the necessary data for their app.

APIs are becoming indispensable in modern software development because of its;

• Interoperability
  • APIs facilitate interoperability between software systems, and by using APIs, applications and services developed by different developers would work together, share data, and provide integrated solutions
• Modular Development
  • APIs allow complex systems to be divided into smaller and more manageable components, making software development, testing, and maintenance easier. Developers can focus on building and updating specific functionalities.
• Cross-Platform Integration
  • APIs enable cross-platform integration, allowing applications to work across different devices and environments.
• Data Access and Sharing
  • APIs define a structured way for data to be exchanged between applications, usually formatted in JavaScript Object Notation (JSON) or Extensible Markup Language (XML). This standardization ensures that both the requesting application and the providing system can easily interpret and process the data.

Despite their benefits, not all APIs are built with security measures, and an increasing number of organizations have reported attacks targeting APIs, resulting in significant damage to their services. Such was the case with Duolingo. Duolingo is a company that services a vastly popular language learning application. It is estimated that by the end of Q1 2022, Duolingo’s monthly active users reached 49.2 million. Naturally, due to its massive volume of user data, Duolingo’s user database became a target for hackers. In January 2023, scraped data of 2.6 million Duolingo users appeared on the dark web hacking forum called “Breached.” The scraped data included email addresses, personal names, usernames, and other user profile information.

screenshot courtesy of FalconFeedsio

It is believed that the hacker acquired the user data by infiltrating Duolingo’s API vulnerability. Duolingo’s API provided access to user information based solely on email or username without asking for any other forms of verification. The API did not take any security measures to ensure that the requests were coming from legitimate users, thus the access to user data was not restricted. This incident would be categorized under two vulnerabilities of OWASP Top 10 API Security Risks: 

• API2:2023 – Broken Authentication
• API3:2023 – Broken Object Property Level Authorization (BOLA) 

As API has become a target for hackers, establishing API security became an important task for any organizations or businesses providing services that include APIs. There are already numerous solutions for API security in the market, but the important question to ask is: which of the solutions best fit my environment?

As there are a myriad of APIs for different purposes, solutions for API security can also take many different directions and approaches. For instance, some may focus on specific vulnerabilities of APIs, such as Injection attacks or Broken Authentication, while some may focus more on API Discovery. Some may even choose to focus more towards API Gateway. There is no definitive answer to what type of solution is best. Therefore, it is important that organizations and businesses carefully assess their environment and needs before adopting a solution.

Penta Security’s direction in establishing API security was to build a solution that focuses on the actual API attacks and vulnerabilities. Penta Security has recently launched a managed rule group for AWS WAF, Cloudbric Managed Rules for AWS WAF – API Protection (API Protection). Taking advantage of the characteristics of managed rule groups for AWS WAF, which enables the user to quickly adopt the security rules predefined by security vendors simply through subscribing to the product, Penta Security provides a quick and easy solution for AWS WAF users to detect and block API attacks. API Protection was created to provide security against the threats of OWASP API Security Top 10 Risk. To respond to the attacks and vulnerabilities of API, API Protection utilizes the API attack data gathered and analyzed by Penta Security’s own cyber threat intelligence (CTI) and establishes security against known API attacks. Furthermore, API Protection provides validation and protection for XML, JSON, and YAML data. API Protection was recently validated to have the highest detection rate among API Security managed rule groups currently provided in AWS Marketplace through a comparative test conducted by a third-party IT testing, validation and analysis company, The Tolly Group.

The Tolly Group – 3rd-party IT Testing, Validation, & Analysis

With a cost efficient, pay-as-you-go pricing, users are able to implement a robust API security without the need for security expertise, just by subscribing to the product.

Cloudbric Managed Rules for AWS WAF – API Protection is available at 👉link.

AWS WAF, according to AWS, is a web application firewall (WAF) that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define, such as IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting. While it is undoubtedly a powerful tool to establish security for your websites and web applications, it requires users to have a certain level of security expertise to utilize the service to its fullest potential.

When the user first adopts AWS WAF, the user is responsible for implementing the security rules¹ for AWS WAF. AWS WAF provides the user with options to either create their own rules or adopt managed rule groups².

Without the proper security rule configurations, AWS WAF cannot function or operate properly. Consequently, the users would have to have some level of understanding of how security rules work and what kind of security rules they need.

1. Security Rules : Statements that define the conditions on how to inspect the HTTP/HTTPS web traffic, or requests, made to the web applications. If the request matches the conditions, it is met with the rule action, such as Allow, Block, and Count, that is configured for the security rule.
2. Managed Rule Groups : A preset of security rules created by AWS and the Independent Software Vendors (ISV) for the users.

What are Cloudbric Managed Rules?

One such example of managed rule groups that the users can implement for AWS WAF is “Cloudbric Managed Rules.” Cloudbric Managed Rules (CMR) is a managed rule group product provided by Penta Security. 

CMR was created based on the security technologies and expertise of Penta Security’s WAF product, WAPPLES, which has protected web services for various organizations and enterprises since 2005. CMR utilizes Penta Security’s own Cyber Threat Intelligence (CTI), Cloudbric Labs, to provide a safer online environment for AWS WAF users.

Penta Security is not only one of the seven ISVs worldwide that offers managed rule groups for AWS WAF but also the only ISV to enable the Web Application and API Protection (WAAP) model by integrating managed rule groups with AWS WAF. There are a total of 6 different CMR rule groups currently provided in AWS Marketplace, which are able to be implemented on the AWS WAF simply by subscribing to the product.

Cloudbric Managed Rules for AWS WAF Product List

OWASP Top 10 Rule Set
Provides security against threats from OWASP Top 10 Web Application Security Risks, such as SQL Injection and Cross-Site Scripting (XSS) utilizing the logic-based detection engine recognized by world-renowned research organizations such as Gartner and Frost & Sullivan.

API Protection
Provides security against the OWASP API Security Top 10 Risk by establishing a defense system against known API attacks and providing validation and protection for XML, JSON, and YAML data.

Anonymous IP Protection
Provides integrated security against Anonymous IPs originating from various sources including VPNs, Data Centers, DNS Proxies, Tor Networks, Relays, and P2P Networks, responding to threats such as geo-location frauds, DDoS, and license and copyright infringement.

Malicious IP Protection
Provides security against malicious IP traffic based on the Malicious IP Reputation list created using ThreatDB, which is collected and analyzed from 700,000 websites in 148 countries worldwide by Cloudbric Labs, Penta Security’s own Cyber Threat Intelligence (CTI).

Bot Protection
Provides security against malicious bots, such as scrapers, scanners, and crawlers, which negatively impact and damage websites and web applications through repetitive behavior, based on the malicious bot patterns collected and analyzed by Penta Security.

Tor IP Protection
Provides security against Anonymous IP traffic, specifically originating from the Tor network, which can be difficult to detect using an ordinary IP Risk Index, utilizing the Tor IP list managed and updated by Cloudbric Labs.

CMR is continuously updated and managed by the security experts of Penta Security to respond to the latest security threats and maintain a stable security level, boosting the AWS WAF experience for the users.

CMR has also recently been validated to have the highest detection rate through a comparative test conducted by a 3rd party IT testing, validation, and analysis company, The Tolly Group.

[Comparative Test Results for OWASP Top 10 Rule Set]

[Comparative Test Results for API Protection]

Optimizing Cloudbric Managed Rules to your environment

Managed rule groups for AWS WAF are designed to provide the users with a basic setup for security and allow the users to add conditions, such as IPs, specific headers, or regions, by creating additional rules when a new threat is identified. This is known as the Blocklist method (also known as Blacklist method). Blocklist method is widely preferred for managed rule groups as it can reduce false positives, but ultimately, the users would have to continue to add more and more rules as they progress, only after the threat or attack has occurred. CMR also utilizes the Blocklist method, but to minimize the burden of adding the rules for the users, CMR provides managed rule groups with maximum security configurations. CMR is continuously updated with the most recent Cyber Threat Intelligence to respond to new threats and vulnerabilities. In doing so, CMR can detect and block more potential threats and attacks compared to any managed rule groups provided in AWS Marketplace, and if a false positive occurs, the users would simply need to override the rule that responded to the legitimate request, instead of having to create a new rule to respond to the new malicious request. Overriding a rule can simply be achieved by clicking a few buttons, and this method can provide more stable security.

To determine whether a request should be overridden or remain blocked, it is important to analyze your detection logs. Each rule within the managed rule group is defined with a rule action that responds to the request when it matches the condition of the rule. These rule actions include “Allow,” “Block,” and “Count.” Also, the users can adjust the priority of the rule, and the request will pass through the rules in the order of highest priority to the lowest.

If the rule action defined for the rule is Allow, the request will pass through the rule, even if the request matches the conditions defined in the statement of the rule. The request will also not be logged. Allowing a rule will have all the subsequent rules to allow the request as well, so if you want a certain rule to allow the request, it is recommended that the rule is configured to have the lowest priority, as it will minimize the effect it has on the other rules. If the rule action defined for the rule is Block, the request will not pass through the rule, if the request matches the conditions defined in the statement of the rule. The request will then be logged as having been blocked. If the rule action defined for the rule is Count, the request will pass through the rule without being blocked, even if the request matches the conditions defined in the statement of the rule. However, the request will be logged.

When you decide to change the default rule actions defined for the rules, it is recommended that the rule action for the rule is first changed to Count to evaluate the impact. You must analyze your detection logs carefully while keeping your rule action to Count before deciding whether to override the rule. It is also a good idea to run your rules while having the rule action as Count when you are creating your own security rules.

From time to time, CMR will be updated with a newer version. When it is updated with a newer version, you will be notified by AWS Marketplace, and you will be given the option to update the managed rule groups to a newer version or to use the previous version. When a new version of the managed rule group is updated, the updates to the managed rule group will not be automatically applied to the product you are currently subscribed to, as updating to a newer version of managed rule groups may cause the configurations you made to the rules to revert to default state. If you wish to use the newer version of the managed rule group, you can access the AWS WAF management console to change the version of the managed rule group.

AWS WAF Management service, “Cloudbric WMS.”

While CMR was developed to facilitate the process of implementing security rules for AWS WAF, it can still be challenging if you do not have in-house personnel with security expertise. It can be quite unclear as to what threats you must watch out for or which origin IP must be blocked. Analyzing and optimizing the security rules can also be quite difficult if you do not fully understand your infrastructure and environment.

Cloudbric WMS for AWS WAF

Cloudbric WMS for AWS WAF is a management service developed by Penta Security for AWS WAF users. When Cloudbric WMS is adopted, the security experts of Penta Security analyze your infrastructure and environment to adjust the conditions of the statement and optimize the rules for you. After the optimization of the security rules is completed, you are given access to Cloudbric WMS console, which provides you with an overview of your environment and security status. Cloudbric WMS enables the users to add countries or origin IPs to block through an easy-to-use GUI and provides detailed reports with all the information you need to reinforce your security.

Cloudbric WMS also offers customer support in English, Japanese, and Korean, to respond to any issues or inquiries you may have in operating your WAF.

Penta Security is an official launch partner for AWS WAF Ready, a provider partner of AWS Activate, and an AWS Public Sector Partner. 

All Cloudbric Products provided in AWS Marketplace have been validated by AWS through the Foundational Technical Review.

For more information on Cloudbric WMS, please visit: 👉Cloudbric 

You may also refer to the “Cloudbric Managed Rules for AWS WAF Setting Guide” for more details on how to subscribe, implement, and optimize CMR for your AWS WAF.