Nesecon is a Cyber Security Consultancy company specializing in IT Infrastructure Design and Management, and Cloud Services. We offer professional consultancy services with a strong focus on infrastructure enforcement, data protection, business continuity, and disaster recovery. We have over 35 years of experience serving large to mid-sized enterprises across various sectors including utility, manufacturing, aerospace, finance, health, education, and small businesses, and we always prioritized business continuity awareness and protection.
After quite a long time of experiencing open-source tools for prevention and protection of exposed resources to the Internet (mainly Proxy Server VM for remote access to protect core resources), we found open-appsec WAF as a stronger and more effective solution than the one we were using before, simpler to implement, simpler to manage, and simpler to monitor. We were very well impressed with the means and granularity of support documentation.
We deployed an open-appsec agent to protect our customers' web services and environments, and where sensitive data is mainly exposed - our own web services. We also used open-appsec to protect our customers’ websites when facing the Internet and the Extranet. Based on the experience of over one year in our labs, pre-production, and in the field, we think that open-appsec is the most suitable WAF solution for protecting web services offered on HTTP/S protocol.
Here is what we like the most about open-appsec, among the many interesting features:
1. Zero-Day Protection
open-appsec’s Machine Learning engine is highly effective and constant. It works fully automatic without requiring any kind of content filtering based on classical signatures like most other WAF solutions or with the omnipresent Snort. The fact that open-appsec is purely based on machine learning is also what allows it to not just prevent the typical, known attacks but to effectively protect against new zero-day attacks.
We strongly recommend upgrading the standard Machine Learning model to the advanced Machine-Learning model provided as a free download in the open-appsec WebUI, which is an easy one-time step and recommended for the best protection in production environments.
2. False-Positive Mitigation
The effectiveness in reducing false positives is surprising. Of course, a tuning period is essential. Within typically about 2-3 days (depending on the traffic volume) in "detect-learn-mode", the Machine Learning engine can learn enough contextual information and baseline from the usual traffic of the protected site, to sufficiently train the Machine Learning model for the highest accuracy in differentiating between true and false positives. From here you can switch to "prevent-mode" with a certain peace of mind, and perhaps refine the policies: but so far, I have no sites with more than 4 exceptions! On a side note: open-appsec provides very flexible options to create your own custom rules and exceptions in case you would need this at some point.
3. Transparency and Continuity of Service
In the very rare case that open-appsec would have technical problems and would require troubleshooting, a fail-open mode (or fail-close) can be configured, in case business continuity is the priority. This rule ensures the continuity of work as traffic continues with no interruption, which allows our site to continue delivering service until the issue is fixed, and we regain protection. Although this hasn’t happened to us yet, it is considered an essential feature for us.
4. Support
The team that supports open-appsec is extremely active and available, and above all - patient even when faced with "nerd" questions that would make anyone "blow their diodes"! Above all, I have noticed an extreme willingness to discuss possible improvements. In addition, open-appsec documentation was very helpful in understanding the deployment process and troubleshooting different problems we faced.
5. Central Management WebUI
There’s a central WebUI available in the Cloud as a SaaS service which is optimal for us and provides great usability. Once the agents are deployed, all the events and processes are tracked and presented through the deployment profile in the WebUI tenant, to which the agents are associated: configuration, training and exception management, dashboard, reporting, exception-handling, logging management and much more is available within one comfortable to use central WebUI.
6. Auto-Update
From the latest versions, the agents update automatically: run & forget!
There are also flexible configuration options that are available for the automatic update in the WebUI.
7. Functionality Enhancements
The open-appsec development team is very creative and professional in upgrading this WAF solution continuously!
8. Adaptability
I put it as one of the last points because it is the first aspect you tend to forget about - it is so easy to deploy in different environments:
- Linux OS-Level
- Docker Containers
- Kubernetes
Also, there are many integrations available with well-known reverse-proxy solutions for various use cases we have today or might face in the future, from Ingress Controller integration in K8s like NGINX Ingress to API Gateways like Kong or APISIX, and even solutions for smaller environments and labs exist e.g. based on Docker SWAG or the popular NGINX Proxy Manager.
9. Premium Edition
We have strongly recommended to our customers to have full protection, by migrating from Community Editon to Premium Edition. The Premium Edition allows you to have complete service coverage, as well as adding AntiBot protection, automatic IPS Security updates, technical support SLA, and more.
For all these reasons I recommend to all those looking for a WAF to protect their Web Applications as well as those who deal with IDS/IPS and in general with Network Security to dedicate half a day to playing with the open-appsec Playground, and experience hands-on its deployment process in various platforms, as well as experience a simulated web application attack, and learn how to prevent it!
For more information, you can check out open-appsec as well as the documentation. The open-appsec team is reachable via info@openappsec.io in case of any questions or assistance needed.
To learn more about how open-appsec works, see this White Paper and the in-depth Video Tutorial. You can also experiment with deployment in the free Playground.
