Good news for AWS customers (which is.... a lot of you!)!
We've released a set of managed rules for the AWS Web Application Firewall (WAF). ThreatSTOP uses real-time threat intelligence (TI) to stop attacks before they can do damage. By delivering live, highly curated TI to security enforcement points like the AWS WAF, threats end before they start, and prevents further communication with attacker networks. Mix and match the subscriptions that's best for your use case (we recommend to always include the CoreThreats rules).
For customers hosting websites and concerns about malicious bots, spiders, and crawlers that scan for vulnerabilities, attempt CC fraud, or just consume bandwidth and waste money, we strongly recommend the Malicious Bots Rules.
We highly recommend taking both the CoreThreats and the New and Emerging Inbound HTTP threats Managed Rules - these provide together critical protections against the fast changing threats targeting cloud environments.
We'll be following up in subsequent posts on how to leverage WAF rules for compliance and automation.
You can activate within your AWS Marketplace account starting here or click the links below to see the details on each subscription option to determine which combination is right for you:
Our famous CoreThreats is built by aggregating and analyzing over 800 quality TI feeds, applying human and machine intelligence, then rapidly updating the managed rules to block threats and attacker infrastructure. CoreThreats stops a broad range of attacks with very high accuracy.
The New and Active HTTP Threats Managed Rules for AWS WAF protects exposed services from a range of threats including SSH attacks, Brute Forcers, Crackers, Shellshock, Apache Server Attacks, and more. Multiple HTTP threat intel feeds are aggregated and analyzed for continuously updated protection.