Hi Community,
Check out my latest podcast where I welcome Like Babarinde, Global Solutions Architect and Ziv Rika, Principle Product Manager for Cloud WAF. The discussion focuses on Cloud WAF features that protect against sensitive information leakage, cross site scripting, file upload scanning, and post quantum cryptography. Protecting sensitive data and ensuring compliance with regulations are crucial and automated solutions are highlighted for reducing operational overhead and addressing future risks. I have added some notes on the key takeaways, below the video. These emphasize the importance of these security measures in the current digital landscape.
🔐Sensitive Information Leakage (SIL) Protection
The Problem: Many organizations unknowingly expose full credit card numbers through misconfigured applications or poor development practices.
The Solution:
- New CloudWAF feature provides visibility into applications leaking sensitive data
- Automatically masks the first 12 digits of credit card numbers to comply with PCI DSS requirements
- Easy deployment with initial "alert mode" for identification, then "mask mode" for automatic protection
Availability: Professional, Enterprise, 360, and Flex Protect Plus plans (excludes core plan)
Business Value: Protects against regulatory fines and reputational damage
🛡️Enhanced Cross-Site Scripting (XSS) Protection
Key Changes:
- XSS protection now enabled by default in CloudWAF policies, providing immediate protection
- Out-of-the-box tuning minimizes false positives and reduces operational overhead
- New rules validated by threat research team before release, ensuring blocking mode from day one
Operational Benefits:
- Eliminates need for extensive monitoring and manual tuning
- Over 80% of customers use default WAF policy in blocking mode without modification
🗂️File Upload Scanning and Control
Security Enhancement:
- Provides visibility into applications using file uploads with configurable restrictions on file types and sizes
- Integrated malware scanning using Sophos AV engine
- Blocks threats at the edge, preventing malware from reaching origin servers
Business Impact:
- Reduces risk of database corruption and accelerates incident investigation
- General Availability: Q4 2025
🔮Post-Quantum Cryptography (PQC) Readiness
Future-Proofing Security:
- Addresses emerging threat of quantum computing breaking current encryption standards
- Supports quantum-resistant ciphers in hybrid mode for compatibility with all browsers
- Simple configuration change - no need to upgrade origin servers
Implementation Timeline:
- Q3 2025: Opt-in configuration
- Q4 2025: Enabled by default
Thank you for watching, if you have any questions feel free to reach out and don't forget to check out my other podcasts here!
#CloudWAF(formerlyIncapsula)