Imperva Cyber Community

Expand all | Collapse all

Securing SAAS behind WAF

  • 1.  Securing SAAS behind WAF

    Posted 07-24-2020 08:23
    With the objective to gain additional threat visibility, detection & prevention. Is it even a recommended practice to be securing SAAS applications like Salesforce CRM portal for example, behind Imperva WAF?
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Jack Jack
    ------------------------------


  • 2.  RE: Securing SAAS behind WAF

    Imperva Employee
    Posted 07-26-2020 13:11
    Hi Jack.

    It would be great to control the traffic to SaaS service as it may lack either some significant security and business or both controls.
    I don't have much info for your setup or needs so passing a solution documented for using third party CDN at https://help.salesforce.com/articleView?id=domain_mgmt_domain_config_options.htm&type=5  from Salesforce community site as reference.

    Please reach out to your AE team for more detailed discussion for this setup  
    Some SaaS control guidelines can be reviewed from https://attack.mitre.org/matrices/enterprise/cloud/saas/ 
    ------------------------------
    Abhishek Gupta
    Customer Success team
    Imperva
    ------------------------------