Questo sito utilizza i cookies

Oplon WAF is the ideal system for protecting web applications, which are the major communication and interaction system towards the outside of today. Businesses and organizations shouldn’t stop at protecting their networks, they applications and their data, but they must also protect their customers, suppliers and all those who participate or contribute to the creation of digital content that we disclose, or the services that are made available. Web application security is a strategic element to detect and block attacks on web services. Oplon WAF is the firewall for new generation web applications (Web Application Firewall) that protects sites and web applications from attacks that can severely affect operations or threaten the data that allow the service delivery. Oplon WAF is able to execute the Deep Packet Inspection protocol (DPI), aimed at HTTP, HTTPS and XML traffic, through a system based on Signature able to protect web application while providing prompt and complete coverage against the main threats.

It is possible to create personalized rules to block the most common attack schemes and also more specific ones for the application itself.

Moreover, Oplon WAF can be used in parallel with AI systems to analyze content and it has a signature exchange language enabling third-parties systems to issue rules to protect services.

Oplon WAF scalability is extraordinary – It can administrate thousands of domains at the same time while managing thousands of rules.

The solution is integrated to the services’ unified access system ‘Oplon Secure Access’, as Browser and HTTPS are the only way to connect also to Remote Desktop, SSH.

This adds so much more to the unification of accesses, with a more manageable HTTP approach, to the last bit.

Technical/Business Requirement

TLS Decryption
The WAF solution must perform TLS decryption to inspect encrypted traffic. In particular, the WAF solution must support decryption up to the latest version of TLS (i.e. minimum TLSv. 1.2)
HTTP Conformity
The WAF solution must verify HTTP traffic conformity to the HTTP standard up to the latest standard version
Negative Model
The WAF solution must support and enforce a negative model in order to protect the web applications from known attacks
OWASP Top 10
For those attacks described in OWASP that the WAF solution cannot directly protect against, the WAF solution itself should still provide support to the teams responsible for mitigating them
Logging & Monitoring
WAF solution must log all malicious activities blocked or mitigated. The WAF solution should be capable to send both security and system events via secure protocols to Security Information and Event Management (SIEM) system, analytics tool, syslog server or any cloud-based log monitoring solution, such as CloudWatch for AWS
Sensitive Data Protection and GDPR
The WAF solution must identify and prevent the leakage of sensitive data - such as social security numbers, account balances, PINs, passwords and more - for example by searching for predefined patterns within data, or by masking this sensitive data within security events. In addition, the WAF solution must facilitate compliance with the General Data Protection Regulation (GDPR)
Management Portal Access Control
Management Portal Access Control It must be possible to manage any WAF product via a self-service management portal, which supports Role-Based Access Control (RBAC) or configuration API
BOT Mitigation
The WAF solution must accurately detect and block attacks coming from malicious bots. In particular when the user Log-In is not protected via MFA, the WAF solution shall protect websites from the following attacks: Account Takeover, Credential Stuffing and Web Scraping
Private Keys Protection
The WAF solution must ensure that any application's private key stored within the WAF itself is protected from unauthorized access
Cloud WAF Integration & Fall-back
The Cloud WAF solution must be able to easily and securely integrate with any on-prem WAF solution. In addition, the Cloud WAF solution must provide an easy way to fall back to a backup application infrastructure when detecting a failure of the web application
Custom Error Page Configuration
The WAF solution should provide the administrator with the ability to configure a custom error page to display to website visitors in the event of an error
DDoS Attack Protection
The WAF solution should protect against DDoS attacks, such as volume-based and application layer attacks
Threat Monitoring
The WAF vendor should have in-house capability to monitor the threat landscape and test its solution when new attack campaigns appear
API Protection
The WAF solution should be able to provide protection for API traffic
WAF Allow List
The WAF solution should be able to add a specific IP to the Allow List, if necessary



We can answer any questions you may have, provide product demos, and find the perfect solution for you.
* required fields
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.