Category: Security, Identity, & Compliance

Amazon Web Services (AWS) Verified Access (AVA) is a secure remote access service that eliminates the need for VPNs. AVA reduces management complexity and improves security with real-time evaluations of requests based on factors such as identity and device posture. With Verified Access, you can define access policies written in Cedar using end user context, […]

As security threats have become more sophisticated and easier to scale, customers increasingly use Amazon CloudFront and AWS WAF together to improve the performance, resiliency, and security of their web applications and APIs. CloudFront is a Content Delivery Network (CDN) that reduces latency by delivering data to viewers anywhere in the world using one of […]

In this blog post, we will discuss how you can setup VPN-less secure access to your corporate applications if you are using Security Assertion Markup Language (SAML) based identity providers (IdPs). We will also provide guidance if you have already invested in integrating third-party IdPs with AWS IAM Identity Center (successor to AWS Single Sign-On), […]

Customers use AWS edge services to improve the performance and the security of their websites. In certain cases, they appreciate being able to quickly set up a Content Delivery Network (CDN) and a Web Application Firewall (WAF) to stop a DDoS attack targeting their website, or to decrease page load times. And they prefer doing […]

AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources. Configuring AWS WAF in a cost-effective way has been a frequent topic of discussion among our customers. In this post, learn how to use the different components of AWS WAF to secure your web […]

Internet users increasingly expect responsive web applications and APIs with lower latency and higher availability. Additionally, publicly accessible web applications and APIs are exposed to threats such as commonly occurring vulnerabilities described in the OWASP Top 10, SQL injection, automated requests, and HTTP floods (Denial of Service (DoS)) that can affect availability, compromise security, or […]

Today, on 30th August 2023, AWS launched a new enhancement to the Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing feature. With this enhancement, customers can now specify a Gateway Load Balancer Endpoint (GWLBE) as the next-hop in the virtual private gateway (VGW) route table. This allows customers to inspect their traffic coming into AWS […]

Enterprise customers have differing requirements based on a number of reasons including security, compliance, governance, and the industry they operate. In certain situations, customers are expected to adhere to certain protocols and standards that are non-negotiable. In this post, we explore how customers can specify TLS protocols and associated ciphers that are allowed from viewers […]

Volumetric attack is one of the most common type of cyberattack, where a web application is overwhelmed with an enormous number of HTTP requests. This flood of excessive requests puts a strain on the application’s servers, leading to degraded performance, increased latency for legitimate users and in severe cases, resource exhaustion. AWS WAF’s rate-based rules […]

AWS WAF offers advanced features for filtering undesired web application traffic, such as Bot Control and Fraud Control. These intelligent threat mitigations include techniques such as client-side interrogations using JavaScript challenges or CAPTCHA, as well as client-side behavioral analysis. Implementing these techniques on a web page with a same-origin access is simple. When a cross-domain […]