Kemp Loadmaster provides industry leading performance as a Load Balancer and as an Application Delivery Controller. In addition LoadMaster provides functions that you may not know about such as SSL Offloading, Reverse Proxy for applications such as Microsoft Exchange, and a fully featured Web Application Firewall (WAF) functionality. The latter is available for all LoadMaster versions: physical device, virtual machine, bare metal, and Cloud based LoadMaster instances. WAF also supports deployment on our fully functional free LoadMaster solution.
The functionality provided by WAF is the same irrespective of which LoadMaster version it is running on. WAF enhances traditional security infrastructure, like firewalls and intrusion detection systems by adding the ability to inspect inbound and outbound network traffic at the Application level of the network stack. By operating at Layer 7 and using the ability to open and inspect inbound network packets even if encrypted allows for known threats to be detected and mitigated.
The included rules protect against vulnerabilities in all of the popular commercial web applications. They also protect against the common vulnerabilities outlined in the OWASP top 10 list. For web applications that have been written in-house or customized from commercial offerings, additional custom rules can be added to the WAF as required. When developing these rules it is possible to run WAF so that events are just logged rather than acted upon. This allows web applications to be characterized to determine the best rules to protect them. When this is known the rules can be moved to a LoadMaster with WAF running in blocking mode. In blocking mode suspicious events are both logged and the data packets are not delivered to the application.
In addition to the inbound protection provided by WAF, it can also provide outbound protection to stop sensitive information leaking from an organisation. Rules can be added to inspect outgoing network traffic to prevent data such as personally identifiable information, credit card numbers, or any other sensitive data that you define from being transmitted over the network. This is invaluable when operating in regulated sectors like the PCI-DSS financial sector, or for patient data in health settings.
Because WAF is fully functional, irrespective of which version of LoadMaster it is deployed on, it can be used in a wide variety of scenarios. For mission critical, high performing web applications WAF is an ideal choice to help protect them and ensure service availability. The same is true for other web applications at all levels from small departments Intranet applications all the way up. As WAF can also run on Free LoadMaster it is ideal for development and testing use as well. In DevOps scenarios Free LoadMaster and WAF are an ideal pairing to mimic commercial load balancer and web application firewall deployments for development, testing, deployment, and support workflows. This allow the full functionality of production systems to be used without having to duplicate the costs of multiple systems for Dev, UAT, Training etc.