A network attack is similar to a viral infection in humans –it will inevitably spread once contracted, resulting in more data leaks. However, that does not mean that attackers are the sole culprit of data leaks. Failure to take preventive measures is one of the leading causes of data leakage for many enterprises.
Before deploying security and protection mechanisms, enterprises should first sort out their data storage locations, the security of the storage locations, and the level of data sensitivity. For example, they should define which data is the most sensitive and most prone to attacks (such as user account, password, and credit card information), and which data is less risky. Enterprises that clearly understand their own data can save a lot of trouble when implementing permission management, protection deployment, and vulnerability fixes.
Meanwhile, employees can regularly maintain the locations where data is stored, such as upgrading servers and terminal systems.
Enterprises need to protect critical, sensitive data throughout its life cycle. Data generation, communication, storage, and destruction must be performed within a controlled and encrypted environment. In addition, we recommend enterprises to use cloud certificate services to implement one-click HTTPS transformation.
You are not advised to "follow suit" when deploying security products. Instead, enterprises should customize security solutions for their own industries. Security experts across multiple industries typically have intimate knowledge of high-risk events and corresponding attack types in their respective industries. Thus, they are able to tailor the production, architecture, and protection procedures for a particular industry.
We recommend every enterprise deploy Web Application Firewall (WAF) to protect from web attacks. According to Alibaba Cloud security team's estimates, if an enterprise successfully performs risk scanning and system upgrades, and then deploys WAF, more than 90% of web intrusion incidents can be effectively prevented.
Alibaba Cloud WAF is an independently developed security product developed based on over 10 years of attack defense experience. Alibaba Cloud WAF is also the industry's first cloud WAF that provides business risk control solutions, full-version support of custom certificate HTTPS service, and dual-engine web app attack protection services. Many customers from the financial, e-commerce, and gaming industries are already using the business data risk control and protection feature of WAF. Alibaba Cloud WAF protects enterprises from message tampering, virtual theft, malicious web crawling, credential stuffing, malicious registration, and other business risks.
If you would like to examine how exposed your enterprise is to data leaks, you can check Keeping Your Data Secure with Web Application Firewall.
According to the Asia-Pacific Web Application Firewall (WAF) Solution Market Analysis of 2017 published by Frost & Sullivan, Alibaba Cloud has been leading the Greater China market for the last two years, with an absolute advantage of 45.8% market share. Alibaba Cloud WAF was also recognized as a "Notable Vendor" in 2018's "Asia/Pacific Context: Magic Quadrant for Web Application Firewalls" published by Gartner. This achievement not only proves the product ability and advantage of Alibaba Cloud WAF, but also validates the approval we received from our customers.
Alibaba Cloud WAF has 14 data centers in 6 regions including Australia, India, Indonesia, China, Malaysia and Singapore, multiple languages are available for its support service including Mandarin, Cantonese, English, Japanese and Korean. Alibaba Cloud WAF has built a multi-layer defense matrix based on thousands of built-in security policies against all kinds of web application attacks, as well as a powerful deep-learning detection engine and customizable rules for specific customer scenarios. Meanwhile, Alibaba Cloud WAF can be quickly and easily deployed and integrated with Alibaba Cloud Anti-DDoS, Anti-Bot and CDN services, providing a comprehensive web security solution covering both cloud side and client side, which effectively protects customer's business and data threatened by cyber-attacks.
Alibaba Cloud's security mission is to maximize cloud security, provide stronger security solutions, build a solid security foundation for users, and liberate users from cloud security and infrastructures so that they focus on their own business needs. This is especially true at the data protection domain, where it is necessary to provide users with the most powerful and comprehensive data security protection techniques and capabilities. Alibaba Cloud's goal is to allow users to migrate to the cloud without fear of data security issues, and to allow users view cloud migration as a way to strengthen security.
Alibaba Cloud WAF provides security reports for you to view and understand all protection actions of WAF. You can view the attack protection and risk warning statistics.
Alibaba Cloud WAF security reports include attack protection report and risk warning report.
After the website is deployed with Alibaba Cloud WAF, WAF helps inspect the web traffic and block common web attacks (such as SQL injections and XSS scripting) and HTTP flood attacks, based on the default protection settings. You can enable more protection functions and configure their policies according to your actual business situation.
F5 Advanced WAF provides robust web application firewall protection, securing apps against threats including layer 7 DoS attacks, malicious bots, OWASP Top 10 threats and much more.
F5 Per-App VEs deliver the same scalable, secure and customizable application services as physical and virtual F5 ADCs - at a price and in a form factor appropriate for supporting individual apps.
Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.
Security and compliant are always our top concerns. Alibaba Cloud security service is committed to providing simple, secure and intelligent security services. You can access the services at any time anywhere with our easy-to-use and simple deployments. Alibaba Cloud security services are deployed based on the security technology we have developed for years to make sure the cloud environment is more secure. To accommodate your business and data processing requirements, we develop and apply the cutting-edge AI technology for the security identification and risks analysis.
With this certification course, you will understand where data should be secured in Alibaba Cloud, such as: storage technology, backup and recovery solutions, how to transmit data securely, which encryption algorithm to choose, and so on. You will also master the core skills of data security protection on Alibaba Cloud platform, including: how to implement automatic remote backup of data, how to implement encrypted storage in cloud environment, how to generate SSL certificate, etc.
Alibaba Clouder - July 12, 2019
Alibaba Clouder - February 21, 2020
Alibaba Clouder - July 23, 2020
Alibaba Clouder - January 15, 2021
Alibaba Clouder - January 28, 2021
Alibaba Clouder - December 25, 2020
More Posts by Alibaba Clouder