Abstract

Web applications are the most critical information technology assets for countless businesses, large and  small, around the globe. Many of these businesses host their applications on Amazon Web Services (AWS) and choose to use Amazon’s Web Application Firewall (WAF) to provide application security. The architecture of the AWS WAF calls for the user to define the policies (rules) that will detect and stop threats. Since that expertise is beyond the capability of many business users, security vendors offer rule sets via the AWS Marketplace that customers can subscribe to and import into their AWS WAF instances. 

Penta Security commissioned Tolly to benchmark the threat detection effectiveness of the Penta Security  Cloudbric Managed Rules for AWS API protection and compare that to the effectiveness of competing rule sets from leading US and Japanese vendors (partially identified). Tests were run against the OWASP Top 10 security threats. 

Penta Security Cloudbric Rule Set demonstrated a 97.31% effectiveness rate compared to 55.68% for C****** , and 60.03% for F****.