STRENGTHENING SYSTEM SECURITY
Fight off threats at the frontline.
Don’t wait until attacks have walked through the front door. Situated at the entrance to your system, HAProxy Technologies’ suite of products offers the best protection against modern threats to your APIs and web applications, combining some of the most advanced security features in the industry.
Key Principles
To stay ahead of the ever changing nature of online security, companies must employ state of the art measures to keep their systems safe. With the trend of web application and API attacks becoming more prevalent and sophisticated, an array of defenses up-to-date with current threats must also be implemented.
Given a load balancer bears the initial impact of incoming network traffic, it is also perfectly placed to safeguard the servers gathered behind it, as well as provide end-to-end encryption for sensitive data.
With advanced features for protection against traditional denial of service and other bot-based attacks, HAProxy solutions are also especially suited to fight back against modern threats seeking to take advantage of weaknesses in web applications and APIs by forming a barrier through which all information must pass before reaching vulnerable backend servers. This is why the world’s most demanding websites trust HAProxy Technologies as their frontline defense to a myriad of threats.
Learn how to keep your system safe with HAProxy.
DDoS Attack & Bot Protection with HAProxy Enterprise: Defending Your Application Against Ever-Increasing Threats
Flexmls® Transitions from Imperva™ to HAProxy Enterprise’s Bot Management Capabilities
The Security Playbook
A Multi-Layered Security Strategy
Identifying and stopping threats in today’s ever-changing security landscape requires a tailored set of defenses against a growing list of threats. Fighting off attacks at the edge of a network can be one of the most powerful countermeasures, if the right strategies are used. Read on to discover how HAProxy Technologies’ suite of products will arm you with all the features necessary to defend against the multitude of attacks that may knock on your door.
Web Application and API Security
SOLUTIONS:
Advanced WAF
Rate Limiting
Global Rate Limiting
Global Profiling Engine
mTLS Authentication
Web Application and API Security
With the growing trend to migrate web applications to the cloud, dissolving the clear boundary between internal network and public web, security threats have in turn begun to turn their sights toward these often vulnerable targets. Whether it is securing a backend API not intended to be visible to outside clients, or fighting off attacks to a dynamic PHP website, the HAProxy suite of products offers a wealth of powerful features to neutralize threats.
The HAProxy Web Application Firewall is the ultimate line of defense against common, emerging, and zero-day attacks targeting web applications and APIs. Powered by our Intelligent WAF Engine and with optional OWASP Core Rule Set (CRS) compatibility, HAProxy Enterprise WAF offers exceptional balanced accuracy and ultra low latency. Global Rate Limiting protects APIs and web applications from sophisticated abuse with real-time cluster-wide tracking powered by our Global Profiling Engine. By also implementing Basic or mTLS authentication at the load balancer tier to restrict access to APIs, you can be sure only valid requests are routing through to sensitive backend servers. You can customize security controls for each backend application or API for unprecedented granular traffic control.
Data Protection
SOLUTIONS:
Traffic Encryption
SSL/TLS Offloading
FIX Protocol Support
Data Protection
Encryption of traffic can also be a powerful tool against preventing malicious intruders and is essential for customers handling sensitive data. With built-in SSL/TLS offloading, without the need for an extra network component, data is also secured from end-to-end as it travels between systems. This is especially important for financial sector customers, who can take advantage of HAProxy Enterprise’s FIX protocol support, and configure settings restricting which versions of SSL and TLS clients can use, or a preferred list of cryptographic ciphers, in order to prevent protocol downgrade attacks. Using OpenSSL, the industry leading open-source encryption library, our data security is battle tested and internationally trusted.
Denial of Service (DoS) and Bot Management
SOLUTIONS:
PacketShield
HAProxy Enterprise Bot Management Module
Access Control Lists
Client Fingerprinting
Denial of Service (DoS) and Bot Management
To protect your system from threats to its availability via DDoS attacks, HAProxy Technologies offers the industry-leading PacketShield. Particular to HAProxy ALOHA, this patented software is a powerful defense against packet floods, a common denial of service attack. Providing stateful packet filtering and blocking illegitimate packets before they need to be processed by the kernel, this allows services to stay operational even when under attack.
HAProxy Enterprise offers Global Rate Limiting at either the connection or application layer, meaning customers can implement thresholds and prevent unfair usage. The Global Profiling Engine provides cluster-wide tracking to aggregate client behavior patterns across load balancer clusters. In addition, the HAProxy Enterprise Bot Management Module, flexible Access Control Lists, and client fingerprinting ensure your services are protected from vulnerability scanners, scrapers, brute-force bots, and more, saving your resources for legitimate traffic.
System Visibility
SOLUTIONS:
Verbose Logging
Support Team
System Visibility
If the HAProxy Enterprise load balancer is the security center orchestrating all these features, the windows of its watchtower must also offer impeccable visibility on all comings and goings to the system. With verbose logging on not only the content and metadata of each request and response, but also the time taken to complete each phase processing it, customers are able to capture in-depth details about suspicious activity. And by implementing these logs using the widely-supported Syslog protocol, HAProxy Enterprise users can stream it to nearly any log aggregation and analysis tool.
Systems administrators can then track behavior based on IP address, User-Agent string, session ID, and request path, and much more, allowing careful analysis and evaluation of their security needs. Generated metrics also include requests/sec, total number of requests made, errors/sec, total number of errors, byte rates, and more.
The HAProxy Guide to Multi-Layered Security
HAProxy Technologies is the company behind HAProxy, the world’s fastest and most widely used software load balancer. HAProxy products are used by thousands of companies around the world to deliver applications and websites with the utmost in performance, reliability and security. This eBook provides a comprehensive overview for HAProxy’s extensive security capabilities needed to protect your infrastructure in today’s increasingly complex security threat landscape.