Wone IT protects Factory5 from cyber attacks with ProWAF solution

2024: ProWAF Implementation

Factory5 turned to Wone IT with a request to implement comprehensive protection against cyber attacks on a number of key web resources, including the main domain and a highly loaded digital platform for cargo owners and carriers, covering the entire industrial logistics market in Russia. This was announced on December 12, 2024 by representatives of Wone IT.

As reported, the goal of the project was:

• Analyze your infrastructure and offer an optimal solution to protect web applications from OWASP Top 10 threats, bots, application logic attacks, and other risks.
• Deploy Pilot.
• Integrate the selected solution.
• Perform load testing.

In January 2024, Wone IT analyzed the documentation and IT infrastructure, proposed options for deploying a system for protecting against hacking, penetration and leakage of data through a web channel, took into account the possibilities of horizontal and vertical scaling, and calculated the best budget project.

For implementation, a solution was chosen Webmonitorex - the ProWAF product, since it met all the customer's requirements.

ProWAF product functionality:

• protection against hacker attacks on web applications;
• Analyze and block malicious or application-threatening incoming HTTP requests
• continuous collection of metrics from all network traffic and their processing in a computing cluster using Machine Learning technologies;
• scanning in various modes of the company's network resources for vulnerabilities using a scanner.

Project milestones

Stage I. Preparation for piloting the solution

In the shortest possible time, resources were allocated for the pilot project, the deployment scheme was determined, registration was carried out in the personal account, the necessary virtual machines, file configuration were configured, traffic redirection was implemented.

At the first stage, additional technical consultations were required with the vendor of choice between Angie Pro and Nginx Stable to support NTLM authentication as part of the deployment of the filtering node.

Angie Pro is a Russian commercial web server that has added additional functionality required by large organizations.

Nginx Stable is an open version of the web server that features an extensible architecture and the ability to independently write and share third-party modules. After comparing the solutions, the customer chose the second option.

Stage II. Collection and processing of documentation, distribution of roles

At this stage, a complex task was successfully solved with the division of roles by deployment and administration. In addition, it was necessary to prepare all the necessary documentation for the version of the solution, to collect regulations for the deployment of the company's OS, including Docker containers.

On the part of F5, in order to unify and assemble containers with variable environments, they revealed the need to update and make additional settings, update the version of containers.

At the second stage, the planned deadlines for the completion of the project were determined - the end of May 2024.

Stage III. Rule Configuration and Load Testing

At the third stage of the pilot, the main task was to conduct testing according to various scenarios. Web Application Protection Tool ProWAF was supposed to both detect vulnerabilities in the perimeter of the IT infrastructure using the built-in scanner, and perform the function of a firewall to repel web attacks.

Using our technical expertise and expertise, we have implemented and fully tested web resources through engineered attacks. This made it possible to verify the effectiveness of the system and demonstrate the results to the customer. Webmonitorex's ProWAF has proven itself to be a reliable web resource protection solution. We thank Factory5 for your trust and look forward to further fruitful cooperation. concluded Leonid Shevchenko, Commercial Director of Wone IT

Stage IV. Implementation and Scaling

Systemically conducted comprehensive training on setting up attack blocking rules for each specific web application. This minimized the cost of configuring and supporting software for each individual application and its updates, searching for subdomains.

A number of other issues related to false positives, attack activity, hits, malicious traffic and virtual patching were also resolved.

V stage. Commissioning

For six months, Wone IT specialists using the ProWAF product provided the customer with the protection of web resources, including domains, subdomains, applications and various published materials Factory5 on the Internet. In addition, experts have automated the processes of identifying vulnerabilities and continuous scanning.

The implemented system fully detects and prevents attacks related to the exploitation of security risks contained in the OWASP Top 10 list, namely code implementation (Injection), Vulnerable and Outstanding Components, incorrect configuration (Security Misconfiguration), Brute Force password attacks, attacks on external XML entities (XML eEternal Entity), attacks based on embedding arbitrary SQL Injection into a query, and many others.

Wone IT specialists were able to cope with all the tasks on time. We have made sure that the published resources are now under strong protection and constant control. noted Sergey Timofeev, head of the information security unit Factory5

Results of the work performed:

• The implemented solution passed the test tests and load testing.
• The project was completed on time and completed within the customer's budget.
• The client has received protection against cyber attacks for all its web applications.