Managed rules have protected our ecommerce site and have reduced botnet and sql injection attacks
What is our primary use case?
My main use case for Cyber Security Cloud Managed Rules is to protect against malicious attacks like SQL injection attacks and cyber attacks.
Recently, I discovered malicious IPs which I believed were operating as a botnet and attacking my e-commerce website. Because WAF is for web application security, I used WAF managed rules related to IP and IP injection attacks. There are additional rules available for IP rate limiting based attacks, which allow me to implement a maximum number of attempts from a particular IP within a specific time period. This rate-limiting rule helps prevent unknown IPs from accessing my website.
The general security vulnerabilities provided by AWS WAF through managed rules or custom rules that I can implement will protect my application and enhance the security of my application through these security rules. This is the main use case of implementing WAF rules.
What is most valuable?
The best features of Cyber Security Cloud Managed Rules are that there are managed rules available for free that I can implement. I can stop SQL injection attacks, which is one significant vulnerable attack that can be stopped by WAF. Bitcoin mining attacks can also be stopped by implementing WAF. Additionally, there are specific rules related to bot control, which are especially helpful when a bot attacks my website. I implemented a framework known as OWASP Top 10, so these ten security critical vulnerabilities can be mitigated by implementing them.
I implemented free managed rules by AWS, which include Cyber Security Cloud Managed Rules. These managed rules control SQL injection attacks and other attacks that are managed by WAF to prevent them from affecting my systems.
Cyber Security Cloud Managed Rules have impacted my organization very positively because my company is security-focused. We are focusing mainly on security-based setups and implementing everything that can enhance security. This is one of the key applications or services I can implement in my company to stop mitigation attacks, which is why I implemented WAF and attached it to CloudFront, API Gateway, and sometimes to a load balancer to stop and mitigate these attacks.
I noticed specific outcomes or metrics from Cyber Security Cloud Managed Rules in the form of reduced attacks. I discovered that there was no system through which I could conclusively determine what happened, but I noticed some IPs in the logs that were attacking my website and trying to exploit Bitcoin through our platform. This activity was reduced by implementing WAF, and this is what I verified from the logs, which were very helpful.
What needs improvement?
I believe that Cyber Security Cloud Managed Rules can be improved by reducing false positives with traffic-aware tuning. Out-of-the-box managed rules are generic, and sometimes they block legitimate traffic. Improvements can be achieved by running rules in count monitor mode first, reviewing blocked requests using logs, adding custom rules on top of managed rules, and enabling request inspection depth layer seven hardening. These are techniques I can use to improve these rules.
For how long have I used the solution?
I have been using Cyber Security Cloud Managed Rules for the past one year.
What do I think about the stability of the solution?
Cyber Security Cloud Managed Rules are stable in the sense that I do not experience issues with availability or performance.
What do I think about the scalability of the solution?
Regarding scalability, I can easily implement them.
Which solution did I use previously and why did I switch?
I have not previously used a different solution because we are AWS native and implemented this solution only.
How was the initial setup?
Regarding pricing, setup cost, and licensing, I find it a bit more expensive.
What about the implementation team?
Regarding scalability, I can easily implement them.
What was our ROI?
I have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, setup cost, and licensing, I find it a bit more expensive.
Which other solutions did I evaluate?
Before deciding on Cyber Security Cloud Managed Rules, we went straight to using these rules. Everything is deployed on AWS, and we want to use AWS. This is the only sole provider for our company, so we are bound to use it.
What other advice do I have?
I would advise others looking into Cyber Security Cloud Managed Rules to use WAF if they want to eliminate security attacks, especially if they are using AWS. I would rate this product 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Automated rules have reduced manual security work and now protect our APIs from modern attacks
What is our primary use case?
My main use case for Cyber Security Cloud Managed Rules is the protection of any cyber attack on my API servers and cloud managed rules on my WAF.
A specific example of how I use Cyber Security Cloud Managed Rules to protect my API servers is that we have an AWS WAF at the parameter level where we have implemented the OWASP top 10 attack rule as a cybersecurity managed rule in the parameter. Any traffic coming to our API server passes through the WAF, and the WAF OWASP top 10 rule filters that traffic for any attack.
What is most valuable?
The best features Cyber Security Cloud Managed Rules offers are mainly that there is less human intervention, which reduces the chances of error, and it is also less time-consuming and more intelligent compared to manual rules.
When I mention more intelligent, Cyber Security Cloud Managed Rules stands out in that these rules are generally updated according to the latest cyber attacks and the latest signatures in the system, so we don't need to manually change the rule, as they get updated mostly in real time, making detection easier.
Cyber Security Cloud Managed Rules has positively impacted my organization because earlier, a complete SOC team was required 24/7 for manually checking the alerts, acting upon those alerts, and doing forensics. With cloud managed rules being automated and intelligent and updating in real time, the manual intervention by the SOC team has been significantly reduced, resulting in a comparatively higher detection rate than before.
What needs improvement?
I sometimes need to tweak Cyber Security Cloud Managed Rules because it is a predefined rule where I adjust it based on our request sizes. Sometimes a rule states that only a 5 MB request is allowed, but we have requests greater than 5 MB, which causes it to block that traffic. I have to adjust the rule and increase the size of the request or payload above 5 MB to resolve this issue.
Cyber Security Cloud Managed Rules can be improved in that they are mostly general rules and not specific to organizational needs. Being predefined rules, if we have to make any changes, we need to create a rule above or before that cybersecurity rule or a bypass rule. There should be an option to tweak those cloud managed rules to adjust them based on organizational needs, as this has been one challenge we faced.
Cyber Security Cloud Managed Rules is limited to specific scenarios. For example, AWS WAF can only be used in an AWS scenario, which makes it complex to integrate with on-prem systems.
For how long have I used the solution?
I have been using Cyber Security Cloud Managed Rules for more than five years.
What do I think about the stability of the solution?
Cyber Security Cloud Managed Rules is stable, and the support is excellent with the cloud service. The after-sales support and technical support team are very reliable, so I have no issues with that.
What do I think about the scalability of the solution?
Scalability with Cyber Security Cloud Managed Rules is not a problem, as we have opted for a BYOL (bring your own license) model where systems automatically adjust during high demand, which is advantageous for scalability.
How are customer service and support?
Customer support for Cyber Security Cloud Managed Rules is great, as it is easy to reach out compared to on-prem vendors, and overall, I am satisfied with the customer support provided.
Which solution did I use previously and why did I switch?
I previously used an on-prem solution where everything was done manually, which was expensive regarding employee count and time, with higher chances of error. This prompted us to switch to a hybrid environment that includes both on-prem and cloud solutions.
What was our ROI?
The return on investment is great. Earlier, we had to manage the whole infrastructure on-prem with a different team at every step, which incurs high costs. With cloud infrastructure, we avoid a significant upfront investment, so it operates on a pay-as-we-grow model, which is beneficial.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is very transparent and easy to manage the infrastructure in the cloud. The pricing is very clear, allowing us to track costs using the price calculator and the pricing dashboard, making it very straightforward.
Which other solutions did I evaluate?
Before choosing Cyber Security Cloud Managed Rules, I evaluated other options including on-prem systems and building our servers for automation with tools such as Ansible. I found that the cloud managed rules were easier to set up and better suited for our environment.
What other advice do I have?
My advice to others looking into using Cyber Security Cloud Managed Rules is to maintain a blend of on-prem and cloud solutions, while also performing regular checks and balances on the cloud managed rules to observe their behavior with applications.
My additional thoughts on Cyber Security Cloud Managed Rules are that the effectiveness largely depends on the specific business use case, as it will not fit every business logic. Sometimes, there is over-blocking within the cloud managed rules where valid requests or IPs could be blocked, which should be fine-tuned to reduce over-blocking. I would rate this product an 8 overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Security guardrails have protected web and AI workflows but rules need more flexibility and accuracy
What is our primary use case?
Our main use case for
Cyber Security Cloud Managed Rules is mostly web application because it protects the front end and also with the
CDN we are using it, so it protects the
CDN exposed applications as well.
A specific example of how we have used Cyber Security Cloud Managed Rules to protect our web applications or CDN is that we have a proper dashboard of all attacks that were attempted on those exposed URLs at the application level and we have clear visibility. Whenever there is some type of IP which is trying to DDoS our domain, then it gets automatically blocked and we have configured alerts as well. We do get a consolidated report weekly and monthly that shows a lot of hits, what the IP was, and that it was automatically blocked.
We also have AI workload, so it is important to consider that in our main use case for Cyber Security Cloud Managed Rules. We are catering to that in our workflow and trying to manage it so that even our AI workflows do not have prompt injections or, if we are having agents, we do not get man-in-the-middle attacks with the prompts.
What is most valuable?
The best feature that Cyber Security Cloud Managed Rules offers in my experience is the ability to roll it out in a dry run, which would be a useful way of testing things without impacting real user traffic. After implementing the rules, I would need good observability to get an idea of how effective they are and what I should change to make them better.
Cyber Security Cloud Managed Rules has positively impacted our organization because we are a tech company, so we always prefer to get security first. This is a big thing when it comes to exposing any domain. We would want to ensure that we have secure guardrails around it, and whenever we roll it out, we properly ensure that there was a design doc, there was a review, and make sure that it was behind those security gates to avoid any issues after go-live. It is a proper process that we follow to ensure that no new application sneaks through and before go-live, all these checks are done.
What needs improvement?
Sometimes false positives do come across, and we have incidents where people who are actually trying to access are getting blocked out, which is how I think Cyber Security Cloud Managed Rules can be improved. It is getting better, but sometimes these cases do happen. I would imagine the opposite is also true where there are certain cases where attackers are able to sneak through. For example, we have been using AI workloads and in that, certain times we have had issues where prompt injection can cause problems. We would to incorporate this in all the workflows where we are using AI as well, so possibly more stringent rules around that would be beneficial.
Cyber Security Cloud Managed Rules does the job, and if you have it configured in the correct way as per your requirements, such as IP sets or SQL injection, you are able to get a basic cover, but the workloads are evolving, and I would like to see more flexibility around those rules so that I can make better use of them. Because use cases are increasing, I would to play around with the rules a bit more so that I can say with certainty that my workloads are secure and ingress traffic is secure. That would help me, so I would give a better rating if that can happen.
Cyber Security Cloud Managed Rules are generally stable in my experience, but if a new attack vector rises or if something new comes up, they are not very adaptable, which is my feeling and experience. I would say they are stable, but not very versatile.
For how long have I used the solution?
We have been using Cyber Security Cloud Managed Rules for a good few years because I have always worked in
AWS. We use
AWS WAF and generally at that level, we are protecting all our resources from DDoS and other kinds of attacks, so there are managed rules inside
WAF that we use. We also use
Fastly, and with
Fastly, we get Signal Sciences as a tool, which is a next-gen
WAF that can be used to protect against any cross-site scripting or SQL injection and other kinds of attacks.
What do I think about the stability of the solution?
Cyber Security Cloud Managed Rules are generally stable in my experience, but if a new attack vector rises or if something new comes up, they are not very adaptable, which is my feeling and experience. I would say they are stable, but not very versatile.
What do I think about the scalability of the solution?
I think Cyber Security Cloud Managed Rules are quite scalable, and in terms of the traffic we are getting, they are able to filter out any issues or if it is coming from sources that we do not intend them coming from. They are quite stable and scalable in that sense.
How are customer service and support?
The customer support for Cyber Security Cloud Managed Rules is generally good. It depends on the vendor, which is
AWS when it comes to
AWS WAF and Fastly when it comes to Fastly customer support.
Which solution did I use previously and why did I switch?
I have not used any other solution before Cyber Security Cloud Managed Rules other than WAF and WAF rules. It has always been that.
Before choosing Cyber Security Cloud Managed Rules, I have always used WAF as a web application firewall and at the network level, we have a network firewall. That is how it has been. At the API Gateway level also we have WAF and even if we expose it via a load balancer, we use WAF. No matter how we expose to the internet, it has always been WAF in the forefront. WAF rules are the thing we have always used.
What was our ROI?
I would say time saved is a big metric as a return on investment with Cyber Security Cloud Managed Rules because we are not always looking for things manually or stopping attacks manually. This is helpful because we have automated WAF rules, so they obviously come to the forefront and help protect us against any of the attacks. That is a time save. We have alerts configured if there is an issue. We do not have to manually go and find out about those issues; we usually get an idea of what is going on. A big benefit would be time save, which in engineering can be converted to money saved as well.
What other advice do I have?
In terms of how I use dry run mode and observability with the managed rules, we implement it in a count mode. We will only not block any traffic, but just get a count and get an idea of how the rule would work. Observability-wise, generally in Fastly CDN, we do get a dashboard of how the traffic is getting served. If there is some kind of suspicious IPs or any IP set which is coming from a certain country which we do not want the traffic coming from, then it gets blocked. We have proper visibility.
I think the AI space is something really big right now, so I would to see some improvements around those lines.
I am not one hundred percent sure if we purchased Cyber Security Cloud Managed Rules through the AWS Marketplace. We may have, but I have not looked into that.
I have not been involved in the pricing, setup cost, and licensing phase for Cyber Security Cloud Managed Rules. It usually comes via procurement, so I am not involved in the licensing side of things because I am mostly technical and I am someone who implements things. I have not come across looking at the pricing, licensing, or setup cost.
I would give Cyber Security Cloud Managed Rules an overall rating of seven.
Managed rules have protected our APIs and AI chatbot and now need better automation and insights
What is our primary use case?
My main use case for
Cyber Security Cloud Managed Rules is for the API Gateway and for OWASP security.
I am integrating these WAF rules with the API Gateway and CloudFront to ensure security from cybersecurity issues, minimizing vulnerabilities and mitigating threats from hackers, including the OWASP top 10 web application threat lists. I have configured it for our front end and for the API Gateway.
I am using Cyber Security Cloud Managed Rules for our GenAI applications, specifically for the chatbot I have recently created, which helps tremendously and prevents hackers' exploits in our application.
What is most valuable?
The best features that Cyber Security Cloud Managed Rules offers include low false positive rates, bot detection, zero-day threats, real-time authentication, and real-time threat intelligence.
In my day-to-day work, I find the malicious bot detection feature of Cyber Security Cloud Managed Rules to be the most valuable.
Cyber Security Cloud Managed Rules has positively impacted my organization by reducing the manual WAF management by fifty percent and accelerating the automated updates and improvement in threat intelligence.
What needs improvement?
Cyber Security Cloud Managed Rules can be improved by automating the responses, enhancing visibility, providing deeper insights, integrating with DevOps and SecOps, and facilitating real-time analysis.
For how long have I used the solution?
I have been using Cyber Security Cloud Managed Rules for the last one year.
What do I think about the stability of the solution?
Cyber Security Cloud Managed Rules is stable; I have been using it for the last two years without encountering any major issues.
What do I think about the scalability of the solution?
Cyber Security Cloud Managed Rules is totally scalable by automatically and elastically adjusting to traffic demands without any manual intervention, supporting horizontal scaling while reducing the operational burden, which is important for my application use case.
How are customer service and support?
I have not had the chance to connect with customer support until now.
Which solution did I use previously and why did I switch?
I have not used any other solution, and I am continuing with this cybersecurity option.
How was the initial setup?
The experience with pricing, setup cost, and licensing for Cyber Security Cloud Managed Rules is straightforward. I have a dedicated team that takes care of this, and I am not much involved in those activities. I provide them with my requirements, and they provide solutions accordingly.
What was our ROI?
I have seen a return on investment; it has saved money from hackers who demand bounties for application breaches. Regarding time, it is directly taken from the
AWS Marketplace, meaning not much time is needed for configuration.
What's my experience with pricing, setup cost, and licensing?
I have four years of experience in financial matters related to pricing, setup cost, and licensing.
What other advice do I have?
I surely recommend using Cyber Security Cloud Managed Rules for AI applications because, as a cloud engineer and operations engineer, I feel more comfortable using these cybersecurity managed rules without any issues in real-time.
I do not have any additional thoughts about Cyber Security Cloud Managed Rules at the moment, but if I encounter something while developing more agentic AI applications in the future, I hope to find something helpful for improving the cybersecurity managed rules. I have provided this review with a rating of seven.
