Reach Us
Home » Blog » Coverself
AWSCase StudyCloud Services

Coverself

ABOUT THE CLIENT

Our customer empowers payers with a truly NEXT-GEN cloud-native, holistic and customizable platform preventing and adapting to the ever-evolving claims and payments inaccuracies. Their solutions help reduce complexity and administrative costs with a unified healthcare dedicated platform.

It also empowers your teams to configure your own policies in simple English or using simple policy specific templates. Now your release cycles are in hours without any vendor dependencies.

THE CHALLENGE

  • To protect the application layer and specifically analyze each HTTP/S request at the application layer
  • Needed a cloud-based + fully Managed as a Service
  • Easy to deploy security solution to protect the applications
  • Better security management
  • Overloaded servers with way too many requests, causing resources to be constantly locked leading to request timeouts

THE SOLUTION

Our team created a Web ACL with rules defined for attach patterns of web traffic. Rule groups were created for reusable collection of rules.

  • Web ACL setup for ALB – Managed Rule Groups
    • Admin protection – contains rules that allow blocking external access to admin pages
    • Amazon IP reputation list – contains rules based on Amazon threat intelligence, which helps to block sources associated with bots or other threats
    • Anonymous IP list – used to filter out viewers that may try to hide their identity from your applications (e.g.: block requests from VPN, proxies, Tor nodes, and hosting providers)
    • Core rule set – generally applicable to web applications. This provides protection against a wide range of vulnerabilities including those described in OWASP publications
    • Known bad inputs – rules that allow blocking request patterns that are known to be invalid and associated with exploitations
    • Linux operating systems – rules that block request patterns associated with exploitation of vulnerabilities specific to Linux. Prevent file content exposure and execution of codes by attackers.

BENEFITS DELIVERED

  • Intelligent protection – AWS WAF rules propagation and updates took under a minute to inspect any part of the web
  • After creating our set of rules and conditions, we were able to cut requests received at servers by almost 40% in a quick, reliable and cost-effective method using AWS WAF
  • Real-time visibility to web traffic
  • Reduction in blocked traffic from 3-4% to 1%
  • Improved customer confidence
  • Seamless connection to existing infrastructure
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound
Contact Us