EXECUTIVE SUMMARY
EnKash is an all-in-one comprehensive commercial payments platform. Growing number of next gen businesses have trusted EnKash for frictionless payments experience. EnKash is one of the fastest growing platforms in the B2B space, enabling businesses to digitize and simplify their commercial payments.
EnKash has been able to create unique value with the combination of platform and cards. Businesses now can have much desired convenience, savings, control and visibility to improve business productivity & operational efficiencies.
EnKash is leading innovations by enabling simple and technological advance solutions. With state-of-the-art technology, EnKash is committed to help businesses in their cash flow management challenges.
THE CLIENT’S CHALLENGE
This startup’s main objective is to offer commercial payment solutions to its clients. To ensure the company’s reputation is preserved, and to comply with regulatory and compliance requirements, the safety of customers’ financial data is of utmost importance.
The assets that need protection include web applications that act as the primary access points for consumer clients, businesses that use secure access, and the application servers and databases’ administrators.
As the business gained popularity and its user base expanded, there was a noticeable increase in unauthorized access attempts and attempts to compromise the system. Although these attacks, including large-scale brute-force attacks, SQL injection attacks, and Denial of Service attempts, were not widespread, they still raised concerns since the operational domain was in financial services. It was essential to prevent these attempts from penetrating the perimeter.
ARCHITECTURE
SOLUTION
To ensure that critical workloads were not compromised or rendered unavailable, AWS WAF was implemented at all entry points into the infrastructure. This deployment included Regional AWS Web Application Firewalls in the Amazon ALB and Global WAF for the Content Delivery Network, Amazon CloudFront.
To provide a base set of rules, the Top 10 OWASP WAF rules offered by AWS were utilized, and our internal teams developed a set of customization to meet specific workload-related requirements.
All pre-configured protective features that define the rules included in an AWS WAF web ACL were selected. Once the solution was deployed, AWS WAF began inspecting web requests to the user’s existing Amazon CloudFront distributions or Application Load Balancers, blocking them when necessary.
INSIGHT TO ACTION
The AWS WAF was set up with a web access control list (web ACL), a set of rules that enables, blocks, or tallies web requests based on customizable web security rules and conditions that were predefined. Its primary function is to shield the environment against typical web exploits that could impact workload availability and performance, jeopardize security, or consume excessive resources.
To customize the WAF, we utilized a combination of AWS’s pre-defined rules and wrote custom rules to safeguard the customer environment against attacks that are unique to the region or workload.
BENEFITS
- Client was looking for alternative for WAF i.e. CloudFlare who were straightforward asking for Upfront $600/domain. But with WAF Pay-As-You go feature we are able to start this $45 which was the direct saving of more than $550/month.
- AWS WAF Deployment and integration with application was done within hours.
- Techpartner able to showcase AWS WAF deployment has fast turnaround time and immediate impact of deployment on enhancing their infrastructure’s security.
- AWS WAF was the ability to customize and build upon the base rules, providing greater control over how attacks were detected, prevented, and false positives reduced.
AWS STACK
- AWS WAF
- AWS CloudFront
- AWS Application Load Balancer (ALB)
- AWS EC2 Auto Scaling Groups (ASG)
- AWS Cloudwatch
- AWS Route53
- AWS S3
- AWS CodeBuild
- AWS Lifecycle Manager
- AWS RDS (PostgreSQL)
- AWS KMS
