Rapid7 Announces Release of New tCell Amazon CloudFront Agent

Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks (CDNs) such as Amazon CloudFront are on the rise, pushing content closer to end users to improve the performance of web applications.

To protect web applications security teams are turning to Next-Gen Web Application Firewall (WAF) and Runtime Application Self-Protection (RASP) technologies to address the challenges with traditional WAFs such as false positives and continuous tuning.  These newer technologies plug into the application layer requiring instrumentation into the web server or app server. This means security teams need a close partnership with development teams—which you may not have with teams building cloud-native or serverless applications.

To help with this problem, we are excited to announce tCell’s CloudFront agent, which leverages Lambda@Edge to help push security closer to the “edge” without requiring any code changes to your applications. Now, you can integrate directly with Amazon CloudFront, AWS’ native CDN, using Lambda@Edge to monitor inbound and outbound traffic with minimal performance impact and without requiring your traffic to go somewhere else for inspection.

How does the tCell CloudFront agent work?

tCell’s CloudFront Agent integrates directly with AWS CloudFront to provide an additional layer of web application security without negatively affecting performance. By plugging into CloudFront via Lambda@Edge, tCell’s agent is deployed as a CloudFormation stack into the user’s AWS account. Then, updates to users’ CloudFront distributions trigger the tCell agent Lambda function on Origin Requests and Origin Responses.

By leveraging this agent, users will be able to add detections and blocking to CloudFront with minimal performance impact, as well as protect applications and users by detecting suspicious actors, enforcing CSPs, and preventing unvalidated HTTP redirects on web applications that are leveraging AWS CloudFront. The result? Fast performance and improved security.

Some key benefits of tCell’s CloudFront agent are that web traffic never leaves AWS, and the agent is a set of functions that use Lambda@Edge, meaning that code is only run when needed—so, no unnecessary processing or overhead required.

Users will also be able to detect and protect against common types of web application attacks, including SQL injection (SQLi) attacks, command injection attacks, XML External Entity attacks, and cross-site scripting attacks (XSS).

Please note that this agent requires Lambda@Edge and will be available for customers in the US region initially with international expansion following. (See documentation for more details.)

Getting started with the tCell CloudFront agent

If you are a current tCell customer using (or planning to use) Amazon CloudFront, talk to your customer success manager (CSM) for more information on getting this feature up and running.

If you are not a tCell customer, but are using AWS CloudFront for AWS-hosted applications and services, learn more about how tCell’s next-gen cloud WAF and RASP tool. Learn more about tCell as part of our Total Risk Coverage program.