- What sort of preventative measures does the WAF take in terms of protection against ransomware?
- Does it provide protection against the ransomware known as Maze for example?
- Silverline WAF
- Modules/Attack Signatures
- Yes and no. In typical Ransomware attacks, the attacker must gain access to the system in order to execute certain commands and/or elevate their privileges to begin encrypting and/or exfiltrating data.
- As such the WAF policy does have command execution signatures and serverside code injection signatures that could help detect if there were any code injections or command executions.
- Please note however, Maze ransomware uses attack vectors such as RDP (Remote Desktop Port) and other ports like FTP to infiltrate/exfiltrate the data. WAF policies are only capable of inspecting HTTP traffic, so ports for FTP, RDP, etc would not be inspected by the WAF policy and thus will not be covered by the WAF policy.