Return to Events

IIJ Launches WAF Service on the IIJ GIO Cloud Service

dl button PDF [111 KB] 16 September 2010

TOKYO-September 16, 2010-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced the introduction of the Web Application Firewall Service (WAF Service) to the IIJ GIO cloud service starting October 1, 2010. Initially, this service will be offered as an add-on component of IIJ GIO under the name WAF Standard, and later it will be available to other customers as well.

WAF is a firewall for Web applications that blocks unauthorized access and prevents unauthorized website modifications from outside the network by managing and analyzing http and https traffic at the application level. There have been many barriers to the widespread adoption of WAF: the need for network reconfiguration, post-installation tuning, and other costly and time-consuming administrative requirements. It has also required investment in expensive hardware, and there have been compatibility issues with the Japanese language. Against this backdrop, IIJ has begun to offer WAF as an add-on service to IIJ GIO for smaller traffic loads, and in the future it will be offered as a stand alone service package that includes everything needed for installation and operation.

IIJ GIO WAF Service Highlights

Cloud-based all-in-one WAF service created by expert engineers

All the WAF functions, operational monitoring, and other requirements are provided as part of the IIJ GIO cloud infrastructure. Application security engineering experts check all the traffic logs and perform the burdensome security policy tuning as part of WAF administration, thus lightening the burden on the customer. 
There is also the option to tune the policy after performing an inspection for Web server weaknesses.

The WAF engine adapted to the unique challenges of the Japanese environment

The WAF engine is provided with technological assistance by WAF veteran Secure Sky Technology, Inc. (*), and was developed by a Japanese engineer to handle the special needs of a Japanese environment, such as multi-byte characters.

Increased protection against Gumblar virus

WAF detects website modifications by the Gumblar virus and can render them harmless. If the Web server is infected by Gumblar, the malware Java Script included in the traffic from the Web server is rendered harmless so that it does not infect visitors to the website. (This feature will be available in the near future)

Scalability enables use at smaller traffic volume

The smallest configuration is a single WAF server for 20 mbps of website traffic. With conventional WAF configurations, it is necessary to size the system for estimated future traffic increases, but with the IIJ GIO WAF Service, capacity is scalable and can be easily expanded to handle increased traffic when necessary, thus always providing the customer with the right configuration to meet current needs.

Easy installation

Installation is effected through the reverse proxy method, so the client's system remains unchanged. In essence, a simple DNS switch is all that is needed to start using WAF.

Today, websites are exposed to serious threats. The level of attacks is growing each year, and these attacks target not only the network layer but also weaknesses in the application layer, creating a great deal of damage through the theft of personal information and credit card information. Yet, business activities today rely more and more on the use of websites, and with this increased risk of information leaks and attacks. Under these conditions, there is a growing awareness of Web application security measures as a vital component of business activities, as suggested by the inclusion of WAF in the Payment Card Industry Data Security Standard (PCI DSS).

The IIJ GIO WAF Service will protect the client's website from cross-site scripting (XSS) and SQL injection attacks as well as leaks of personal information. IIJ will continue to develop high-level security services to support our client's business activities.

(*) For more information about Secure Sky Technology, visit the SST website at