WAF-for-Automate is an add-on integration to our reverse proxy service to provide web application firewalling for ConnectWise Automate.
Security is of the utmost importance for RMM systems, as MSPs continue to be the targets of cybersecurity attacks. New software vulnerabilities are found at an accelerating pace, and 0-day attacks are on the rise. This leaves many MSPs concerned about potential attacks on ConnectWise Automate, which in the past has had remotely exploitable SQL injection and XXE vulnerabilities. A WAF is an ideal solution to such attacks, but they are typically complex to implement and tend to have a high rate of false positives.
Here at Automation Theory, we wanted to help MSPs defend themselves against application-layer attacks. We’ve created a WAF module for our reverse proxy service that’s tuned for ConnectWise Automate. This allows for a drop-in deployment of a WAF where traffic is sent to the proxy, and the proxy instance is configured to send the traffic to the WAF for scoring (much like a spam filter). Based on the score the proxy will pass or block the traffic, and this seamlessly integrates into the other security layers provided by the reverse proxy.
WAF attack prevention example
Below is an example of the WAF blocking a SQL injection attempt. When the request is sent the attack is detected and the proxy responds with a 405 error — and the malicious request never reaches the Automate server.
The WAF for Connectwise Automate integration is currently under development. We’re currently finalizing implementation and productization details, and we expect the integration to be ready sometime in Q3 2022. You can use the form below to pre-register for beta access and development updates.