Pulse vWAF includes a range of capabilities to detect and handle layer-7 attacks, and users can create policies to protect custom applications. In addition to these higher-level policies, Pulse Secure vWAF includes a Baseline Protection handler, which makes it easy to update policies using a downloadable "Baseline Policy."
These baseline policies are a set of blacklist and regex-pattern matches, designed to trap a range of known vulnerabilities and attacks: when Pulse Secure vWAF detects a suspicious pattern which matches the baseline policies, then the request is rejected without exposing the application.
The current set of baseline policies provides protection against many common security attacks, including Code Injection, XSS and CSRF attacks. These policies have been refined and improved over more than a decade of a development and real world usage. Overall protection specific to your application can be achieved by combining the baseline protection with the set of additional vWAF rules that are appropriate (see the vWAF User Manual for details).
Pulse Secure publishes regular baseline updates, and the Pulse Secure vWAF dashboard highlights the recommended updates. Note that the new baseline policies are NOT applied automatically - the new rules should be reviewed by the security team and activated through the management console. Note that each of the individual baseline policies represents a pattern which will match a class of attacks: a newly identified vulnerability may already be protected by an existing baseline policy, without the need for an immediate update to the baseline policy.
Details of the changes made in each available baseline update can be found in the Baseline Management page of the vWAF Administration Tab, and are also published on the Pulse Secure Community Site: https://community.pulsesecure.net/t5/Pulse-vWAF-Updates/tkb-p/Updates-Pulse-vWAF
Frequency of Updates:
As of 2020, Pulse Secure holds a structured review of the baseline ruleset every quarter, taking into account any developments from OWASP and other Application Security focussed communities. Our aim is to provide a useful update as a result of each of these reviews. Pulse Secure will also pro-actively publish baseline ruleset updates as a response to customer escalations or new security vulnerability reports from the field.
