Name: Web Application Firewall: Advancing threat detection and alerts through shared data and responses
Start: 2026-05-07T13:55:00-04:00
End: 2026-05-07T14:40:00-04:00
Location: Name: BA 1240\nAddress: Bahen Centre

Primary speaker:

Michael Chun, Manager, Information Security, Temerty Faculty Of Medicine

Additional speaker:

Joe Bate, Manager, Security Architecture, Information Security, Information Technology Services

Description:

In 2025, MedIT, the central IT service provider at Temerty Faculty of Medicine, implemented a Web Application Firewall (WAF) in close collaboration with the university’s Information Security team to strengthen protection for internet-facing web applications. Beyond serving as a critical security control against common web exploitations, the WAF also delivers operational capabilities that improve service resilience and consistency — including load balancing, SSL certificate management and geo-location filtering. Early results show the WAF is already successfully defending against attempted exploitations (for example, OWASP Top 10 vulnerabilities), validating the value of a centralized and standardized approach to protecting web services at Temerty Medicine.

The next phase focuses on maturing this capability through automation and shared visibility. First, we will automate SSL certificate lifecycle management using ACME to reduce manual effort, improve reliability, and support standardized certificate practices across services. Second, we will offload WAF system and audit logs into Azure Log Analytics to strengthen retention, scalability and investigative readiness. Finally, by combining WAF telemetry with Azure Log Analytics, we will work jointly with the Information Security team, leveraging Azure tools to identify threats or signals through correlation or trends and build actionable alerts through automation — enabling faster detection, consistent response workflows and a “single pane of glass” view of web threats across university environments including systems deployed on all campuses, and private and public clouds such as VSS and Azure.

This collaboration advances innovation by embedding automation and analytics into core security operations, while also driving institutional standardization through shared controls, shared data, and shared response.