Wyoming Courts
Managed Security: Protecting Government Web Infrastructure at Scale
How Fruition deployed unified Shield WAF protection and infrastructure scanning across 8 government court domains — delivering continuous security monitoring with zero downtime.
The Challenge
Multiple government court websites running WordPress and Drupal across separate domains, each with different hosting configurations and no unified security posture. Manual security audits were infrequent and expensive — leaving critical government infrastructure exposed between assessments.
The client’s IT team faced a recurring problem: they knew security gaps existed, but lacked the tooling and bandwidth to find them systematically. Each domain was managed in isolation, meaning a vulnerability discovered on one site didn’t automatically trigger a review of the others.
Our Solution
Fruition deployed our Managed Security platform across all 8 domains — starting with Shield WAF for edge protection, then adding infrastructure scanning on a bi-weekly schedule for ongoing vulnerability detection.
Shield WAF Deployment
Each domain was onboarded to our multi-tenant CloudFront distribution with custom WAF rules tailored to government web infrastructure. Configuration highlights:
- Geo-blocking for non-US traffic, appropriate for domestic court services
- Managed WAF rules covering SQLi, XSS, bad inputs, and IP reputation
- Rate limiting to prevent credential stuffing and brute force against admin interfaces
- SSL automation through ACM — certificates provisioned and renewed without manual intervention
- Zero-downtime cutover — DNS migrated domain by domain with instant rollback capability
All 8 domains were onboarded within a single deployment window with no service interruption to court staff or the public.
Infrastructure Scanning
Bi-weekly scanning covering:
- Port scanning with nmap — service detection and policy enforcement against defined baselines
- SSL/TLS configuration analysis — weak ciphers, certificate chain validation, HSTS enforcement
- Vulnerability detection via Nuclei templates — medium+ severity findings with remediation guidance
- Infrastructure exposure — open ports, misconfigured headers, server version disclosure
Each scan produces a prioritized findings report with severity classifications and step-by-step remediation guidance. Findings are tracked across scan cycles so the team can verify fixes and measure posture improvement over time.
Continuous Monitoring
Between scheduled scans, continuous monitoring watches for:
- New CVEs affecting the installed CMS versions and plugins
- SSL certificate expiration approaching
- Anomalous traffic patterns surfaced through WAF telemetry
- Configuration drift from approved security baselines
Results
Unified security posture across all 8 domains from day one of deployment. Automated vulnerability detection catches issues before they become incidents — the first bi-weekly scan identified 3 medium-severity findings across 2 domains that were remediated within 48 hours.
The court IT team is freed from manual security management and receives a clean dashboard showing active WAF protections, scan status, and any open findings requiring attention.
“We went from scattered, manual security reviews to a unified protection layer across every domain — and the WAF was live before we even finished onboarding.”
— Government IT Director
Technical Stack
- Edge Protection: AWS CloudFront + AWS WAF with custom rule groups
- Certificate Management: AWS ACM with automatic renewal
- Scanning: nmap port scanning + SSL analysis + Nuclei vulnerability templates
- Reporting: Severity-classified findings with remediation guidance
- Dashboard: FCP Shield WAF management portal
Want results like these?
Talk to our team about the right platform for your organization.