Hackers aren’t just looking for open ports on network firewalls. They have shifted their tactics to targeting applications directly. Security experts say 80 percent of attacks today happen at the application layer, thus evading traditional methods of perimeter and core network protection.
Web application firewalls (WAFs) can help protect Web apps against these attacks. A WAF is an appliance or application that watches and filters traffic between a client browser and Web server. It has the ability to enforce security policies based upon a variety of criteria, including signatures of known attacks, protocol standards and anomalous application traffic.
WAF adoption was once primarily driven by regulatory requirements to protect Web applications and the sensitive data they collect. But now high-profile data breaches are driving organizations to look at WAF solutions as a means to minimize business risk from unprotected Web apps. Still, large-scale adoption remains slow due to the technical challenges and costs associated with early WAF solutions. Potential customers are hesitant to deploy WAF, fearing that they lack the necessary time, expertise and budget.
However, the latest WAF solutions are easier to use and more accurate. In fact, a number of vendors are incorporating WAF features in their application delivery controller (ADC) solutions.
When deciding which WAF technology best suits your needs, the following functionalities are worth examining:
- Input validation. A WAF should examine inputs in order to protect against SQL injection attacks, cross-site scripting (XSS) and other input-related threats. Where the incoming traffic may be encrypted or use a nonstandard character encoding, the WAF should decrypt and normalize the data to ensure that no attacks are smuggled inside it.
- Data theft protection. WAFs should ensure that sensitive data such as social security and credit card numbers are either masked or altogether blocked to protect data leakage.
- Protection against denial of service attacks. Denial of service attacks lock up resources by forcing a Web server to create thousands of sessions, leading to performance degradation and even a server crash. The WAF should be able to control the rate at which requests reach the Web server and track the rate of session creation.
When combined with an ADC, a WAF offers additional benefits:
- Centralized security enforcement. The ability to enforce all security policies from a single control point allows for simplified operations and ensures more robust and efficient security administration. A WAF combined with an ADC can be an Authentication, Authorization and Accounting (AAA) authority or fully integrate with existing AAA infrastructure.
- Accelerated application delivery. It is important that the WAF does not negatively affect application response time. A WAF with ADC features can cache static content from the application, reducing server load and improving the end-user experience.
WAF products have evolved, offering comprehensive protection for mission-critical Web applications without the complexity and cost of earlier solutions. Let Technologent help you determine if a WAF can improve your organization’s security posture.
Comments