6 Must-Have features for a WAF SolutionMay 8, 2017Categories: News. Tags: Firewall, Security, and waf.
6 Must-Have features for a WAF Solution
When selecting a ‘Web Application Firewall‘ or WAF solution to protect your applications, you should prioritize the following features to achieve application security efficacy.
Protection Against The OWASP Top 10
OWASP or “Open Web Applications Security Project,” is an open software security community collecting, among other things, the list of top attacks against web servers.
Your WAF must protect web applications and servers from the OWASP Top 10 to ensure security against the most prevalent application attacks.
The effectiveness of a WAF solution’s security against the OWASP Top 10 is difficult to discern without testing. Seeking research testing and validation from a trusted organization is a reliable way to gain insight into the effectiveness of leading WAFs in the market.
Consider reviewing the Security Value Map™ (SVM) and Comparative Analysis Report™ (CAR) series by NSS Labs, which evaluates leading WAF products on their ability to prevent intrusions, and detect and mitigate threats.
Protection Against Known and Unknown Attacks
Your WAF should support both a positive and a negative security model.
A negative security model is easy to deploy because it protects against known exploits.
A positive security model denies all transactions by default, but uses rules to allow only those transactions that are known to be valid and safe. This approach is more efficient (fewer rules to process per transaction) and more secure, but it requires very good understanding of the applications being protected.
PCI DSS Compliance
Malicious attacks designed to steal sensitive credit card information are increasing, with more and more security breaches and data thefts occurring daily. PCI DSS requirements have been revised in an attempt to prevent these types of attacks and keep customer data secure.
If your organization works with, processes, or stores sensitive credit card information, you must comply with PCI DSS requirements. You must strengthen your security posture by protecting your critical web applications, which are often easy pathways for malicious attackers to gain access to sensitive cardholder data.
While you can adhere to PCI DSS standards by deploying a vulnerability scanner or a WAF, the most effective solution is to integrate the data from scanning technology with the attack-mitigation power of a WAF.
The WAF you invest in should identify, isolate, and block sophisticated attacks without impacting legitimate application transactions. In addition, your WAF should offer PCI reporting, which determines if compliance regulations are being met, and if they are not, details the steps required to become compliant.
“Of all the data breaches investigated over the last ten years, not a single company has been found to be PCI compliant at the time of the breach.” –Verizon
High Performance Without Negative Impact
Performance is key when it comes to a WAF. The WAF you choose should not impact the performance of existing infrastructures, including application and network devices.
This means that even though the WAF acts as the security proxy to the application, the application continues to transact the data without suffering from a backlog of requests and does not collapse under heavy loads.
The application should behave as though no WAF is present. And from the end user perspective, the WAF should be completely transparent. Users should not experience any noticeable delay or hindrance of service.
Centralized management is crucial when you’re dealing with web application infrastructure that is distributed in different environments, and especially across the globe.
You want to be able to manage different WAF appliances without needing to connect to each appliance separately. This means your WAF solution needs to integrate with a Centrallized Management platform, allowing you to build, maintain, and enforce a unified security policy across your entire organization.
Application Vulnerability Prevention
Web application vulnerabilities are among the most common causes of data breaches. Vulnerabilities—unique to each application—leave companies’ web infrastructures exposed to attacks such as cross-site scripting, SQL injections, cookie poisoning, and others.
When defects and vulnerabilities are found in software code, your WAF should rapidly apply fixes (virtual patches) to prevent exploitation by an attacker.
This virtual patching requires no immediate changes to the software, and it allows organizations to secure applications immediately—and in some cases, automatically—upon dynamic application testing. Virtual patches are a key component of a strong WAF, often requiring integration with a vulnerability scanner.
In addition, your WAF solution should integrate with points such as security information event management systems (SIEM), log retention systems, identity management, incident management, and application scanners to provide layered and automated security. –[IRS]
[/vc_column_text][vc_btn title=”Want to learn more on WAF?, CONTACT US” style=”3d” color=”warning” size=”lg” align=”center” css_animation=”fadeInUp” link=”url:http%3A%2F%2Fmsinfokom.com%2Fcontact-us%2F|title:Contact%20Us!||”][/vc_column][/vc_row]
The FortiGate 3980E Terabit firewall is the world’s first security appliance to achieve Terabit per second (Tbps) firewall performance.
Securing the data on your network security may not seem very important to you until you lose your data or the privacy of your data content.
Currently, attackers continued to breach networks with highly targeted spear-phishing attacks. Attackers Are Streamlining and Upgrading Their Techniques, While Companies Struggle to Fight Old Tactics. Attackers also perfected watering hole attacks, making each attack more selective by infecting legitimate websites, monitoring site visitors and targeting only the companies they wanted to attack. This makes it far more difficult for administrators and security teams to keep up to date on the latest attacks and protection measures, so a robust and agile Web Application Firewall or WAF isn’t a luxury – it’s a requirement!
Many organizations started extending their business by using cloud-hosted or web-based applications. Web-based applications currently become popular because it’s simple, user doesn’t need to install anything, users with any device(mobile device, desktop, and future device that don’t exist yet) can access and able to use it immediately. There is no waiting for the version of the app to be released and you need only have one person/team maintaining a single code base. Single-source means that there is a single version of the code base that all users across all platforms access and use. As these web- based applications become more popular, attacks become increasingly sophisticated and frequent, threatening enterprise data.
Here’s a some considerations when selecting Web Application Firewall or WAF:
1. Network Architecture and Application Infrastructure
Web Application Firewall or WAF are designed to watch and respond to HTTP/S traffic. They are most often deployed as appliances in the line of traffic between the requester and the application server, inspecting requests and responses before forwarding them. Inline deployments tend to be most effective in actively blocking malicious traffic based on policies and rules that must be applied judiciously to avoid dropping legitimate traffic. There are three types of inline deployments: Reverse Proxy, Router mode and Bridge Mode.
A Web Application Firewall or WAF can also be deployed “outline” which allows the Web Application Firewall or WAF to observe traffic from a monitoring port. This non-intrusive “passive” deployment option is ideal for testing the Web Application Firewall or WAF without impacting traffic, yet still enabling the Web Application Firewall or WAF to block malicious requests.
2. Performance, High Availability, and Reliability
Web Application Firewall or WAF play an essential role in maximizing throughput and ensuring the high availability of the application(s) they protect. Web Application Firewall or WAF capabilities should include features that address these factors directly:
3. PCI DSS Compliance
The best Web Application Firewall or WAF can identify, isolate, and block sophisticated attacks without impacting legitimate application transactions. In addition, some Web Application Firewall or WAF offer PCI reporting, which determines if compliance regulations are being met, and if they are not, details the steps required to become compliant.
4. Data Classification of Protected Applications
Web Application Firewall or WAF solution needs to be able to understand the application and the data that it is protecting. If that data is encrypted, Web Application Firewall or WAF must be able to decrypt the information and then classify the data within the apps in order to provide additional protection. A strong Web Application Firewall or WAF can terminate SSL traffic, expose what is inside it, and make security decisions based on the encrypted data.
5. Visibility and Reporting
Reports provide visibility into attack and traffic trends, long-term data aggregation for forensics, acceleration of incident response, and identification of unanticipated threats before exposure occurs. Many Web Application Firewall or WAF also integrate with database security products to give administrators a real-time view into the operation of their websites, and provide reports on web-based attempts to gain access to sensitive data, subvert the database, or execute DoS attacks against the database.
6. Automatic Attack Detection
A strong Web Application Firewall or WAF extends bot-defense capabilities to deliver always-on protection—preventing automated layer 7 DDoS attacks, web scraping, and brute force attacks from ever materializing. This proactive approach to detection identifies more evasive bot sequences that may escape traditional detection methods, and identifies unauthorized, automated attacks upon the first attempt to access an application.
7. Device ID and Fingerprinting
Browser fingerprinting captures browser attributes in order to identify a client. This is a great way to identify or re-identify a visiting user, user agent, or device. This persistent identification of a client is important in that it allows tracking across sites. Attributes can be very revealing, enabling you to draw inferences about visitors, track users across origins, and share information, all to identify repeat offenders.
Fingerprinting-based identification is not always reliable and may not work with all device or browser types. Check with your Web Application Firewall or WAF vendor for a list of supported devices/browsers, specific features supported, a list of attributes collected, and what information is reported (e.g., the number of cookies deleted, unique data found).
8. SSL Offload
SSL processing can put a strain on application resources. Offloading SSL computation to other network resources allows applications to dedicate important CPU resources to other processing tasks, which can improve performance. Web Application Firewall or WAF that support SSL offloading maximize the utilization of the applications they protect, eliminate the need to buy additional hardware, and increase the value of the Web Application Firewall or WAF itself. Make sure that the Web Application Firewall or WAF you’re considering can offload that processing work to keep everything running smoothly.
9. Anti-Fraud Capabilities
More advanced Web Application Firewall or WAF solutions integrate with web fraud detection services to simplify deployment, streamline reporting, and strengthen the overall application security posture by thwarting requests from validated fraudsters. These integrated services should enable organizations to rapidly respond to threats at the network and application level.
Web Application Firewall or WAF should efficiently and accurately correlate application attacks—including web scraping, and DDoS, brute force attempts—with client-side attacks targeting end users. Moreover, a good Web Application Firewall or WAF should allow you to easily understand the full scope of the fraud threat across the network, application, and user
10. Scalability and Performance
Organizations need to ensure application availability, even when under attack. The best Web Application Firewall or WAF can help you dynamically boost performance with application optimization and acceleration technologies like fast caching, compression, SSL offloading, and TCP optimization. An enterprise-grade Web Application Firewall or WAF, with robust appliances and through centralized management, can easily scale to handle large volumes of traffic. In addition, cloud-based Web Application Firewall or WAF can be deployed on demand to achieve seamless and limitless scalability, resulting in better performance, faster response times, and cost efficiencies.
A powerful Web Application Firewall or WAF solution enables organizations to protect against OWASP top 10 threats, application vulnerabilities, and zero-day attacks. With strong Layer 7 DDoS defenses, detection and mitigation techniques, virtual patching, and granular attack visibility thwart even the most sophisticated threats before they reach your servers. A good Web Application Firewall or WAF also enables compliance with key regulatory standards like HIPAA and PCI DSS.