Choosing The Right Web Application Firewall (WAF)

Currently, attackers continued to breach networks with highly targeted spear-phishing attacks. Attackers Are Streamlining and Upgrading Their Techniques, While Companies Struggle to Fight Old Tactics. Attackers also perfected watering hole attacks, making each attack more selective by infecting legitimate websites, monitoring site visitors and targeting only the companies they wanted to attack. This makes it far more difficult for administrators and security teams to keep up to date on the latest attacks and protection measures, so a robust and agile Web Application Firewall or WAF isn’t a luxury – it’s a requirement!

Many organizations started extending their business by using cloud-hosted or web-based applications. Web-based applications currently become popular because it’s simple, user doesn’t need to install anything, users with any device(mobile device, desktop, and future device that don’t exist yet) can access and able to use it immediately. There is no waiting for the version of the app to be released and you need only have one person/team maintaining a single code base. Single-source means that there is a single version of the code base that all users across all platforms access and use. As these web- based applications become more popular, attacks become increasingly sophisticated and frequent, threatening enterprise data.

Here’s a some considerations when selecting Web Application Firewall or WAF:

1. Network Architecture and Application Infrastructure
Web Application Firewall or WAF are designed to watch and respond to HTTP/S traffic. They are most often deployed as appliances in the line of traffic between the requester and the application server, inspecting requests and responses before forwarding them. Inline deployments tend to be most effective in actively blocking malicious traffic based on policies and rules that must be applied judiciously to avoid dropping legitimate traffic. There are three types of inline deployments: Reverse Proxy, Router mode and Bridge Mode.

A Web Application Firewall or WAF can also be deployed “outline” which allows the Web Application Firewall or WAF to observe traffic from a monitoring port. This non-intrusive “passive” deployment option is ideal for testing the Web Application Firewall or WAF without impacting traffic, yet still enabling the Web Application Firewall or WAF to block malicious requests.

2. Performance, High Availability, and Reliability
Web Application Firewall or WAF play an essential role in maximizing throughput and ensuring the high availability of the application(s) they protect. Web Application Firewall or WAF capabilities should include features that address these factors directly:

3. PCI DSS Compliance
The best Web Application Firewall or WAF can identify, isolate, and block sophisticated attacks without impacting legitimate application transactions. In addition, some Web Application Firewall or WAF offer PCI reporting, which determines if compliance regulations are being met, and if they are not, details the steps required to become compliant.

4. Data Classification of Protected Applications
Web Application Firewall or WAF solution needs to be able to understand the application and the data that it is protecting. If that data is encrypted, Web Application Firewall or WAF must be able to decrypt the information and then classify the data within the apps in order to provide additional protection. A strong Web Application Firewall or WAF can terminate SSL traffic, expose what is inside it, and make security decisions based on the encrypted data.

5. Visibility and Reporting
Reports provide visibility into attack and traffic trends, long-term data aggregation for forensics, acceleration of incident response, and identification of unanticipated threats before exposure occurs. Many Web Application Firewall or WAF also integrate with database security products to give administrators a real-time view into the operation of their websites, and provide reports on web-based attempts to gain access to sensitive data, subvert the database, or execute DoS attacks against the database.

6. Automatic Attack Detection
A strong Web Application Firewall or WAF extends bot-defense capabilities to deliver always-on protection—preventing automated layer 7 DDoS attacks, web scraping, and brute force attacks from ever materializing. This proactive approach to detection identifies more evasive bot sequences that may escape traditional detection methods, and identifies unauthorized, automated attacks upon the first attempt to access an application.

7. Device ID and Fingerprinting
Browser fingerprinting captures browser attributes in order to identify a client. This is a great way to identify or re-identify a visiting user, user agent, or device. This persistent identification of a client is important in that it allows tracking across sites. Attributes can be very revealing, enabling you to draw inferences about visitors, track users across origins, and share information, all to identify repeat offenders.

Fingerprinting-based identification is not always reliable and may not work with all device or browser types. Check with your Web Application Firewall or WAF vendor for a list of supported devices/browsers, specific features supported, a list of attributes collected, and what information is reported (e.g., the number of cookies deleted, unique data found).

8. SSL Offload
SSL processing can put a strain on application resources. Offloading SSL computation to other network resources allows applications to dedicate important CPU resources to other processing tasks, which can improve performance. Web Application Firewall or WAF that support SSL offloading maximize the utilization of the applications they protect, eliminate the need to buy additional hardware, and increase the value of the Web Application Firewall or WAF itself. Make sure that the Web Application Firewall or WAF you’re considering can offload that processing work to keep everything running smoothly.

9. Anti-Fraud Capabilities
More advanced Web Application Firewall or WAF solutions integrate with web fraud detection services to simplify deployment, streamline reporting, and strengthen the overall application security posture by thwarting requests from validated fraudsters. These integrated services should enable organizations to rapidly respond to threats at the network and application level.

Web Application Firewall or WAF should efficiently and accurately correlate application attacks—including web scraping, and DDoS, brute force attempts—with client-side attacks targeting end users. Moreover, a good Web Application Firewall or WAF should allow you to easily understand the full scope of the fraud threat across the network, application, and user

10. Scalability and Performance
Organizations need to ensure application availability, even when under attack. The best Web Application Firewall or WAF can help you dynamically boost performance with application optimization and acceleration technologies like fast caching, compression, SSL offloading, and TCP optimization. An enterprise-grade Web Application Firewall or WAF, with robust appliances and through centralized management, can easily scale to handle large volumes of traffic. In addition, cloud-based Web Application Firewall or WAF can be deployed on demand to achieve seamless and limitless scalability, resulting in better performance, faster response times, and cost efficiencies.

Conclusion:
A powerful Web Application Firewall or WAF solution enables organizations to protect against OWASP top 10 threats, application vulnerabilities, and zero-day attacks. With strong Layer 7 DDoS defenses, detection and mitigation techniques, virtual patching, and granular attack visibility thwart even the most sophisticated threats before they reach your servers. A good Web Application Firewall or WAF also enables compliance with key regulatory standards like HIPAA and PCI DSS.