Why a Web Application Firewall
IT managers are faced with many difficult decisions today. The demands of performance, security, and economics are difficult to reconcile, and are only getting more challenging with the increasing number and complexity of internet attacks.
Another challenge that we are dealing with is the explosive growth of Web 2.0 applications, such as social media, blogs, wikis, video, mobility, instant messenger, AJAX, Flash, file sharing, and more… These applications cannot be secured by traditional firewalls, and the stakes are rising with sophisticated new threats such as botnets. Furthermore, with many enterprises adopting Cloud Computing and other cloud services that now reside outside of their corporate firewalls, a new element of risk is being introduced that is increasingly difficult to protect.
These complexities create several negative outcomes… downtime resulting in loss of revenue, loss of information due to compromise, financial penalties, such as those from HIPAA and PCI DSS, and most importantly, loss of customer confidence.
These problems have typically been dealt with by simply upgrading local infrastructure. Internet links and routers can be upgraded to capacities larger than your most recent (or most feared) attack, and physical firewalls, switches and IPS devices can also be put into place. In spite of these precautions, IT decision makers are faced with the following:
-Attacks may still overwhelm local infrastructure
-These costly investments sit underutilized for most of the time
-Staff must face the challenge of managing newer and often more highly complex hardware
Between the investments of equipment, training and staff expenses, and the remaining high level of risk, the physical answer doesn’t make sense to many companies… a second tier of security is needed. This is where a Web Application Firewall (WAF) enters the picture.
Web Application Firewalls are delivered via a distributed network of global datacenters, with muti-10-Gbps of IPS and Firewall per node. Because these nodes intercept attacks at the very edge of the Internet near to where they are created, it greatly reduces the risk of local firewall saturation or compromise. Also, due to the distributed carrier-grade components, this cloud setup can absorb hundreds of Gbps of attack traffic at any time.
A WAF also blocks the big threats that traditional firewalls can’t deal with, such as DoS, DDoS, SYN Floods, and new application threats. More and more companies are using cloud tools as the first step of their corporate security, and it’s impossible to get the same level of security from a current-generation device.
Another important consideration is that organizations need next generation firewalls that provide full layer-7 awareness in order to protect applications. Today, firewalling is more than just blocking IPs, ports and packets, it’s about protecting applications because that’s what the Internet has evolved to – an application delivery platform. The next generation firewall needs to have tight integration between the IPS and the Firewall to constantly block evolving threats, and it needs to offer zero-day protection for new threats not yet seen.
It’s important to note that a Web Application Firewall does not replace, but rather augments internal security systems already in place. The ability to maintain current infrastructure and layer a cloud protection program on top is something that any business can benefit from.