IT managers are faced with many difficult decisions today. The demands of performance, security, and economics are difficult to reconcile, and are only getting more challenging with the increasing number and complexity of internet attacks.
Another challenge that we are dealing with is the explosive growth of Web 2.0 applications, such as social media, blogs, wikis, video, mobility, instant messenger, AJAX, Flash, file sharing, and more… These applications cannot be secured by traditional firewalls, and the stakes are rising with sophisticated new threats such as botnets. Furthermore, with many enterprises adopting Cloud Computing and other cloud services that now reside outside of their corporate firewalls, a new element of risk is being introduced that is increasingly difficult to protect.
These complexities create several negative outcomes… downtime resulting in loss of revenue, loss of information due to compromise, financial penalties, such as those from HIPAA and PCI DSS, and most importantly, loss of customer confidence.
These problems have typically been dealt with by simply upgrading local infrastructure. Internet links and routers can be upgraded to capacities larger than your most recent (or most feared) attack, and physical firewalls, switches and IPS devices can also be put into place. In spite of these precautions, IT decision makers are faced with the following:
Attacks may still overwhelm local infrastructure
These costly investments sit underutilized for most of the time
Staff must face the challenge of managing newer and often more highly complex hardware
Between the investments of equipment, training and staff expenses, and the remaining high level of risk, the physical answer doesn’t make sense to many companies… a second tier of security is needed. This is where a Web Application Firewall (WAF) enters the picture.
Web Application Firewalls are delivered via a distributed network of global datacenters, with muti-10-Gbps of IPS and Firewall per node. Because these nodes intercept attacks at the very edge of the Internet near to where they are created, it greatly reduces the risk of local firewall saturation or compromise. Also, due to the distributed carrier-grade components, this cloud setup can absorb hundreds of Gbps of attack traffic at any time.
A WAF also blocks the big threats that traditional firewalls can’t deal with, such as DoS, DDoS, SYN Floods, and new application threats. More and more companies are using cloud tools as the first step of their corporate security, and it’s impossible to get the same level of security from a current-generation device.
Another important consideration is that organizations need next generation firewalls that provide full layer-7 awareness in order to protect applications. Today, firewalling is more than just blocking IPs, ports and packets, it’s about protecting applications because that’s what the Internet has evolved to – an application delivery platform. The next generation firewall needs to have tight integration between the IPS and the Firewall to constantly block evolving threats, and it needs to offer zero-day protection for new threats not yet seen.
It’s important to note that a Web Application Firewall does not replace, but rather augments internal security systems already in place. The ability to maintain current infrastructure and layer a cloud protection program on top is something that any business can benefit from.
One of the mantras for today’s enterprise could be, “living on the edge.” With the proliferation of the cloud and the digital services and mobile apps that it hosts, today’s enterprise is all about the edge. Chances are your company or organization has a web presence on the Internet thanks to Web 2.0, which gives […]
Cloud solutions have gotten a bad rap. They have incredible potential to minimize a business’s IT infrastructure, scale to meet rapid demand, support mobile workers, and cut costs, but they have also gained the reputation of being a risky investment. Many people are just not ready to trust a third party to secure their confidential […]
Server hardening is a necessary process. And it’s a never-ending one. From the moment you pull the machine out of the box (or create it in the virtual environment), it pays to be thinking about security. But server hardening can do more than keep your machine safe. It will help with performance, and it can […]
According to the FBI, ransomware became a billion dollar industry in 2016. That is right, $1 billion. If ransomware were a legitimate industry, it would be the focus of case studies in every business school in the world as its growth is unprecedented. This growth is attributed to four primary reasons. The amount of money […]