What Is a Web Application Firewall?
A web application firewall (WAF) is different from your typical network firewall (firewall). It is a solution developed specifically to address an often neglected but critical component of the security architecture — application layer security.
Why Is a Web Application Firewall Necessary?
Modern enterprises deploy a diverse array of web applications. Whether it’s public-facing websites or private intranets used for cross-team collaborations, the inspection of web traffic for threats needs to be granular and also intelligent enough to adapt to new and custom web apps.
The network firewall, which filters network traffic instead, is severely limited in protecting web assets. Because a network firewall’s access control is based on network-layer attributes, it is incapable of stopping attacks from applications already authorized to communicate through the firewall.
On the other hand, a web application firewall inspects data packets on the application level, validating inputs and detecting abnormalities in web protocols to identify application-specific threats.
Just as its name suggests, the basic function of a WAF is to detect and block web attacks like SQL Injection and Cross-Site Scripting (XSS) attacks. By blocking web attacks, web application firewalls serve as an effective solution against sensitive data leakage, unauthorized access, and website defacement or cross-site request forgery (CSRF).
Evolution of Web Application Firewalls
Generations of WAF technology can be distinguished based on their main operating principles.
1st Generation WAF: Pattern-matching detection
The first generation of web application firewalls utilized two types of lists to determine whether or not to block traffic: whitelists and blacklists.
The whitelist is a list of characteristics that define legitimate traffic and the blacklist is a list of dangerous attack patterns. However, 1st Generation WAFs oftentimes mistakenly identify safe access as an attack and block safe traffic. This is called a “false positive”. To reduce these misdetections, an administrator had to update both blacklists and whitelists constantly.
Not only did 1st Generation WAFs place a significant burden on system administrators, they were not particularly effective.
2nd Generation WAF: Automated whitelists
The second generation of web application firewalls automatically established whitelists by monitoring web applications over a period of several weeks.
However, this approach is not suitable in the current web environment where web attack patterns are rapidly changing. In addition, the whitelists that are generated still required manual configuration by an administrator who also has to constantly maintain blacklists of all conceivable attacks.
As such, the 2nd Generation WAF failed to significantly alleviate the burden on system administrators. To address all these issues, the third generation of WAFs was developed — the “Intelligent WAF”.
3rd Generation WAF: Logic-based detection
The third generation of web application firewalls combine various techniques such as blacklisting, whitelisting and data packet analysis to logically detect and categorize attacks.
In this way, false positives encountered are greatly reduced compared to with 1st and 2nd Generation WAFs. Furthermore, due to the logic-based approach to detection, new variants of attacks, along with modified attack patterns can be detected by intelligent 3rd Generation WAFs with minimal signature updates. Essentially a signature-free solution, the performance degradation impact of previous generations of signature-based WAFs relying on continuous signature updates is now avoided.
System administrators can instead focus more on policy management, optimized around attack characteristics, rather list management which is inefficient.
Market share leader for three consecutive years, WAPPLES is the Web Application Firewall (WAF) of choice for customers in the Asia Pacific.
Besides blocking basic web attacks, WAPPLES is deployed to effectively guard against sensitive data leakage, block malicious web access and prevent website defacement in this era of intensified attacks.
Powered by an intelligent detection engine, WAPPLES is capable of combating the newest threats, including attacks often utilized in Advanced Persistent Threats (APT) launched by malicious agents to obtain data assets of governments and enterprises or for terrorism or political gains.
As a market share leader in Asia-Pacific for four consecutive years, WAPPLES is the web application firewall (WAF) of choice for enterprises, governments, and NGOs worldwide.
Most recently mentioned on the Gartner Asia/Pacific Context: ‘Magic Quadrant for Web Application Firewalls’ 2018
Intelligence Allows Top Performance
While traditional WAFs depend on high-maintenance signature updates for low-accuracy pattern-matching, WAPPLES uses a logic-based detection engine called COCEP™ (Contents Classification and Evaluation Processing).
Utilizing 34 pre-configured detection rules, modified and even unknown attacks are categorized and blocked heuristically and semantically. This proprietary technology allows WAPPLES to deliver superior security with industry-leading accuracy and low false-positive rates under various network environments. Maintaining high stability and performance, WAPPLES’ ease of deployment and the low operational workload was recognized by Gartner as what made the WAF a popular choice for surveyed clients.
Through the analysis of an attack’s characteristics, WAPPLES is able to identify attacks that utilize new patterns of exploit that often bypass typical WAFs utilizing signature-based detection engines.
1st and 2nd generation WAFs that operate on blacklists and whitelists lag behind due to their reliance on signature updates to detect the latest threats. In comparison, the sophistication of security that WAPPLES can provide greatly surpasses that of signature-based WAFs.
WAPPLES Product Family and Related Services
Appliance-type WAF product
Virtual WAF optimized for cloud environment
· Logic-analysis based COCEP™ engine protects websites against OWASP Top 10 risks
· Extremely low false-positive rates through heuristic and semantic traffic analysis
· Utilizes 34 detection rules that can be fine-tuned to create robust custom security policies
· Defense from known, zero-day, and HTTP DDoS attacks
· Validity testing (Luhn: ISO/IEC7812) prevents leakage of sensitive data
· Minimal changes to existing systems
· Quick setup with pre-configured security policies
· Statistics visualized on a centralized dashboard
· Intuitive and easy-to-use GUI management console
· Increases efficiency in web security management
· Can be deployed in Reverse proxy, Inline, or High Availability (HA) configuration modes
· Support for EtherChannel and Multi-Segment
· Integration with SIEM
· Optimized core provides enhanced performance
· High processing power with in-memory computing capability
· Stable performance even with strict security policy settings enabled
· Increased bandwidth through bonding technology
Ready to Find out More?
Drop us a line today for Free Resources?