Buyer's Handbook: Use a web app firewall to halt app attacks

Available WAF features grow as demands on firewalls expand

Enterprises have been deploying firewalls to protect networks from internet attacks for almost as long as enterprise networks have been connected to the internet. But while firewall features were initially fairly basic, back when firewalls were simple network boxes tasked with sorting the good inbound packets from malicious ones, traditional firewalls operating at the network layer now are simply outclassed when it comes to protecting the web apps that have become so integral to the way the internet works.

This is where web application firewalls (WAFs) come in.

In recent years, available WAF features have expanded. That's because it is no longer possible to sort out and block potentially harmful network traffic based simply on IP source or destination addresses at the network layer -- or even based on the transport layer destination or source. The HTTP/HTTPS application layer protocols are too widely used to carry network traffic of all kinds for all kinds of applications. WAFs come to the rescue by offering greater visibility into application data to protect organizations from attackers attempting to either subvert or attack web applications.

Recognizing the need for a WAF is only the first decision. WAF features abound, not just in the form that the web application firewall is deployed -- as a hardware appliance or as a server-based add-on run directly on the webserver being protected or as a cloud-based service -- but also in basic functions desired. Do you need the WAF to detect zero-day web application vulnerabilities? To integrate with threat intelligence feeds? To integrate with legacy security systems?

In this buyer's handbook, expert Karen Scarfone explains not just why WAFs are needed and how they work, but also offers guidance on evaluating key WAF features.