Reprinted from thehackernews, translated by Blue Mocha, please indicate the original translator and source as SuperShield !
At present, due to potential profit opportunities, Web applications have become the primary goal of the hackers . Security breaches in web applications can cause millions of dollars in damages.
What is striking is that the outages and distributed denial of service (DDoS) related to DNS (Domain Name System) have had a negative impact on the business. In a wide range of countermeasures, Web application firewalls are the first line of defense.
The basic function of a web application firewall is to establish a hardened boundary to prevent certain types of malicious traffic from acquiring resources . Although WAF has existed since the 1990s, this early technology can no longer keep up with the more and more complex networks of recent times .
They are not capable of providing complete application control and visibility . With increasing security risks, web application firewalls are no longer the only solution that can provide adequate protection.
Traditional WAF is half dead
Early period, Web applications are less common, Web threats will not be much. Malicious autonomous VPN programs are less complex and easy to detect. The safety requirements are low and can be solved through basic network security precautions .
Today, everything has changed. Web applications can exist in local, cloud or hybrid data environments. Customers and employees can access via the network from anywhere. Because IP addresses are constantly changing and are covered by CDN, firewalls cannot track the data that is changing, the destination of requests, and so on.
WAF should defend against various challenging and complex threats. The traditional WAF is defined as a hardware device, and most of its kind on the market now have the defects of being difficult to use, lack of visibility, and poor performance . To some extent, 90% of organizations say their WAF makes the process too cumbersome.
According to Ponemon's research , 65% of organizations claim that their WAFs have experienced triage, and only 9% of organizations say they cannot be destroyed. Therefore, companies should worry about the performance and safety of WAF.
Questionnaire
Challenges faced by traditional WAF
We often hear the voice of members of the industry, they have switched from the traditional Web application firewall to the new era of WAF . Most of the reasons that prompted them to switch were the following:
1. Technological innovation
Web application standards are constantly evolving, which raises the requirements for what WAFs must provide.
The increasing use of JSON payloads and HTTP/2 has forced most web application firewall vendors to compete with them. While the market expects continuous innovation, many WAF suppliers have become increasingly vulnerable.
2. Lack of scalability
Organizations’ need for network expansion has exacerbated some of the challenges: increasingly expensive, time-consuming, and complex. Deploying and maintaining device clusters has become very complicated.
DevOps and Agile methods need to be consistent cluster reconfiguration and re-tuning, which will make the security team of resource constraints.
3. Zero-day vulnerability
Although WAFs effectively monitor web traffic to prevent http-specific attacks , they cannot protect against zero-day attacks.
WAFs are designed to detect pre-arranged pattern - zero-day vulnerability can be a vector with any risk, but this is the case found in the pre-configured rules.
4. Block legitimate traffic
Another dissatisfaction of most WAF users is that it will inadvertently block valid traffic, also known as false positives . Although this sounds relatively harmless in terms of security, it can be disastrous for the organization. In severe cases, it may even prevent visitors from benefiting from application functions, blocking uploads or purchases.
One possible way to deal with this challenge is to implement the minimum number of patterns, but this may make the network more vulnerable. Most WAF solutions find it difficult to balance actions.
Unless you invest dedicated resources to manage it, it will be very difficult to get the value of traditional WAF . This is the biggest gap, because the traditional WAF cannot deliver on its promises.
5 、 DDoS***
Most importantly, DDoS difficulties can cause problems for WAF installation. We have seen many organizations use WAFs to prevent DDoS***. The main reason they claim is that WAFs can be upgraded to mitigate DDoS***.
However, the problem is that the traditional WAF is not set to resist large-scale DDoS***.
Moreover, today's applications are shared/provided by third-party platforms and cannot be protected by local defense layers. If there is no cloud-based WAF, it is difficult to plan capacity for the early , even if you do, it still has a limit.
Cloud WAF (especially the hosted Cloud WAF) has the ability to scale to solve this problem. Companies only need to pay based on value , instead of paying fixed fees for future or possible futures.
Understand the functions of WAF in the new era
Although many WAF providers claim to provide next-generation products, most providers use the same security model as traditional WAF, so the basic characteristics of WAF that can keep up with the needs of the new era include:
1. Application and Web usage control
What type of traffic should be blocked? Use multiple identification categories to identify their exact identities in websites and applications across the network and determine how to treat them.
The ability to accurately classify traffic is the core of the next-generation WAF. This prevents organizations from accessing illegal, malicious or irrelevant websites and applications.
2. Advanced web application security analysis
Cloud-based WAF can withstand the new types of security that most web applications are suffering, and can also analyze and improve visibility threats.
WAF monitors performance indicators in real time, highlighting real-time data of infrastructure, applications, and end users . Allows people to react before problems occur, so the WAF can be trusted to behave as expected.
3. Web application security assessment and malware detection
Companies sometimes want to grant access to social media platforms, but these platforms often contain malicious links or files . Providing and continuing WAF strategies related to application risks are the main advantages of WAF in the new era .
4. Full node defense
Monitor and analyze all globally deployed traffic. Once a security threat is found at a node, all nodes within the monitoring range will be deployed, updated and strengthened.
5. Automatic intervention
Cloud-based WAF not only relies on pre-defined policies and signatures to block traffic, but also provides managed services for accurate custom rules based on risk.
Based on real-time mode and behavior analysis, it continuously monitors and automatically filters out valid requests and malicious participants . It also provides virtual patches to prevent the emergence of exploiting zero-day vulnerabilities and other weaknesses.
Disclaimer: We respect the copyright of the original creator, and will indicate the author and source unless the author cannot be confirmed. The reprinted article is only for personal study and research. At the same time, I would like to express my gratitude to the original author. If copyright issues are involved, please contact the editor in time to delete