Purchase Web application firewall? You must consider these questions (1)

Purchase Web application firewall? You must consider these questions (1)

Web Application Firewall is a complex product. In this article, expert Brad Causey describes the key issues that enterprises need to consider before purchasing WAF products.

To ensure the security of Web applications, multiple layers of security defense are required. The most important thing is the Web application firewall. Considering the confidentiality, availability, and integrity of Web access data, WAF is a critical defense layer. This guide aims to help enterprises purchase WAF, providing enterprises with key considerations when investigating the market.

For WAF, the price, deployment method, complexity, and many other specifications are very large. Before purchasing WAF, enterprises should first understand their business needs, functions, and available resources (such as internal talents and funds), which can help enterprises select products that best meet their requirements. Proper planning and careful evaluation of market products are also important.

The points and problems listed below aim to provide enterprises with methods to move forward in the right direction and make a correct assessment. These key factors include determining how WAF is integrated into the environment, detecting and responding to attacks, executing log records, and WAF management and maintenance requirements. Enterprises should answer these questions for each WAF product they are investigating, which will help them narrow down their selection scope to products that meet their needs.

How can WAF be integrated into your environment?

One of the most critical issues to consider when evaluating WAF is deployment. In other words, how can we make WAF work? There are some different WAF deployment options. Enterprises should consider each option and determine which WAF type is most suitable for themselves based on the existing environment of the enterprise. In many cases, deleting products that are not suitable for their networks and IT environments will help policy makers narrow down the scope of suppliers and products.

· Internal Devices: this common WAF deployment method involves network deployment devices between users and Web applications. This method usually requires some internal expertise, because the Administrator will change the internal network configuration. Ideally, the company has relevant internal technical staff or sufficient funds to pay for the deployment services provided by the supplier.

· Cloud-based WAF: This WAF method usually requires enterprises to redirect DNS records to resolve the IP addresses of WAF vendors and forward Web traffic from vendors to actual application hosts. In many cases, enterprises will need to provide their SSL keys because the vendor's server decrypts the data before forwarding.

Performance problems may occur here because the traffic goes through additional steps before it reaches the Enterprise Server. However, most vendors have sufficient bandwidth, so in most cases this is not a problem (but remember this ). This cloud-based WAF is generally easier to deploy because it only requires DNS changes (and may require an SSL Key) and does not require internal IT skills. Note: Many cloud-based products also provide DDoS protection.

· WAF integration: code-based or software-based WAF is most likely to require direct changes to Enterprise Web application code or its Web servers. This is a good choice for skilled people and is cheaper than other WAF products. It does not need to change the network architecture or DNS redirection. At the same time, the integration of WAF products has the least overall impact on the network, system, and performance.

When evaluating the type of WAF that an enterprise wants to buy, it is best to talk to the supplier and involve internal technical teams. Some requirements or restrictions may not be discovered on the surface, but may have a significant impact on final decisions. This example includes how the selected integrated WAF can be used with the Web server, so that the Web server administrator may avoid problems during the deployment process. Another common problem is that by Loading heavy network-based content through cloud-based WAF, network teams and performance testers can be involved to ensure that users will not experience latency issues.

Another important factor is how WAF handles Secure Sockets Layer (SSL). SSL protects the security of website identities and data on the Internet. From the perspective of SSL, WAF deployment is different.

In cloud or device-based WAF deployment, enterprises need to decrypt traffic to view traffic. This involves terminating an SSL session and recreating it (if needed), or decrypting the session-when they pass through WAF. Make sure that the selected product supports these options.