The evolving Web application firewall

In the coming months, the Web application firewall vendors Citrix, F5 Networks, Imperva, Netcontinuum, and protegrity will add some functionality to their products to enable them to play a greater role in protecting networked enterprise data.

Effective defense of applications

Although traditional firewalls have effectively blocked some packets in the third tier over the years, they are powerless to prevent attacks that exploit application vulnerabilities. Web application firewalls can detect application anomalies and sensitive data such as credit cards and social Security numbers, and block attacks or covert sensitive data.

Rob Whiteley, analyst at Forrester study, said: "Many companies with Web applications have no Web application firewall to deal with the past." "Most enterprises protect traffic with SSL encryption, while others use SSL VPN to ensure that authorized people can connect to Web applications."

Companies such as financial services usually buy the product, Whiteley says. "Application firewalls are good for businesses that can't afford to have any problems." They do not want to leave a loophole because there is no firewall applied, "he said," and it is right to provide some protection for yourself. ”

Web application firewalls integrate with load-balancing devices and application switches that ensure Web application availability to create products that can address both accessibility and security. Andrew Jaquith, an analyst with Yankee Group, believes that such a platform can keep the server's availability and vulnerability to end users and ensure that traffic to and from the data center is not compromised.

The standalone Web application firewall checks HTTP and HTTPS traffic at the application level and searches for an attack program that tries to muddle through while the legitimate application is running. "These products can prevent some people from using malicious attacks to make some websites leak sensitive information or to break in illegally," Jaquith said. ”

Converging

While Web application firewall vendors are working differently to solve the problem of accelerating and protecting Web application traffic, the Web application firewall's location on the network will not change, and in front of the application server, the capabilities that vendors provide may include load balancing, compression, encryption, Reverse proxy for HTTP and HTTPS traffic, check application consistency, and converge TCP sessions.

In this context, Citrix argues, the company's goal is to integrate Web applications with application switches so that the device can allocate traffic to the server, and also analyze traffic carefully to find application-tier attacks. Varun Nagaraj, chief executive of Netcontinuum, said: "Netcontinuum is expected to add some software tools next year that make it easier to apply security policy configurations." "The company is also considering what role application gateways should play in identity and access management, based on scenarios such as security assertion Markup Language."

Erik Giesa, vice president of product management and marketing at F5, said the company would rely on the protection of XML (Extensible Markup Language) and SIP (Session Initialization protocol) traffic to support Web servers and VoIP. It is also seeking to increase WAN acceleration technology in its platforms and to create a software developer toolkit to encourage the creation of a self-protection application that can block traffic once it discovers an intrusion. The application will be combined with software that manages the F5 big IP application switch, creating a rule that blocks suspicious traffic within the big IP.