Functions and values of Web Application Firewall

With the full application of Internet Web technology, for Web application firewall, all security enterprises are excited due to the market blowout. However, it should be noted that not all the "Boxes" that provide protection for Web servers are Web application firewalls. In fact, a standard Web application firewall must have at least four functions.

First, security protection. This is a good understanding. We must be able to defend against Web server attacks and monitor data leaks.

Second, acceleration. In addition to protection, enterprise users need to control the operation efficiency of applications in the network, such as buffering the TCP protocol, accelerating SSLVPN, and uninstalling access management, WAF must be able to provide acceleration capabilities.

Third, scalability. The Web application firewall is related to the Web server when it is connected to the backend, but it cannot only protect one server. In fact, many enterprises have a large number of Web servers, and Web application firewall needs to provide support for application delivery and load balancing.

Fourth, IP audit. When the Web application firewall filters all traffic, it must have a set of policies-which traffic needs to be blocked and which can be ignored. These related policy standards and policy models need to support popular enterprise applications.

Three technologies

From a technical perspective, the current market of Web application firewall is divided into three types of technology. The first type is enhanced IPS technology, which is equivalent to Deep Packet detection. The early IPS were not very detailed in packet filtering, and then they performed more in-depth packet detection functions on the Web.

The second type is the blacklist-based technical model. Based on past experience, some security companies collect statistics on attacks and attack regions around the world, and filter based on the blacklist of known threats.

As long as the attack comes from the blacklist, it can be filtered.

The third type is policy-based technical models. The starting point of this product design is to design products around Web applications, rather than simply solving one aspect of Web security. Its product design philosophy is based on strategies, such as the ten categories of policy models provided by Gartner. Such products can automatically monitor the entire background system. In addition to its own blacklist, more are policies. In addition, application acceleration and Server Load balancer modules must be integrated.

New category

From the perspective of technological development, many Web application firewalls are out of the firewall's category. It can be understood as a Web application delivery platform. Currently, policy-based firewalls are still the world of foreign vendors, such as F5, Citrix, and barracuda Netcontinuum. Unfortunately, Chinese manufacturers do not yet see a similar structure.

The challenge for Web application firewall is the customer acceptance. When users hear about the Web application firewall, they will inevitably think of the difference between this product and the traditional firewall. From the design perspective, the Web application firewall is completely different from the traditional firewall. Traditional firewalls are relatively simple and can be sold as a hardware box. However, Web application firewall is policy-based, not just hardware. It is closely related to enterprise Web security consulting and needs to be used in conjunction with consulting services.

According to the channel situation, common firewalls are based on traditional security distributors. However, it is difficult for these channels to sell Web application firewalls because they cannot understand enterprise applications, such as the features of OA, what system is MIS, and how ERP works.

It is not hard to see that the definition of Web application firewall cannot be measured by the definition of traditional firewall. Therefore, Gartner proposed the concept of application delivery. Its core is to measure the security of the entire enterprise. A single standard cannot be applied, and acceleration, balance, security, and other elements need to be integrated. Further subdivision will be made later, such as the Web application delivery network and mail application delivery network, which are hardware or solution platforms provided for specific enterprise applications. In other words, when facing the Web application firewall, users need to consider their own application characteristics and obtain security value based on the actual situation of the enterprise.