Now, the market exists a large number of true and false Web application firewall products, the user's understanding of it is not clear enough, coupled with the industry's lack of Web application firewall measurement standards, Web application Firewall evaluation of the good or bad becomes very difficult.
In fact, to choose a good Web application firewall is not difficult, the following aspects can be examined:
1. Attack interception capability
The primary function of WAF is to protect against web attacks, so the ability to intercept attacks is critical. A good WAF products for the Web server for a variety of popular attacks must have a strong defense capabilities, but also should have a certain degree of supervision of data leakage, should be able to conduct IP audits. In addition, it should be possible to discover the usage patterns of exceptions in a timely and accurate manner and to prevent the current unknown attack methods.
The Barracuda Web application firewall, for example, provides a powerful two-way scanning mechanism for HTTP requests to provide URLs, form parameters, headers and cookies, and other security scans, as well as powerful application-layer DDoS protection and forced browsing and cross-station request forgery attack protection.
2. Service Supporting ability
Security is a constant struggle, and the technical strength of the security product provider is critical. Therefore, the product is only a tool, the occurrence of security incidents when the manufacturer can provide emergency services, the first time to solve the problem is also to be considered. The final step also needs to consider the ease of use of the product, if a product brings higher management costs, this is also the enterprise does not want to happen.
In the case of Barracuda, the Barracuda Service team will monitor the development of the Internet on a 7x24 basis, constantly updating the rules base of the products around the world, including virus database, attack feature library, etc. Moreover, the professional technical team, solid technical skills, so that Barracuda's after-sales service is also in place, can be 7x24-hour rapid response to user problems and needs. Active defensive function, can do the best defense to the popular function. Security is not, there will be a continuous process of confrontation, which needs special attention. It is important that the product be updated in time.
3. Scalability
The Web application firewall is connected to the Web server while it is in the background, but it cannot only protect a single server. Many enterprises have a large number of Web servers, and Web application firewalls should be able to support application delivery and load balancing.
Like the Barracuda Web application firewall, its simple and efficient load balancing function ensures that the organization's web site is nearly 100% continuous and can significantly shorten response times and enhance its customer experience.
4. Regulatory Compliance
Some industries are faced with compliance needs, and will require organizations to provide relevant statistical reports, WAF should be able to help organizations easily meet this requirement. Like the Barracuda Web application firewall is the CPI recommended solution that can fully meet the requirements of the Symbian Act.
5. Reference WAFEC Standard
WASC (Web Application Security Association) is a non-profit international expert society, the Organization launched the WAFEC (Web application Firewall evaluation criteria), in order to develop a set of reasonable testing methods for the Web application firewall products to test and evaluate the pros and cons. At present, WAFEC has been used by more and more manufacturers and users to evaluate Web application firewall, which includes deployment mode, HTTP protocol support, detection technology, defense technology, auditing, reporting, management, performance, XML, active learning, authentication, etc. To a certain extent, help us to accurately compare and evaluate Web application firewall products.
Like the Barracuda Web application firewall, the WAFEC is fully compliant with the evaluation criteria, and the Barracuda is closely following WASC's research results to keep the product's technology leadership at all times.
This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/