The importance of having a WAF in your security stack

Empowering access without vulnerability

HTTP has become the default method of application delivery. Leveraging sophisticated programming and scripting languages such as HTML5, JavaScript, and PHP, modern web applications are feature rich and deliver real productivity gains for customers.

That said, increased sophistication also creates potential security vulnerabilities. Modern applications commonly access sensitive information stored on internal and external databases, connect to third party resources, and provide interaction via a myriad of methods such as web browsers, mobile apps, and APIs. It is for these reasons that attacks on web applications have become one of the leading causes of company data breach, and thus protecting web applications is now a critical component of an organisation’s overall cyber-security strategy.

What is a WAF?

Web Application Firewalls (or WAFs), fit into a category Gartner now defines as Web Application and API Protection (WAAP). Unlike a Next Generation Firewall (NGFW), WAF solutions are purely focused on protecting hosted web applications and inspect and parse all inbound and outbound traffic for malicious code and behaviour, providing protection from a variety of application layer (Layer 7) based attacks.

Radware’s Cloud WAF is part of a full suite of cloud security services provided by Outcomex as part of your 360-degree defence. Unlike other WAF solutions, Radware’s Cloud WAF uses automation and machine learning to simplify the notoriously difficult job of managing a WAF. The solution continuously analyses each application for changes, updating policies accordingly while auto-correcting false-positives

Snapshot: Radware Cloud WAF capabilities

Positive security model

In contrast to a negative security model, which blocks traffic based on already known signatures, a positive security model accurately learns and baselines legitimate traffic, and rejects everything else. Both a negative and positive security model allow for the effective mitigation of zero-day attacks.

Machine-learning based auto policy generation

Configuring a WAF is acknowledged to be difficult, especially for organisations with many complex applications. Radware’s Cloud WAF generates security policies automatically, and then continuously monitors each application for changes and updates.

Best-Of-Breed API Protection

Gartner predicts that by 2022, application programming interface (API) attacks will become one of the most-frequent attack vectors, leading to data breaches for enterprise web applications. Radware’s Cloud WAF automatically catalogues and defines known and unknown APIs, and then protects them from attack with a positive security model.

Fully Managed Solution

Radware’s Cloud WAF service is overseen by a team of security experts, who will monitor automatically generated policies, and support application onboarding.

Three reasons why you need Radware Cloud WAF in your security stack

#1 Less manual intervention and human error

Auto policy generation maps applications and automatically creates security rules and policies. Using machine learning algorithms, the service quickly and continuously evolves policies to address rapidly evolving threats, as well as detect changes in the underlying application.

Automation and machine-learning reduce the risk of human error and the costs of labour-intensive manual rule definition and maintenance, proving significantly improved security with lower overheads

#2 Quality of security coverage

Negative security models define and maintain the traffic that is disallowed to an application, and are based on a static set of rules based on specific, previously seen attacks or ‘attack signatures’. This approach alone tends to generate more false positives and false negatives, and offers lower quality protection.

A false negative is when the WAF does not detect and block an attack. A false positive is when legitimate user traffic is identified as a threat and is blocked. Productivity and operational demands mean businesses are more sensitive to false positives, and when they occur it typically leads to a relaxation of WAF policies, typically at the expense of security.

Radware’s Cloud WAF provides better quality security coverage using positive security models, based on a baseline of legitimate traffic obtained through advanced machine learning. Only legitimate traffic is allowed, everything else is blocked. Quality of security coverage is also increased by auto policy generation technology that enables an incidence reduction of both false positives and false negatives.

#3 Sophisticated API protection

Applications are more complex and elastic than ever before, and use APIs for IoT device integration, backend systems, microservices, mobile apps, serverless architectures, event-driven processes, and much more. While API’s bring enormous benefit, they also significantly increase exposure.

Unfortunately, most organisations aren’t even aware what API’s their applications are exposing.

Radware API Protection, a key component of Radware Cloud WAF, automatically maps and catalogues known and unknown application APIs. The solution parses all API traffic to and from each application, learning legitimate API schemas and traffic, and blocking attacks and malicious behaviour.

Add Radware’s Cloud WAF to your security stack with Outcomex

Talk Radware with your Outcomex account executive or reach out to our sales team at sales@outcomex.com.au.