Why You Need A Web Application Firewall

The threats of web-based attacks from hackers are getting more frequent and more sophisticated. Every web application is at risk—from companies processing billions of dollars in credit card transactions, to those processing very little. Whether you use a commercial application or open source for eCommerce processing, your business is vulnerable.

If you’re not convinced that a cyber attack could happen to you, consider these five points:

1. Threats are evolving. Hackers are getting smarter, better financed, more automated and more criminal.
2. Web applications are the low-hanging fruit. Nearly 90% of companies have significant vulnerabilities in their Web applications. Hackers know exactly what to look for, and in many cases you never even know they were there until the damage is done.
3. Network and client security measures don’t prevent attacks. Common tools like firewalls, intrusion prevention systems, and anti-virus aren’t designed for attacks at the application level.
4. Web applications are growing. Applications are increasingly designed to run on browsers and the cloud, multiplying threats with each passing day. Web applications are replacing e-mail as the preferred delivery method for planting malware.
5. All companies have a lot to lose, such as the attack that cost TJ Maxx as much as $1 billion in lost revenue, fines and reputation. Small websites are not immune. Companies with an online presence are also prime targets for criminals using their sites as a launching pad for scams.

Most attacks are “stealth-like.”  Many companies do not even know they have been attacked.  Cyber criminals are looking at obtaining credit card information, social security numbers, addresses and other sensitive information while exploiting the vulnerability for as long as they are undetected.

A web application firewall, or WAF, protects web applications much in the same way a traditional firewall protects a network. It controls the input and output, as well as the access to and from the asset it is protecting. However, traditional network firewalls, and even Intrusion Prevention Systems (IPS), evaluate IP packets or protocols without an awareness of the application payload so they cannot provide protection to the application layer. Without an awareness of the HTML data payload these layer 3 devices cannot recognize and overcome the types of application layer threats that make web applications vulnerable to attack.

Unlike traditional firewalls that usually block access to certain ports or filter by IP address, web application firewalls look at every request and response within the different web service layers such as HTTP, HTTPS, SOAP, and XML-RPC. The meticulous inspection of web traffic that web application firewalls perform has also earned them the nickname “Deep Packet Inspection Firewalls”.

The best defense to prevent these attacks and ensure you are protected by a Web Application Firewall. This technology proactively monitors traffic and prevents suspicious requests from reaching the Web applications. A Web Application Firewall is part of Edge’s comprehensive suite of managed security solutions in the 5 Tier Security platform and is recommended with all web server configurations.