In the world of IT, there is a continuous game of cat and mouse between cyber criminals and companies. In the IT industry we have to stay one step ahead of the hackers, at all times. Firewalls have improved security on the Internet in a big way. However, there are still many cyber security threats out there, and we have experienced a progress in the development of firewalls in order to better protect companies. This development can be spelled as Web Application Firewall, or WAF, because who doesn’t love a good acronym ;). In a previous blog post we described how a WAF works, but what kinds of companies can benefit from using one?
Which companies can benefit from using a WAF?
A Web Application Firewall (WAF) is a way to regulate access to web applications. Therefore, most companies would benefit from using a WAF, but let us guide you through some examples. Some instances where we strongly recommend using a WAF are for start-ups/re-launch, and when an existing customer/established company wants to make changes to their web application.
In a start-up phase, you might not know what a ‘normal’ traffic pattern looks like. A WAF can then learn what legitimate traffic looks like for that particular web application. Established companies that already have a WAF might one day decide that they want to rewrite their web application. In this instance the software can learn traffic patterns in the same way. This allows customers to focus more on their core service, and they do not need to put too much effort into figuring out how the network is built.
Many of those who currently use a Web Application Firewall are major banks and financial institutions, where it is critical to protect their services against hackers. However, in reality, anyone who has a web application and believes that it is worth protecting should use a WAF. This is to ensure high availability and counteract the risk of data loss and data corruption.
Why do we see the development towards WAF?
If you look at security trends and IT trends, you can see that more and more organizations are using the cloud. This development has led to a paradigm shift in the view of security. Companies and service providers are now looking at security from an application perspective instead of a network perspective. Traditionally you spoke about firewalls; nowadays you talk about application firewalls.
This ‘application perspective’ also applies to cyber crime. Many attacks today take place on an application level and not at a network level. Cybercriminals want to take down the application itself. With a Web Application Firewall, you can more easily protect yourself against the most common attack types, such as cross-site scripting and SQL injections.
WAF and application firewalls sound like a ‘Holy Grail’, how come not all companies use it?
Traditionally, there has been one way of looking at security. And it has been how to protect on a network level instead of how to protect the application itself. We are now experiencing a paradigm shift.
Moreover, the technological ability to protect the application has not existed for very long, and in the future we will see more companies choosing WAF. Especially since many companies are moving their IT environment to the cloud.