Can Your Web Application Firewall Handle These 3 Cyberattacks?

How a WAF works can impact its effectiveness against some attacks. It begs the question, is the solution you’ve deployed good enough?

WAF Cloud Firewall

Technology solution providers (TSPs) know hackers aren’t just attacking businesses’ networks. They’re attacking their applications. Therefore, to protect your clients’ operations, their data — and their businesses — you need to deploy web application firewalls (WAFs) in addition to network firewalls.

To provide your clients with the greatest degree of protection, however, you need to be sure that the web application firewalls you choose have the right capabilities. WAFs aren’t all designed in the same way, and, unfortunately, they aren’t equally as effective in preventing or reacting to some types of cyberattacks.

By asking the right questions, however, you can develop a clearer picture of how a web application firewall works and how it can be an effective part of the total security solutions you provide your clients. Consider, for example, a WAF’s effectiveness against these three types of attacks:

Malicious Bots

Up to 40 percent of web traffic comes from bots, some for legitimate reasons, such as enabling search engines to find content. But most bot traffic has malicious intent, such as credential stuffing exploits, in which hackers use stolen credentials to try to log into other services, or contact scraping, in which bots collect plain text email addresses or phone numbers to use in social engineering attacks.

Because bots’ activities, such as attempting to log in or copying a piece of content, are also things that human users could do, web application firewalls may not be able to tell the difference between a bot and a person on a website.

Ask your WAF vendor the right questions:

  • Does the WAF only look at IPs to deny access to a web site or web application?
  • Does it enforce policies for application or website use?
  • Does the WAF have machine learning capabilities that can detect and stop new types of attack vectors?

DDoS Attacks

A WAF has the capability to work as a reverse proxy, which means when clients send requests to a website, the reverse proxy sends them to the web server. Clients don’t communicate with the server directly. This functionality of a WAF enables detection of a distributed denial of service (DDoS) attack, but, depending on the security solution you provide your clients, it may or may not be able to stop it.

Ask your WAF vendor the right questions:

  • Does the WAF include deep packet inspection (DPI), which goes beyond reading packet headers to evaluate the content of the packet, which can show where it came from and can block malicious traffic.
  • Is the criteria for stopping traffic rules-based, or can the WAF assess traffic dynamically?
  • What will occur if the WAF is swamped by the DDoS attack? Will requests go directly to the server?

Zero-Day Attacks

A zero-day attack occurs when hackers exploit a vulnerability that developers aren’t yet aware of or have had no opportunity to patch. Web application firewalls that primarily take a rules-based approach to threat detection often won’t have the information they need to detect a zero-day attack.

Ask your WAF vendor the right questions:

  • How does the WAF immediately stay up to date with the latest threats?
  • Does the solution use artificial intelligence (AI) or machine learning to detect and stop new threats?
  • What is the percentage of false positives, and how are they managed?

Could There Be a Silver Bullet?

Defending your clients from cyberattacks is like trying to hit a moving target. There isn’t a single solution that can anticipate all of the changes that will occur in the threat landscape this year — or even this week. You need to constantly stay educated about current attack vectors, vulnerabilities, and the most effective ways to protect your clients.

From your clients’ perspective, however, relying on your expertise in effective web application firewalls as a part of a Security as a Service solution will eliminate the need for their in-house resources to spend time attempting to put the right solutions in place. So, in effect, working with you could be the one solution they need.


Avatar

The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of XaaS Journal and DevPro Journal.