
Technology solution providers (TSPs) know hackers aren’t just attacking businesses’ networks. They’re also assailing their applications. Therefore, you must deploy web application firewalls (WAFs) and network firewalls to protect your clients’ operations and data.
To provide your clients with the greatest degree of protection, however, you need to be sure that the web application firewalls you choose have the right capabilities. WAFs aren’t all designed in the same way, and, unfortunately, they aren’t equally as effective in preventing or reacting to some types of cyberattacks.
By asking the right questions, however, you can develop a clearer picture of how a web application firewall works and how it can be an integral part of the total security solutions you provide your clients. Consider, for example, a WAF’s effectiveness against these three types of attacks:
Malicious Bots
Up to 47 percent of web traffic comes from bots – some for legitimate reasons, such as enabling search engines to find content. But most bot traffic has malicious intent, such as credential stuffing exploits, where hackers use stolen credentials to log into other services. Another example is contact scraping, where bots collect plain text email addresses or phone numbers to use in social engineering attacks.
Because bots’ activities, such as attempting to log in or copying a piece of content, are also things that human users could do, web application firewalls may not be able to tell the difference between a bot and a person on a website.
Ask your WAF vendor the right questions:
- Does the WAF only look at IPs to deny website or web application access?
- Does it enforce policies for application or website use?
- Does the WAF have machine learning capabilities to detect and stop new attack vectors?
DDoS Attacks
A WAF can work as a reverse proxy, which means when clients send requests to a website, the reverse proxy sends them to the web server. Clients don’t communicate with the server directly. This functionality of a WAF enables the detection of a distributed denial of service (DDoS) attack. Still, depending on the security solution you provide your clients, it may or may not be able to stop it.
Ask your WAF vendor the right questions:
- Does the WAF include deep packet inspection (DPI), which goes beyond reading packet headers to evaluate the packet’s content, which can show where it came from and can block malicious traffic?
- Are the criteria for stopping traffic rules based, or can the WAF assess traffic dynamically?
- What will occur if the DDoS attack swamps the WAF? Will requests go directly to the server?
Zero-Day Attacks
A zero-day attack occurs when hackers exploit a vulnerability that developers aren’t yet aware of or have had no opportunity to patch. Web application firewalls that take a rules-based approach to threat detection often won’t have the information they need to detect a zero-day attack.
Ask your WAF vendor the right questions:
- How does the WAF immediately stay up to date with the latest threats?
- Does the solution use artificial intelligence (AI) or machine learning to detect and stop new threats?
- What is the percentage of false positives, and how are they managed?
Could There Be a Silver Bullet?
Defending your clients from cyberattacks is like trying to hit a moving target. There isn’t a single solution to anticipate all the changes in the threat landscape this year or this week. You must constantly stay educated about attack vectors, vulnerabilities, and the most effective ways to protect your clients.
From your clients’ perspective, however, relying on your expertise in effective web application firewalls as a part of a Security as a Service solution will eliminate the need for their in-house resources to spend time attempting to put the right solutions in place. So, in effect, working with you could be the solution they need.