WAF’s Critical Role in the New WFH Movement

Many businesses had to adapt quickly to enable workers to work remotely during the pandemic, and cybercriminals adapted their strategies rapidly, too.

Web Application Firewall

The pandemic has forced IT administrators at many companies to expose internal-only apps previously to the public internet so remote workers can access them, opening up new vectors of vulnerability to a growing number of cyberattacks.

Nitzan Miron, vice president of product management, application security services at Barracuda, shares his perspective on how MSPs can adapt their security strategies to protect customers no matter where they’re working.

What’s the current state of the cyberattack landscape? It spiked with attacks related to the pandemic — has it plateaued, or is it still above average with activity?

Miron: We still see elevated attack activity on web applications. And there are still many people unemployed, underemployed, or quarantined as a result of the pandemic with too much time on their hands. Much of the attack activity we are seeing is not “institutional” hacking, but somewhat indicative of people with time on their hands and the knowledge to install basic hacking tools.

Has remote work made the need for WAFs (web application firewalls) more vital?

Miron: Remote work has forced IT administrators to expose apps that were previously internal to the public internet so that that remote employees can access them. Even worse, this has been done in a hurry so as not to affect the business. A WAF is vital to protect all public-facing applications, especially those that weren’t meant to be public-facing and may not have been audited to that standard.

At a time when businesses are readjusting revenue projections but also facing more aggressive cybersecurity attacks, how can they balance the two?

Miron: There is no need to buy the most expensive, most aggressive cybersecurity solution on the market. Attackers, especially those non-professional hackers who just have too much time on their hands, are looking for easy targets. Installing any WAF — even an open-source or more affordable one — will make you a much more challenging target than those who don’t, and it will help divert attackers elsewhere.

Can MSPs offer their clients solutions that can help them protect their businesses affordably?

Miron: Absolutely — cybersecurity is an area where MSPs can provide very clear value by bringing in expertise that the organization may not have in-house and is extremely hard to find. We have seen our partner MSPs expanding rapidly to cover the gap the pandemic created.

What advice can you offer MSPs regarding selling WAFs?

Miron: Don’t wait for customers to ask for WAF; they may not know they need it, or even what it is. Proactively reach out to your clients and ask them about their web applications and how they may be exposed to attacks.

Partner with a company that provides easy-to-use WAFs that can be deployed in minutes or hours, not days and weeks. This allows you to onboard many customers with the limited staff you have, and also allows you to provide more affordable solutions to match customers’ contracting budgets.