Web Application Firewalls (WAF)

Almost every modern enterprise uses hundreds of Web, mobile or ERP applications to help run their operations. But as your number of applications grows, so does the number of security vulnerabilities within them that could be exploited to damage your business. The Verizon 2014 Data Breach Investigation Report (DBIR) shows that last year 35% of security breaches involved attacks against web applications, up by 14% since 2012. Moreover, Web app attacks were the most common cause of data breaches, followed by cyber-espionage, POS intrusion and insider misuse. 

Why do these attackers succeed? The fact is that most application security threats are created by developers’ mistakes that cannot be addressed with traditional security scanners, IDS/IPS or firewalls:

  • Attackers often exploit zero-day vulnerabilities, making signature analysis obsolete and confirming the need for adaptive solutions, self-learning and behavioral analysis techniques.
  • Modern corporate applications use different languages, protocols and technologies, as well as customized solutions and third party code. Protection of such applications requires thorough analysis of the application structure,user interaction patterns and usage context.
  • Modern firewalls deal with thousands of suspicious incidents. There is no time for security specialists to check them all manually to identify the real threats. There is an urgent need for automatic sorting, ranking and smart visualization of security events.
  • Even well-known vulnerabilities cannot be fixed immediately; patching of ERP or e-banking systems can take months. An application security system should have a mechanism to mitigate breaches while developers are fixing the code.
  • Secure SDL may dramatically reduce the cost of errors as long as they are fixed at the early stages of coding, but it’s hard to find effective automated solutions for code analysis.

Web Application Firewall (WAF), a smart protection system is a serious response to the security challenges created by today’s range of web portals, ERP and mobile applications. WAF can block 30% more network attacks than other firewalls thanks to several innovative security technologies:

  • Fast adaptation to your systems: Instead of applying the classical signature method, WAF analyzes network traffic, logs and users’ actions, constantly creating and maintaining areal-time statistical model of the application during normal operation. It then uses this model to detect abnormal system behavior. Together with other protection mechanisms, it ensures 80% of zero-day attacks are blocked without any special adjustment needed within the client.
  • Focus on major threats: WAF weeds out irrelevant attack attempts, groups similar incidents and detects attack chains — from spying to data theft or backdoor setup. Instead of thousands of potential attacks, information security specialists receive a few tens of truly important messages.
  • Instant blocking: WAF’s virtual patching techniques allow you to protect an application, even before insecure code is fixed.
  • Protection against security bypass: WAF handles data with regard to a protected server technology stack,analyzes XML, JSON and other protocols typically used in modern portals and mobile applications. It ensures protection from the majority of firewall bypass methods including HPC, HPP and Verb Tampering.
  • Behavioral analysis against robots: The mechanisms used against automated malware include protection from brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.
  • SSDL support: WAF provide developers with information about incorrect code in convenient formats including exploits, thus reducing the costs associated with secure development and testing.

The primary WAF benefit is providing protection for custom Web applications' "self-inflicted" vulnerabilities in Web application code developed by the enterprise. These vulnerabilities would otherwise go unprotected by other technologies that guard only against known exploits and prevent vulnerabilities in off the shelf Web application software. 

Secondarily, WAFs also integrate with other application and network security technology, such as application security testing (AST), distributed denial of service (DDoS) protection appliances, Web fraud detection and database security solutions. In addition, WAFs sometimes include performance acceleration, including content caching, and might be packaged with Web access management (WAM) modules to include authentication features — notably to provide single sign-on (SSO) for legacy or distributed Web applications.

Positive Technologies is a pioneer of the IT security industry, and has shipped its WAF, called PT Application Firewall, since 2013. Positive Technologies shipped its first WAF central management platform and introduced clustering capability in 2014. The vendor also has MaxPatrol (a vulnerability scanner that can look for general network vulnerabilities and SAP and ICS/SCADA vulnerabilities) and PT Application Inspector, which combines static, dynamic and interactive code analysis techniques. Positive Technologies' WAF product is currently available as a dedicated appliance, as a software version that can run on a third party appliance and as a virtual machine that is predominantly installed on the enterprise's premises; It can also be delivered as a managed security service through carrier partners. Its customers are distributed relatively evenly among the SMB, enterprise and large enterprise segments. Most of its customers are governmental agencies and financial institutions. 

With more than 10 years of security research and a huge knowledge base of vulnerabilities, the experts at Positive Technologies have amassed extensive experience in protecting enterprises of all sizes across a wide range of industries. Each industry has its own unique features and requirements are crucial to practical security. Every deployment of PT Application Firewall includes configuration to meet the specific needs of each client. 

Positive Technologies is rated as a Visionary because of its unique, leading edge security features. Organizations that are looking for high security first should consider adding Positive Technologies to their shortlists, but verify the level of local expertise on and support for the technology.

Our Technology Partners