Firewalls contributed greatly in the improvement of the overall security posture of companies since their introduction in the late 1980s. With time, they have evolved and morphed to adapt to new technologies and, more importantly, new threats.
WAFs were developed in the early 1990s and were a new species of firewall initially created to protect against threats that traditional firewalls couldn’t handle. These threats were considered dangerous because they used protocols that are authorized like HTTP and attacked the application over that protocol. This was so dangerous because hackers could bypass traditional firewalls and launch attacks over authorized protocols to steal information and compromise systems, it was an effective way to bypass traditional firewalls back then.
Over time, modern WAFs have evolved into a number of different categories, each having pros and cons. There are three main categories for WAF and they are: network-based, application-based and cloud-hosted.
Network-based WAFs are the traditional type of this technology and they have several benefits and drawbacks. The main benefits are being hardware-based and local, reduce latency and negative performance impacts. The main drawback is the cost, as it is more expensive to both purchase and implement.
The second category is Application-based WAFs, they are installed close to the application, on the hosting platform, and can be integrated into the application as well. Some of this category’s benefits include increase in performance and offers more customization options. For instance, an open source WAF called ModSecurity can be installed in Apache as a module, and it can take fully utilize the features while leaving the overhead to be handled locally by the server. Another benefit that this category has is low cost deployment. On the other hand, the drawback in this category include limitation in flexibility and scalability.
The third category is Cloud-hosted WAFs and it offers a firewall application with low-cost/low-effort implementation for companies. This category is easy to deploy since it requires a simple DNS change to redirect traffic and it can be obtained through subscription. The drawbacks of this category include customization and performance limitations, they are often a viable stop-gap product that can be deployed rapidly.
If you see that WAF can provide extra security layer for your company but not sure how, feel free to contact us and we will appoint our IT Security team to guide you through successful understanding and implementation of Web Firewall Application (WAF).