For small- and mid-sized businesses (SMBs) cutting through the marketing puffery are often intimidating. That being said, there is one venerable technology – (web application firewalls) WAF security – that’s emerging as an ideal fit SMBs in today’s environment, as all companies shift to deeper reliability on cloud services and mobile applications.
I had the chance to get into the weeds of this trend with Venky Sundar, co-founder, and chief marketing officer of Indus face, a Bengaluru, India-based supplier of cloud-hosted WAF services (Indus face has numerous enterprise deployments and also offers equivalent protection, cost-effectively, to SMBs.)
WAF Resurgence
Web applications and mobile applications are where their actions are. SMBs must continually come up with cool new apps to remain competitive; it’s no surprise that this is often also where threat actors are focusing their attention.
Criminal hacking rings are completing big sweeps, 24X7, looking for well-known application vulnerabilities that they will manipulate to breach company networks. WAFs help businesses keep up track of those malicious probes by policing the malicious traffic from entering and scanning incoming HTTPS traffic and listening to parameters like IP address, port routing, cookie data, and incoming data.
They deploy a Web Application Firewall for several years has been that while they’re excellent at parsing HTTPS traffic, only too many companies like better to not instruct their Web Application Firewall to actually block any traffic that might be malicious.
Fast forward to the present era of digital transformation. Malicious hackers have stepped up their game. This has proven to be an ideal found out for a Web Application resurgence. WAFs are making high use of in-depth threat intelligence feeds – from OWASP et al. And WAF suppliers are upping their game also, providing richer threat analysis and reducing the speed of false positives.
WAF market
And, indeed, the worldwide WAF market is growing annually at an estimated 17 percent clip; companies are projected to spend $8 billion on WAF services by 2026, up from $3.2 billion in 2020, according to Mordor Intelligence.
“Web Application Firewall sits as a gateway before an application intercepting all traffic,” Sundar says. “It is often a typical web app or a mobile app employing an internet API. . .. so, Web Application Firewall sits within the midst of all this traffic and should be tuned to make decisions, in real-time, whether something has malicious intent.
“So, if the bad actor does a series of things and surpasses a threshold. Showing his malicious intent, then it becomes the company’s responsibility to dam him out. And make sure the backend applications get only pure legitimate traffic.”
Managing Vulnerabilities
This is where extending the legacy role of Web Application Firewall comes in. In addition to only detecting and blocking malicious traffic, WAF suppliers, Indus face among them, have begun integrating other proven security tools into their core offerings; services like runtime malware detection, protection from malicious botnet activity, and anti-DDoS technologies are being woven into WAFs.
For its part, Indus face is leveraging machine learning and automation specifically to assist SMBs to find and shut well-known app vulnerabilities. Before the bad guys’ sweeping probes can flush them out and cash in, Sundar told me.
It does this by conducting a vulnerability scan that checks each of the company’s applications against the OWASP catalogs. This risk assessment can help company leadership sleep better in the dark.
You can start by identifying your application risks. And then you create policies that supported those risks. When you observe your policy blocking somebody who is doing an equivalent probe over and over. You’ve got confirmation that somebody is probing certain weaknesses.