Securosis White Paper – Maximizing WAF Value

Web Application Firewall (WAF) technology has been in use for well over a decade and during that time, the technology evolved from blocking ten known web threats to handling the most sophisticated web application threats. But, how well are organizations managing their WAFs and is the technology being used effectively and consistently? Independent research/analyst firm Securosis dives into the overall WAF technology process from deployment to management; providing organizations with best practices to maximize their security investment.

What You Need to Know

  • Securosis reinvigorated its research into WAF technology due to noted struggles WAF users experienced managing the technology as the threat landscape has evolved.
  • WAF technology is considered “difficult to deploy” and even more difficult to manage properly, often due to a lack of staff with proper security and application training.
  • Despite the noted struggles with the technology, Securosis notes that WAF’s continued popularity exists because “no other product provides comparable protection at the application layer.”
  • Additional research by Securosis also found a correlation between improper WAF implementation and an increased ability for penetration testers and attackers to evade WAF protocols and target applications directly.

What you’ll learn

  • The possible WAF limitations caused by factors such as ineffective policies
  • The risks associated with not having some type of WAF or filter in place to protect vulnerable web applications
  • WAF deployment models and proper rule creation
  • The importance of testing and tuning a WAF post deployment
  • Role of security analytics and threat intelligence

About this white paper

Maximizing WAF Value is ideal for organizations that are considering adding a WAF to their overall security plan and for those already with the technology looking to maximizing their investment and protect their web applications from the threat of web attacks.