Xelon Blog | Xelon AG

WAF - an indispensable piece in the cybersecurity puzzle | Xelon AG

Written by Matias Meier | Jan 22, 2021 1:40:00 PM

 

Most security experts agree that a web application firewall (WAF) should be part of the standard inventory of every IT environment. However, WAF is often associated with high complexity, which discourages many SMEs from using it. But even an enterprise WAF can be configured and ready for use within a few minutes.

We show you here what you need to look out for.

 

Table of Contents

 

Whether CRM, project management or accounting: the trend towards web applications is nothing new and has been established for years. Where local applications were used in the past, programmes are now run as web-based applications and executed via a browser.

Due to the requirements for functionality and user-friendliness, these applications are often very complex in structure and contain numerous forms of interaction, such as via Javascript, forms or file uploads. 

Thereis no such thing as a 100 per cent secure application. Wherever people work, errors creep in. Bugs and security holes find their way into the code again and again. In many cases, applications are installed and rolled out in an abbreviated process in cloud environments or on local web servers because of the significant advantages. Classic firewalls offer little to no protection here.

Firewalls specially adapted to the web application are used: WAF.

These protect your applications from misuse, unauthorised access anddata loss and are therefore an indispensable piece of the cybersecurity puzzle, not least in view of the new EU Data Protection Regulation (GDPR).

_____

Xelon's security experts have compiled tips on how companies can protect their IT infrastructure from cyberattacks and data theft in 2021 in this blog post

How SMEs can protect their IT environment in 2021

 

_____

Web application firewall is the protective shield for important web applications

The WAF is dedicated to the protection of web applications. All traffic to the web server first passes through the WAF, where the data traffic is checked for patterns.

This enables the WAF to detect and block attacks. This includes both general patterns such as cross-site scripting (XSS) or SQL injections - but also application-specific vulnerabilities, so-called zero-day vulnerabilities. 

Zero-day vulnerabilities are sometimes among the biggest problems of web applications. Normally, several days pass between the announcement of a security vulnerability and the publication of a bug fix. Again, important hours or even days pass until the bugfix is tested and installed by the customer. During this time, your application is at the mercy of attacks.

A WAF provides a remedy here. Enterprise WAF manufacturers package these newly published attack patterns into respective patterns so that even application-specific attacks are usually detected and automatically blocked within a few hours of being announced.

They thus bridge the time until the application manufacturer makes a patch available.

Which solution fits your company?

WAFs are available in a wide variety of designs and price categories. The differences are correspondingly large. From free open source projects to enterprise solutions - all promise the ideal protection for your web server. But what does it look like in practice?

Solutions that are integrated directly on the Linux server in Apache are widespread. This can make sense for smaller projects, but in the business environment we recommend a solution that focuses more on business applications and can thus also deliver zero-day protection within a very short time.

In principle, a distinction can be made between two approaches to business WAF solutions:

  • WAF functionalities integrated into the gateway (Next-Gen/UTM), such as with Sophos XG
  • or as a standalone solution, as offered by Barracuda for example

Implementations in UTM and next-gen solutions are usually very user-friendly, but not always extensive enough for larger projects. They are well suited for standard protection of common applications such as OWA or Sharepoint. With Sophos XG in particular, the WAF can be activated with a simple mouse click and configured within a few minutes.

A web application firewall configure within a few minutes

Dedicated WAF solutions, such as those from Barracuda, are recommended for complex web shop constructs and individual company portals with sensitive customer data or other information requiring protection.

Often, the dedicated products are designed in such a way that both simple configurations and complex and deep integrations are possible. If you already have a UTM or next-gen firewall with WAF functionality in use, in most cases you can simply activate it with a mouse click, provided the function is included in the licence. Manufacturers often offer the possibility to test such functions via a trial licence.

In addition to all solutions available on the market, such as Sophos XG and the Barracuda WAF, the Xelon Managed WAF can also be deployed within a few minutes at Xelon HQ.