Sitewall logo
Try Now

Next Generation WAF

Writent by

Published On

Next Generation WAF

CERT-In on 28th April, 2022 has issued a list of 20 types of incident that every organization must report within the six-hour window. For the first time, there has been substantial emphasize on incidents related to websites and web applications such as Defacement of websites, unauthorized changes, targeted scanning, attacks on web applications like E-governance and E-commerce, data breach and data leak.

Inclusion of websites and web applications in this list is not a surprise. Websites and web applications have always been targeted as an easy target and low hanging fruit by the hackers. The Indian government reported more than 26K plus website breaches in 2020 and 2021 simultaneously. These numbers are just the tip of ice burg, as it includes the known reported breaches. These numbers doesn’t account for any non-reported / non-detected incidents which according to us will be significantly high. 

 

Most of the organizations fail to detect a breach. The mean time to detect (MTTD) any breach by an organization in Asia is still more than 20 plus days. If you remove Ransomware (since ransomware breaches are easily visible and detected with hours) from these breaches, the time to detect breaches drastically increases to 36 days in Asia. 

The internet users count in India has increased to 640M subscribers by the end of Dec-2021. Covid 19 played an important role in this increase in Internet subscribers, as remote working (Working from Home WFH) and online education was introduced across the country in our day to day lifestyle. Organizations had to adapt to the newer ways by shifting their traditional operations to online within weeks, to keep them functional. Organizations ended opening various critical internal applications like CRM and HRMS over Internet for their users working from home. Cloud adaptability also drastically increased and assisted organizations to move faster in getting functional, as well as helping them move forward in their digital journey. The focus of the organization was to get the business operations functional quickly and security as always was an afterthought, which might have resulted in 26K plus breaches in last 2 years, enforcing the government to include website and web applications in the critical incidents list.

 

Many organization have on premise Web application firewall (WAF) which can’t protect applications moved to the cloud. Most of these WAF’s are hardware based or virtual instance. Customer hosting applications in multiple clouds (e.g. AWS, Azure, Google cloud) have to install one instance of Virtual WAF’s in each cloud. This increases the complexity of administration and management. While fine tuning of rules is a major issue in traditional legacy WAF’s, it also lacks advance features like Defacement, vulnerability management, web-shell detection, malware scanning for any uploads, scalability (scale as you grow) and performance. Custom rules attached to the legacy WAFs have often proven costly to write, manage and to maintain and contributes to the  impact of the performance of the WAF. 

New generation WAF’s take advantage of true cloud, as they are built-in cloud and are built for cloud. Visibility and Security are the core aspects of design consideration in these next generation WAF’s which facilitates its users (Administrators) to make informed security decisions. Legacy WAF are often black boxes with minimal visibility and they don’t adequately show the reason of blocking a web request. Hence they are rarely operated in blocking mode. With AI and ML engine integrated with threat intelligence, the next gen WAF relies on identification of the intent behind a request as opposed to waiting for the request to be detected as malicious using signatures. They also provide details explaining why a block was made. This brings the visibility aspect of security and helps the developers understand how malicious traffic is targeting their application, so they can address those vulnerabilities and gaps in their next development cycle. 

  

Most, if not all of these next gen WAF’s are deployed in in-line block mode from day 1. They also have advance features such as defacement detection, web-shell detection, malware scanning and vulnerability assessment to provide you 360 degree view of your applications. Next gen WAF seamlessly integrates with SIEM and SOAR platform to further correlate and investigate, if necessary to identify and report a breach. 

  

If this blog makes you rethink about your website and web application security, you are not alone. 93% of the organizations are planning to consolidate and deploy a robust next gen Web application firewall to improve security efficacy and gain visibility. Switching to a new security solution can be a scary process but it’s even harder to recover from a major security breach and report the incident as per the new security guidelines. 

  

Investing your time in this project can lead to greater change in your business, helping you to make your website and applications more secure.

Want to have a Demo?

Please register

Register

Post Tags

More Post

Article, News & Post

Recent Post

Read experts perspectives and industry news.

All Article
Sitewall Logo

Want to have a Demo?

Please register

Register
Linkedin Youtube
Company
Support
Get In Touch
Contact Us

Copyright © 2018-2024 PageNTRA Infosec Pvt Ltd. All Right Reserved.