Protecting web applications: get it right first time
Get our guide to Web Application Firewall Download
Planet Earth is home to roughly 5bn adult human beings. But there are at least 10bn endpoints on the Internet. No wonder organizations have fallen in love with web applications. The bad news is that cybercriminals can see the potential, too. As the attack surface expands, what’s the best option for defending your web applications?
Gartner hasn’t yet given up using the handy catch-all term “devices”.
But it has started using the expression “connected things” to cover everything from fitness wristbands to tracking devices in container ships. Worldwide, the analyst firm expects that 6.4bn connected things will be in use in 2016.
To this, we can add around 2bn smartphones, and the PC industry’s installed base of around 1.6bn.
The surge in Web application development
That’s a grand total of 10bn connected “things” and “devices” on a planet that contains approximately 5bn adult humans.
As endpoints multiply, enterprises are racing to develop new and improved applications to reach them. Not only that: they’re trying to develop those applications faster than ever before. Digital transformation has become the overriding mantra in executive offices.
However, as Web applications have become pervasive, they have become the target of choice for hackers. It doesn’t help that web applications are notoriously vulnerable. The combined result is that around one-third of recorded data breaches are attributable to web application attacks.
More and more, the question of how to protect Web applications looms large for all enterprises.
What about the applications beyond the application layer?
One thing’s for sure: you need more than the promises of “application layer” protection so frequently advanced by salespeople selling Intrusion Protection Systems (IPS).
Let’s be clear: an IPS will detect threats associated with the main protocols in Layer 7 of the OSI’s long-established networking reference model: HTTP(s), DNS, SMTP, SSH, Telnet and FTP.
But this won’t necessarily protect the higher level applications – web servers, databases and CRM systems — on which your web operations depend.
Similarly, Network Firewalls (NFs) provide a specific and limited kind of protection. Confined to Layer 3, NFs often lack the kind of granular approach to access controls required to protect high-end applications.
Minimizing weakness: is that enough?
Of course, Next-Generation Firewalls (NGFWs) attempt to minimize the weaknesses of NFs and IPSs by combining both technologies in a single appliance. In the end, however, you’re left with explicit detection and protection capabilities that resemble an ordinary IPS.
Perimeter firewalls and IPS are fine — up to a point.
What’s needed is something that actually understands the specific threats faced by web applications and how to protect them. In this detailed white paper, we argue the case for a composite application-aware solution that does a lot more than patrol the network perimeter.