Công Ty Cổ Phần Công Nghệ Nessar Việt Nam - Nessar


Web Application Firewalls: More Essential Than Ever

Array Networks WAF
Web Application Firewalls: More Essential Than Ever
Web Application Firewalls: More Essential Than Ever
Virtual meetings, online events, digital transactions and increased social media engagement is how many of us will remember changes brought about by 2020. However, as we scrambled to keep up with these changes, hackers took advantage of loosely protected applications, and cybercrimes skyrocketed.
According to The Hill, the FBI’s IC3 center reported 3,000 – 4,000 cybersecurity complaints every day, which is a jump from 1,000 per day pre-COVID-19. Take Zoom for example, more than half a million Zoom passwords were stolen and sold on the dark web. The scenario is indicative of the status quo for most applications today: in serious need of robust and adaptive security solutions.
So, how can you take strategic measures to make your IT security iron-clad and save your company from increasing web attacks and vulnerabilities? The answer is simple: understanding the key differences between various security solutions and learning which one actually protects your web applications. In this blog, we will discuss:
  • Why you need a web application firewall (WAF) vs. a traditional network firewall
  • 2020 cybercrimes: the tip of the iceberg
  • Risks mitigated by WAF technology
  • Array’s ICSA-certified WAF
Why You Need WAF Vs. Network Firewall
Many companies set up network firewalls, intrusion prevention systems and intrusion detection systems (IPS/IDS) and think their web applications are secured. This is far from the truth. Relying on a network firewall to protect web applications almost equivalent to leaving the doors to your web application open to hackers.
Think of web application firewall as an intelligent gatekeeper that operates on OSI level 7 and monitors the incoming and outgoing HTTP/HTTPS traffic. It filters and blocks out malicious or suspicious traffic and is more advanced than network firewalls in the sense that it protects your application against known and unknown vulnerabilities.
Web application firewalls are built to handle modern-day attacks, including zero-day, XSS, cookie manipulation, DDoS, and more. It protects applications like JavaScript, ActiveX, and Ajax.
Finally, WAFs operate independently of applications. This allows you to introduce a new feature into your application without getting thousands of false positive threat detections that new data flows cause.
Network firewalls, on the other hand, operate on OSI level 3 – 4 and protects network traffic and data transfer. A network firewall mitigates attacks like Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP), Secure Shell (SSH), and Telnet.
In other words, WAFs mitigate risks that circumvent the network firewall.
For industries like banking, hospitals, software, and hospitality, web application firewalls are a must-have. In fact, any application that facilitates digital transactions and/or saves customer records and credentials in the database needs a WAF.
2020 Cybercrimes: The Tip Of The Iceberg
  • Twitter’s spear-phishing attack took the internet by storm when verified accounts of high-profile personalities like Elon Musk, Bill Gates and Barack Obama were hacked. 130 Twitter accounts were hacked, producing 300 transactions making hackers a whopping $121,000.
  • Magellan Health, a Fortune 500 insurance company, suffered a ransomware and data breach attack that affected 365,000 patients. After carrying out a phishing scheme and deploying malware in the system, hackers stole employee credentials like personal information, employee ID numbers and sensitive patient information like W-2 information and social security numbers.
  • Microsoft’s data breach in January 2020 exposed information belonging to 250 million users, including e-mail, support case details, IP addresses, and more. Even though the company states personal information was not leaked, hackers could have secured information for future attacks. Therefore, no matter the size of the company, the need for security is unquestionable.
This is just the tip of the iceberg. There were countless data breaches, leaks and web attacks in 2020 that give us all the more reason to have robust and dynamic security solutions.
Now let’s take a look at some of the risks that WAFs can protect your applications against.
Array Networks WAF

Array’s WAFs are ICSA certified, which means they’re tested against the highest standards and the most dangerous threats like DoS, XSS, CSRF, information leakage, and other web application threats.

Our WAF was not susceptible to any of these threats, and it maintained integrity and confidentiality of the data. Moreover, Array’s WAF comes with extensive logging functionality and meets all persistency requirements expected of an advanced WAF. In other words, it is designed with enterprises and service providers in mind.

Talk to us today to protect your company’s web applications against known and unknown vulnerabilities and win your customers’ trust by securing their data!

Danh mục: Tin tức