Hybrid Cloud WAF is the answer. Now what was the question?
Let’s back up a minute. There is an ancient riddle which goes something like this:
You are walking down a path and come upon a fork in the road. One side is the good path and the other side is the bad path. However, you don’t know which one is which and both paths are guarded by identical twins. One guard tells the truth and the other, always tells lies. If you want to take the good path, what should you ask the guards? You would ask “which path would your brother go?” Then, take the path opposite from where they are pointing.
What does this have to do with hybrid cloud web application firewall (WAF)? Well, this is very analogous to the selection of cloud security WAF options available today.
The truth today is that the industry has come upon a fork in the road. One path is the good path; the other is the bad path. Let’s illustrate why and provide you with the proper questions to ask so you can know the difference between these paths.
Why is Hybrid Cloud WAF So Compelling?
Something profound has been occurring recently which has accelerated a tipping point – the migration of business applications to non-premise or off-premise cloud providers. The likes of IBM and others robustly declared at the InterConnect Conference this year that the cloud can no longer be categorized as private or public – but instead has shifted to a hybrid state.
To remain competitive and relevant, every business must transform and adapt. Radware’s new whitepaper examines three major reasons behind the idea of cloud being synonymous with “hybrid”:
1. Most companies will retain some internal application delivery infrastructure
Most businesses simply aren’t positioned to move all legacy applications to the cloud. Starting a hybrid cloud approach does not require a complete migration of traditional IT infrastructure to a public or private cloud.
2. Dedicated infrastructures are a luxury
This will make most companies uncompetitive vis-à-vis hybrid competitors. The verdict is in about the merits of virtualization and cloud in that it unleashes hidden efficiencies which were often elusive to classic data centers in the past. At its core, cloud was designed to take the complexity of virtualization away from the end user and fully enable self-provisioning and speed to service delivery.
3. Information Security and Compliance
From the inception of cloud delivery models, security has provided the anchor to adoption because of concerns of inadequacies. In the end, most companies who are “cloud-ifying” applications from more traditional deployments found themselves with fewer options and features in which to secure applications in the cloud.
The task of keeping a business up and available while orchestrating various cloud delivery service models is non-trivial. Similar to the change of just-in-time inventory in manufacturing models, the cloud, with all its cost and agility benefits, ushered in a whole new era of requiring a high degree of uptime. The issue of uptime is multi-faceted. There is a need to cover numerous categories of security threats such as volumetric vs. non-volumetric attacks, bots vs. humans, multi-vector attack campaigns and web exhaustion techniques.
Current Challenges with Cloud WAF in Hybrid Environments
Current technology shifts have changed business leaders’ expectations of IT and disrupted many of the security models we’ve come to expect. These changes have resulted in complications for security professionals dealing with different operating environments and also a loss of visibility to the overall ‘business’ picture. Businesses are now looking for IT to respond in hours or even minutes compared to what used to be days or weeks. Organizations need to have the ability to detect threats with high quality in one location and react to those revelations in all operating environments in real time, and then orchestrate changes to the affected systems quickly and universally.
Today no single web application firewall technology exists which addresses these problems. Solutions offered by security vendors today do not include a web application firewall that covers both on premise and cloud protection. This lack of integration between on premise and cloud protection leads to limited visibility in the attacks and attackers on your network. Organizations cannot differentiate attacks that occur in the cloud from attacks on premise. Was it the same vulnerability? Was it the same perpetrator in both attacks? These questions simply cannot be answered because your quality of detection is limited. Organizations need to be able to mitigate a security problem on premise and in the cloud.
The need to secure applications on premise, in the cloud, and during the transition period from on premise to the cloud requires a hybrid solution that allows simple policy migration from the premise to the cloud to support seamless migration process without exposing the newly migrated applications to web attacks.
Radware Hybrid Cloud WAF
Today Radware introduces a Hybrid Cloud WAF Service that provides a fully managed and always-on, cloud-based web application firewall service. It’s the industry’s first hybrid-based cloud WAF service with integrated CPE and cloud WAF technologies and it is a single vendor solution, with fully integrated management and reporting that protects both cloud-based and on premise applications.
Unmatched Web Application Protection provides full and unparalleled protection from web application-based attacks and is the only WAF in the cloud that provides full coverage from the OWASP top – 10 attacks. It is ICSA Labs certified, supports both negative and positive security models and the unique ability to generate policies automatically.
Fully Managed Security Services include 24×7 support, proactive log review and analysis, system monitoring and auto policy generation. The service is backed by Radware’s Emergency Response Team (ERT) – a dedicated group of security experts that actively monitor and mitigate attacks in real time.
An Easy, Flexible Model offered in a simple, OPEX-based model with 3 packages to choose from (Silver, Gold & Platinum). It’s simple to setup with no deployment process or download/install items needed.
Always-On DDoS Protection includes anti-DDoS behavioral analysis and IPS protection from network and application downtime, application vulnerability exploitation, malware spread, network anomalies, information theft and other emerging cyber-attacks.
Now, let’s return back to the riddle which started this discussion.
You are walking down a path and there is a fork in the road. One side is the good path and the other side is the bad path, however you don’t know which one is which. My suggestion is to always choose the most thorough security coverage – that will keep you covered for any path.
Michael Groskop is the Director of Web Application Security at Radware. With 10 years of experience in the Web Application Security space and over 16 years of experience and leadership in product management and software development management positions, Michael is responsible for R&D and Product Management for Radware’s Web Application Firewall, Authentication Gateway, and Hybrid Cloud WAF products. Michael writes about web application security, authentication, and the delivery of secure cloud applications.