As the saying goes in the real world, “necessity is the mother of invention.” However, those of us that work in the technology sector know that this isn’t always the starting point or source in our arena. There are volumes of cautionary tales and vast, virtual graveyards of “products looking for a problem to solve.” Often, these come about when vendors look across their technology portfolio and identify logical interactions that only they can see. Other times they occur through overzealous business development efforts, a sort of unfortunate “you got your chocolate in my peanut butter” scenario where the result tastes anything but sweet.
But there are certainly examples where the combination of technologies delivers on unique value propositions. And sometimes those initially to a smaller segment of certain markets, those on the leading edge of pushing new requirements, often the result of being among the first targeted with advanced threats. Such is the story of the intersection of Distributed Denial of Service (DDoS) and Web Application Firewall (WAF) technology, an area of intense concentration for the Radware team for some time.
We have customers that have been enjoying the benefits of coordinated attack protection across these technologies for many years, but last week at the Gartner Security & Risk Summit in Washington, D.C. this particular intersection got a big boost in focus and attention through a committed analyst session on the topic.
As has been the case for the past several years, the Gartner Security & Risk Summit provided a highlight to the early summer security events schedule. The annual collection of analysts, vendors and practitioners once again brought to the surface many new and important topics and discussions around cyber-security. The usual topics of cloud, APT and vendor comparison were featured on a full agenda that also took close looks at things like insider threats, information sharing and vendor collaboration.
Leading up to the event, I reviewed the entire agenda to decide which sessions I needed to attend, and one particular session jumped off the pages for me. Lawrence Orans and Jeremy D’Hoinne, leading analysts in the areas of DDoS protection and WAF respectively, co-presented in a session titled “Protecting Your Website Against DDoS and Other Threats.” The focus of the session was largely around this intersection of DDoS and WAF, a fact that we naturally see as full validation that the market is now in-tune with the importance of coordination across these technologies to provide successful protection from today’s complex, coordinated attacks.
One some level, the session was neat to see just in terms of having these two lead analysts together on-stage validating the intersection. The session also had a number of strong points and highlights, in particular the focus on “getting beyond the yes/no” when discussing capabilities and features with vendors. In other words, when you ask a vendor if they can do A, B and C, don’t take them at their word or base it on their marketing materials. Actually vet their capabilities in these areas.
Why is this so important?
Well, as the session highlighted, there are any number of solutions that can address the run-of-the-mill attack tools and scripts. But an increasing number of attacks cannot be blocked by the common reputational databases and/or static signature databases. Specifically, the session referenced that 10% of attacks get past these types of security functions, enough that should concern anyone serious about security.
There was one aspect of the session that I had some disagreement with, related to the level of technical integration between some of the bundled solutions. The basic message here was that today, most of the vendors offering a bundling of DDoS mitigation and WAF capabilities offer more of a ‘marketecture’ type bundle that has the benefits of vendor consolidation, streamlining procurement and also offering some price breaks on the combination of services. Also discussed was some basic capabilities around coordinated visibility across the services.
While true for many of the vendors highlighted in the session, this perspective actually overlooks an area of huge investment (and customer value) for Radware. Our technologies for both DDoS and WAF feature what we refer to as ‘Defense Messaging,’ a robust communication that’s much deeper than typical health checks or simple signals to include intricate details about DDoS attacks, normal traffic, or changes to applications. All of this helps our solutions increase effectiveness against the growing number of attacks that will leverage multiple vectors across application and network attacks to circumvent protections.
In a twist of irony, I am the guy that often briefs these analysts on our capabilities, so really this means I need to do a better job of educating them on this feature. But the session and the event as a whole offered a great view into the areas of focus for one of the leading analyst firms assessing evolution in security requirements and solutions. And as an undeniable indicator of the direction of many of their enterprise clients, the increased focus on the intersection of these two technologies was a positive takeaway for all challenges by protecting their websites and applications from more advanced attacks.