Companies looking to avoid the disgrace of losing confidential customer data via a compromise of publicly accessible Web applications should seriously consider deploying a Web application firewall. eWEEK Labs reviewed two of the most recent releases: Imperva Inc.s SecureSphere 3.3 Dynamic Profiling Firewall and Kavado Inc.s Defiance TMS.
Although Web application firewalls add layers of complexity and cost to the public network, they provide in-depth and accurate protection for Web applications—isolating problems that traditional firewalls and IPSes (intrusion prevention systems) miss.
Web application firewalls provide positive security protection based on compiled profiles of legitimate URLs, fields and buffer lengths. These profiles provide a base line of expected and real application behavior and allow Web application firewalls to be configured to allow only legitimate traffic.
The newest Web application firewalls provide improved application learning routines and integration with application scanners. These features help ease the process of accurately configuring profiles that closely model true application structure, enforcing legitimate behavior from users, minimizing troublesome false positives and helping to avoid zero-day attacks.
Web application firewall vendors are expected later this year to add features and hardware capabilities to their products that will blur the distinction between devices providing Web application defense and those accelerating applications.
Web application firewall vendors such as Teros Inc. and NetContinuum Inc. already provide compression to back-end servers to improve resource utilization. In addition, with F5 Networks Inc.s purchase last year of MagniFire WebSystems, we expect to see F5 merge Web application security technology into its flagship Big-IP line by the end of the year.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.