From Digital Defiance To Commercial Compliance

1384 0

How Advanced WAF can bolster app security

The boundary between data compliance and breaking the law is becoming increasingly fine.

As the EU General Data Protection Regulation (GDPR) tears up the rulebook for how organisations digitally trade, how can you be sure both operations and customer data are safe and sound?

The most rigorous regulation of its kind in the world, GDPR raises the bar for citizens’ data rights and significantly alters our collective attitudes to personal data. For example, citizens are now empowered with the right to anonymity and can force companies to relinquish their credentials upon request. Its impact is being felt well beyond the EU’s borders, as anyone doing business with the region will have to adapt and comply.

Managing these sprawling legal implications against a backdrop of relentless digital complexity and ambition throws up a multitude of new challenges. More than ever before, your customers’ data is only as safe as your security solutions.

According to intelligence from F5 Labs, web app attacks are the number one single source entry point of successful data breaches. Notable keys to the digital kingdom include compromised credentials, keys, session tokens, and a raft of other implementation flaws that allow attackers to assume other users’ identities, steal data, and compromise networks. WhiteHat’s 2017 Application Security Statistics worryingly notes that, on average, web apps are hampered by three distinct vulnerabilities. Purportedly, this is due to either a lack of investment in penetration testing and remediation, a misunderstanding of cyber risks, or an absence of the right security tools to mitigate vulnerabilities.

Difficulty of defence

F5’s 2018 State of the Application Delivery (SOAD) report flags how the spread of multi-cloud deployments has vastly changed the web application protection game. In EMEA, applying consistent security policies across all company applications was deemed to be the “most challenging or frustrating” aspect of managing multi-cloud environments (42% of surveyed F5 customers). In addition, 39% believe the biggest challenge is protecting applications from existing and emerging threats. SOAD 2018 concludes that this has led to an increase in organisations deploying Web Application Firewalls (WAFs), with 61% now using the technology to protect their applications.

It is easy to see why. A central part of any respectable cybersecurity arsenal, WAFs can stop attacks before they reach your apps and provide critical security controls to protect invaluable data both on-premises and in the cloud.

However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. Automated malicious bots, viruses, and trojans are just some of the culprits endangering apps, which are the prime hotspots of personal data storage.

Web application security is can be time-consuming and costly, especially when it comes to developing and maintaining comprehensive web security controls. Security efficiency and ease of management are the most critical requirements for a modern WAF, which needs to be easily deployed wherever the applications live (i.e. in the DMZ, close to the internal Web applications and services, in the cloud). It needs advanced detection capabilities to block zero-day attacks without generating false positives.

The good news is that affordable, advanced WAF solutions are starting to come into play, offering a range of previously unattainable benefits including:

  • Providing strong, adaptable security for every app, whether on-premises or in the cloud
  • Defending web and mobile apps against malicious bots and exploits
  • Preventing account takeover and stop large-scale credential theft and abuse
  • Ensuring credential protection that encompasses theft prevention, as well as mitigation of attacks that use previously stolen credentials (i.e. credential stuffing)
  • Ensuring app-layer DoS mitigation, including automated configuration tuning, client and server behavioural analytics, and real-time dynamic signatures
  • Helping organisations secure apps across multi-cloud environments and achieve better performance, faster response times, and greater cost efficiencies

Time to advance

As new EU borders of business compliance are drawn, an advanced WAF solution can deliver peace of mind. Not only does it help organisations meet compliance standards, it also safeguards against sophisticated threats targeting the most valuable assets out there: apps and sensitive data.

About Ralf Sydekum
Ralf Sydekum, Technical Manager at F5 Networks

In this article