What is a WAF?
It wasn’t that long ago when a premise based Firewall deployed at a branch office or data center was common place. If you think about how traffic was deployed and used prior to mobile connections, it was mostly hub and spoke. This had advantages such as control of traffic coming into a handful of locations and managing that traffic across firewalls and bandwidth seemed simpler at the time.
Fast forward to the 21st century where proximity based traffic must arrive fast and efficiently serving content to its users or lose subscribers….an imminent death if you’re a content marketing professional.
Web Application Firewalls have now burst on to the scene especially with Cloud workloads requiring some sort of protection across the internet. Most WAFs serve as a reverse proxy in front of whatever web application or service required for protection. What’s great about a WAF is the hardware, software, monitoring etc is handled by the service provider compared to you the operator maintaining all of this across the globe. WAFs also can serve as a service meaning as you need increased bandwidth, additional applications (say you have a few Amazon S3 buckets exposed) etc, you can scale up or down as required. There are some disadvantages where you really need to know where the routing and latency occurs across these WAF deployments. Why? For one, having a WAF in-line to your connection (the firewall receives your user requests first) will already add an additional routing hop and with that some sort of latency. So, if your WAF deployment is in one part of the world and your SaaS application for example is nowhere near it, you will have tremendous amount of latency and thus a poor user experience potentially.
Most WAF providers conform to the OWASP guide and often you will hear the OWASP Top 10 reference which is updated regularly.
So who are some of the WAF providers in the industry? Here’s a Gartner Peer Insights review of some of the major players for your review. You might be wondering, what is WAF in networking and how do I take advantage of it? First, it depends how your applications are deployed. For example, if you have a private MPLS WAN where applications are internal, there would not be a WAF deployed as outside access (shouldn’t) be accessible.
Ok, so if that’s a private WAF network myth busted, what is AWS WAF then and how is used. AWS is one of many options for web application firewalls and serves certain use cases. If you are looking to protect your environment within the AWS platform it’s a great option and comes with an excellent set of APIs. However, if you require a vendor agnostic mult-cloud option, you might need to explore other options as some providers will only protect within their core infrastructure topology. What is WAF security good for if you can’t transport it across platforms? For one, it does add some complexity if you have to manage multiple panes of glass between providers, however in a test/dev set of workloads, keeping applications tidy and locked down from all BOTS, (even traditional Whitelisted bots) does offer some piece of mind.
At Macronet Services, we help evaluate, design and provide benchmarking across major providers before an organization decides on the best option. Provider agnostic, cloud specific or proximity based WAFs are just some of the introductory areas we suggest to our clients. So the next time someone asks you what is a Web Application Firewall you will have a good answer to continue with the conversation.
Related Posts
3 Comments
Comments are closed.
Recent Posts
- What is DocuSign and how it can make your business more efficient in 2025
- ServiceNow’s AI-Powered Future: Leading the Enterprise Digital Transformation
- Data Center Colocation vs. Cloud Hosting: Making the Right Choice for Enterprise Infrastructure
- How to Choose a Data Center Colocation Provider: A Comprehensive Decision Guide
- Should you purchase DocuSign or Conga Composer: Which is the correct option for Enterprises in 2025?
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- December 2020
- September 2020
- August 2020
- July 2020
- June 2020
Categories
- Uncategorized (1)
- Security Services (70)
- Cloud SaaS (57)
- Wide Area Network (300)
- Unified Communications (196)
- Client story (1)
- Inspiration (7)
- Tips & tricks (24)
- All (11)
- Clients (12)
- Design (3)
- News (260)
- Music (1)
[…] to deploy apps should not outpace security. Are you new to what a WAF is? Read our prior post on What is a WAF, as it focuses on the very basics, how they align with OWASP and more great […]
[…] Security posture – Taking advantage of key resources such as Web Application Firewall (WAF)and Bot mitigation affords a business the ability to use any cloud resources protected […]
[…] on-ramp access to the necessary assets for your Cloud deployments. For example, if you needed a Web Application Firewall (WAF) you can easily deploy a connection directly to Cloudflare, one of their partners in the […]