As the threat landscape evolves, so must our security controls and countermeasures. The most advanced perimeter threats for data loss or exfiltration occur at the application layer, rendering most next-gen firewalls (NGFW) and intrusion prevention systems (IPS) much less effective. This effect is compounded by the fact that most communications are moving to encrypted data channels not well-supported by NGFW or IPS, particularly at scale. Web application firewalls (WAF) are specifically designed to analyze each HTTP request at the application layer, with full decryption for SSL/TLS.
In recent years, most WAF technologies have remained largely unchanged, as passive filter-based detection systems, much like the related NGFW and IPS technologies. WAF systems apply protocol compliance (ensuring a well-formed request) and signature comparisons (ensuring no known malicious content) to filter and block potential attacks. Additional features have been added to enable session- and user-awareness to fight hijacking and brute force attacks, and IP reputation feeds are applied to attempt to filter out known-bad sources such as botnets, anonymizers, and other threats. These are still largely passive technologies at the data center perimeter, with very limited capacity for interrogating the client.
There are a few things we know about the current threat landscape:
Simply put, these attacks bypass virtually all traditional WAF detection mechanisms since they often do not appear malformed in any way. IP address reputation feeds are of limited effectiveness due to the almost inexhaustible supply of easily compromised targets, including cable modems, IoT devices, public cloud server instances, and more. Source address information changes too rapidly for even a crowd-sourced feed to be very effective in combatting the level of automation typical of these attack vectors. A more advanced web application firewall is clearly needed to fight these threats.
The good news is that Advanced WAF technology is already available and has been for some time. F5 pioneered technology for CAPTCHA-free detection of bots attempting to scrape price data from online retailers nearly a decade ago, when Web Scraping protection was introduced in 2009. F5 has progressively advanced that technology and expanded it into what is now known as Proactive Bot Defense, introduced in 2015. Proactive Bot Defense (PBD) enables interrogation of the requesting client to verify that a human user with a legitimate browser is present. This is a far more effective solution than relying on blocking known botnets by IP address.
With the new F5 Advanced WAF offering, F5 is expanding on their market-leading WAF technology to include capabilities necessary to combat the evolving threats seen in the application security landscape. Advanced WAF includes:
The F5 Advanced WAF is a dedicated security platform to deliver the most advanced application security capabilities available on the market today. F5 is committed to providing cutting edge application security solutions to mitigate even the most sophisticated attacks. Look forward to more advancements on the Advanced WAF platform in the future.