If you have HTTP applications in the cloud—any cloud—there is a reasonable chance they will be vulnerable. Applications and the protocols they run remain prime targets for application attacks like SQL injection or TLS protocol exploits. In fact, in a recent report from WhiteHat Security, applications across a range of industry verticals were “Regularly Vulnerable 151–270 days a year” in more than 50 percent of cases. That means for the majority of organizations, over half your applications are regularly vulnerable half the time.
Cloud providers understand this. They have invested considerable time and money into securing theirinfrastructure and networks. They recognize the need for robust security and, in general, they have delivered on their end of the bargain, working hard to secure hypervisors, networks, the control plane, and physical security.
However, securing the application is a more difficult problem. The web application firewall, or WAF, has become the solution of choice to protect applications from application-layer attacks. Cloud vendors—engaged in their ongoing mission to provide better security for their customers—have started to offer WAF services. Application-layer security, however, has to strike a delicate balance between effective protection and operational simplicity, which makes it difficult for a generalized cloud service to offer anything other than simple and, frankly, easily defeated protection.
The thing is, running a WAF—any kind of WAF—is a complicated, high-value operation. It takes people, knowledge, and ongoing maintenance. If you don’t use the right technology, all that effort is wasted. Basic layer 7 protection tools usually rely on simple pattern matching. While this can be a valuable defense against some routine attacks, it does not constitute comprehensive protection for your applications.
Using a full-featured WAF—one that takes you beyond basic pattern matching into the realms of client identification, machine learning, and response inspection—is your best choice. You can choose the level of protection that each of your applications or services requires, and then implement appropriate controls. And while more comprehensive protection does demand more administration, feature-rich WAF solutions do come with better tools for centralized policy management and distribution.
If your application needs protection, then you might as well protect it effectively. Make sure you have the right technology in place to not only meet a corporate or regulatory requirement, but to proactively defend your application—and the business it supports.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.