Choosing A WAF Solution? Third-Party Evaluations Can Help

In today’s new digital business model, consumers and employees both require immediate access to data and resources using a growing number of endpoint devices. To meet these demands, organizations are increasingly reliant on web-based applications and agile development strategies to keep those applications updated continuously and tuned to evolving requirements.

In this new paradigm, Web Application Firewalls (WAF) play an increasingly critical role in protecting users, devices, applications, and resources from threats by inspecting and safeguarding HTTP connections and preventing web-based attacks such as cross-site scripting (XSS) and SQL injection.

For every externally facing application, however, there may be dozens of associated back-end components that are unseen, but which can be equally vulnerable to these sorts of web-based attacks. Making an online purchase, for example, may trigger applications that check inventory, send a pull request, process payments, coordinate shipping, and update the customer’s database file.

Attacks that interrupt or hijack any of these processes can have severe consequences for a business and its customers. Because web-based applications are so widely distributed and can traverse a such a wide variety of back-end network environments, protecting them requires WAF solutions with a similarly extended span of control.

In Gartner’s latest Magic Quadrant for Web Application Firewall MQ report for 2018, Fortinet has been placed in the Challenger quadrant, while also showing continued movement in ability to execute, closer to the Leader quadrant. Fortinet believes that a key differentiator of FortiWeb is that it does not operate in isolation.

In fact, FortiWeb is deeply integrated with other security solutions, making it a uniquely integral part of a broader, more holistic security fabric strategy.

Today’s sophisticated threats rarely occur in isolation. Instead, they are often part of an intricate attack strategy that relies on things like misdirection, multi-vector exploits, and hiding malware applications and traffic to evade detection.

While an isolated WAF solution may pick up on one critical component of such a strategy—the compromise of a web-based application or the insertion of web-based malware — it’s rarely able to identify the entire attack chain and intervene holistically.

Evaluating WAF alternatives takes time, and the resources provided by such tools as Gartner’s Magic Quadrant for Web Application Firewalls report and NSS Labs certifications are extremely valuable. However, any WAF solution you ultimately choose needs to also fit seamlessly into your existing security architecture and augment your existing security profile.

Issues like compatibility, integration, and performance are equally crucial and can mean the difference between a successful implementation or a logistical nightmare. But the potential to protect your growing reliance on web applications is worth the time and effort.