WAF stands for Web Application Firewall. A WAF is  a virtual or physical appliance whose main objective is to act as a protection layer. By filtering or blocking malicious traffic, WAFs keep threats away from web servers and, therefore, from websites.

What is the difference between a Firewall and a WAF? 

WAFs are installed before web applications and analyze the web traffic (bidirectional) between the web server and the Internet. The main difference between WAFs and regular firewalls is that WAFs filter the content of specific web applications while regular firewalls just protect the traffic between servers.

And between IDS/IPS and WAFs? 

WAFs go a step further than IDS/IPS and protect against SQL injection attacks, XSS attacks, Cross Site Request Forgery (CSRF), DDoS attacks or cookie poisoning, among others.

Types of WAF:

According to SANS Institute, WAFs can be:

  • Positive security: The logic is the same as in a whitelist. Only secure traffic (according to the rules previously established) is allowed, the rest is blocked. 
  • Negative security: The logic used in this case is distinct from the previous case. All requests are accepted except those that have been previously marked as potentially malicious.

Why WAFs fail to protect web applications from hackers? 

A WAF is a preventive measure. In the case of the negative approach, it is impossible to stay updated on the growing number of threats and inevitably, some threats will not be stopped. On the other hand,  the positive approach tends to be too restrictive and over blocking, which is a problem given that we are talking about business or customer web applications.

The solution:

Since WAFs can´t offer a complete protection, a definitive solution is needed. One that does not depend on updates, rules or learning processes. A solution that goes  a step beyond  and that not only protects against known threats but from everything. That solution exists and it is called “web isolation“.

Find out how RITech can help you protect your business when WAFs are not.

Follow us on Twitter and LinkedIn to hear out our latest news and remember that you can also subscribe to our blog!.