- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Over the next few months Web application firewall vendors Citrix, F5 Networks, Imperva, NetContinuum and Protegrity will add features that let their products take on bigger roles in speeding traffic to server farms and better protecting networked corporate data.
While traditional firewalls have blocked packets effectively at Layer 3 for years, they are proving ineffective against attacks that prey on application weaknesses. Web application firewalls detect application anomalies and whether sensitive data - such as credit card and Social Security numbers - is being tapped and can block or mask it.
Many businesses with Web applications get along without Web application firewalls, says Rob Whiteley, an analyst with Forrester Research. Most protect the traffic with SSL encryption, and some use SSL VPNs to make sure authorized people are connecting to the Web applications.
But high-stakes financial services businesses, for instance, often turn to these devices, Whiteley says. "Application firewalls are for those who cannot afford to have anything go wrong. It's not like you're leaving a gaping hole by not having an application firewall," he says. "It's just giving yourself an extra measure of protection."
Web application firewalls are being integrated with load balancers and application switches that ensure the availability of Web applications to create products that address accessibility and security at the same time.
"We think the application firewall is going to go away and be replaced by something that is a little more availability- and assurance-focused," says Andrew Jaquith, a Yankee Group analyst.
Such platforms work to keep servers available to end users and safe from attacks. They also make sure that the traffic moving in and out of data centers is not compromised, he says.
Stand-alone Web application firewalls examine HTTP and HTTPS traffic at the application layer, looking for attacks that try to slip by as legitimate application flows. "The products are defending against people that are trying to use malicious attacks to cause Web sites to disgorge sensitive information or for break-ins," Jaquith says.
Start-ups Teros, MagniFier, Kavado and Sanctum, all bought by others, made these devices. Citrix bought Teros, F5 bought MagniFier, Protegrity bought Kavado and WatchFire bought Sanctum.
| Things to know about Web application firewalls While they protect applications from such exploits as buffer overflows and format string attacks, application firewalls are a targeted defense mechanism that doesn’t solve all Web security problems. For instance, they: |
||||||||||
|
While these vendors approach the problems of accelerating and securing Web application traffic differently, they share a common spot in the network: in front of application servers. The features they offer can include load balancing traffic among servers, compression, encryption, reverse proxying of HTTP and HTTPS traffic, checking for application conformance and pooling TCP sessions.
For its part, Citrix aims to merge its Web application firewall with its application switch, so the device will distribute traffic to servers and also parse it for application-layer attacks, the company says. This integration is scheduled for the second quarter of next year, according to the company.
Expect NetContinuum to add software tools next year that make configuring application-security policies easier, says Varun Nagaraj, CEO at NetContinuum. The company also is considering what role its application gateway might play in identity and access management, under schemes such as Security Assertion Markup Language, which relies on applications to authenticate users.
F5 will look to protect XML and SIP traffic to support Web services and VoIP, says Erik Giesa, vice president of product management and marketing for the company. It also is looking to add WAN-acceleration technology to its platform and to produce a software developers' kit to encourage the creation of self-securing applications that could block traffic when they discover breaches. To do this, the application would tie into software governing F5's Big IP application switch to cause a rule change within Big IP that would block suspect traffic.
Imperva plans to develop auditing and assessment tools that help customers comply with such regulations as the payment-card industry standard, the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act for protecting private information, says Shlomo Kramer, Imperva CEO.
Protegrity expects to blend its database security gear with the application-protection software it got with Kavado, says Jeannine Bartlett, vice president of product strategy and development for Protegrity. "Our releases in the coming year are directed at back-end reporting, statistics, metrics, mapping specific applications to customers' various needs to comply with regulators. That's what larger corporations are really looking for," she says.

Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...

Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...

We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment