What the WAF? IronBee Wants To Be The WAF Standard

Compliance and Web App Usage Is Driving Us All To WAF

How's your WAF? What you don't have one? You probably should. Up until a few years ago, web application firewalls were a little understood and even less deployed weapon in the security practitioner's arsenal. But two things happened to radically change that and make WAF a must have. One was the explosion of web based applications and the second was the PCI Council mandating that internet connected merchants use the technology.

These two factors have really driven the WAF market. Today there are several successful commercial WAF products available in the market from both security start ups and established security vendors. However, there has been a huge gap in the open source security space for an open source WAF. As I reported from RSA a few weeks back, two open source WAF's were announced at the show.

One is from the German based company, Art of Defence. I met with thier CEO last week and will have a follow up on that shortly. The second open source WAF is called IronBee.  It is backed by Qualys with help from other companies. Ivan Ristic, director of engineering for Qualys is the driving force behind IronBee.  Ivan was previously the creator of ModSecurity. An early open source security tool that many had used for its WAF like capabilities.

I had a chance to sit down with Ivan and talk about the plans for IronBee. The interview runs a little long, about 19 minutes. But if you are interested in WAF and open source, it is a great listen. Also they are very much looking for help in getting IronBee developed, so if you have an interest in helping out, please do so! In the meantime have a listen:

For those not familiar a WAF sits either in front of your web server or sometimes can be an agent on your web server and is looking for malicous behavior aimed at your web based application. In some ways it is more of an intrusion prevention system for web applications more than a firewall.  Some WAFs also have DLP or data leak prevention capabilities. As WAFs are a realitively new technology exactly what they do can differ from vendor to vendor.

Of course therein lies the problem. Even between the two open source WAF's announced at RSA there are significant differences in what they do and how they do it. It will be interesting to see how that plays out.

IronBee builds on the lessons Ivan learned on Mod. It is not trying to be everything to everyone at this point of the game at least.  With his background Ivan is an excellent choice to head IronBee up and with Qualys, Akamai and others behind it, it should be a real winner. 

So if WAFs are your thing, take a look at IronBee and if you feel like it, maybe give Ivan a hand!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT