Easy Read Time: 4 Minutes

Web application firewalls (WAFs) are a key component of corporate business security and can be found in about 70% of U.S. corporations. The best ones should find the right balance between efficiency, the effectiveness of security, and total cost. WAF ‘s role is to defend a particular application from Web-based attacks. Instead of securing ports including a network firewall, they have application-layer security, usually sitting between a perimeter firewall and a web server or web application server to make it much harder for malicious hackers to capture server or device information. A WAF’s main functions include application protection, the ability to screen out suspicious traffic and requests, signature-based security, and identification of anomalies. In addition to its core functions, WAF products are distinguished by the additional features they offer and their delivery method. Some WAFs incorporate load balancing, intrusion prevention (IPS), or convergence with feeds from the threat intelligence. Others are part of a larger Next-Generation firewall (NGFW) or UTM suite. They may be distributed as hardware or software appliances, or as virtual appliances. The cloud is a growing market for WAFs, but most are implemented on-site. WAFs that are deployed externally to web applications and are not directly deployed on web servers:

  • Physical, virtual or software appliances built on purpose
  • WAF modules embedded in Application Delivery Controllers
  • Cloud-based WAF service including WAF modules built into larger platforms, such as content delivery networks (CDNs)
  • Virtual Appliances Infrastructure as a Service Platform (IaaS) and IaaS Provider WAF solutions

The descriptions of some of the best WAs tools are as follows:

Imperva

Imperva can deliver strong WAF features as a traditional appliance and cloud-based WAF service but faces increased cloud competition. Imperva (IMPV) is an application, database, and file security provider based in Redwood Shores, California. SecureSphere is the WAF appliance of Imperva, and Incapsula is the cloud-based WAF, provided as a service. Imperva also has security testing services and offers SecureSphere and Incapsula WAF management support. All SecureSphere and Incapsula are mainly configured in blocking mode. The SecureSphere WAF is available for AWS and Microsoft Azure in seven physical and three virtual appliances, with two models each. There are also two types of physical and virtual devices for dedicated management. ThreatRadar is SecureSphere ‘s family of add-on subscription tools, available in five offerings: account takeover security, reputation feed, bot defense, spam prevention, and community protection. Imperva Incapsula can also be bundled with other services, including mitigation of DDoS and CDN functions. For many companies, Imperva is a reasonable choice. SecureSphere discusses instances of high-security usage in larger organizations, and Incapsula can be addressed by companies who use a cloud-based approach to secure public-facing web applications.

Features and Benefits

Imperva WAF defends against essential security vulnerabilities for web applications: SQL injection, cross-site scripting, unauthorized access to resources, remote inclusion of files, and other OWASP Top 10 and Automated Top 20 threats.  Imperva security analysts monitor the threat environment and update WAF with the new data about threats. Imperva WAF uses patented application profiling and correlated validation for attacks for accurate detection and minimization of false positives. Profiling dynamic apps learn all aspects of web apps, including directories, URLs, parameters, and acceptable user inputs. Correlating threat validation aggregates and analyzes individual stack-wide breaches. They detect attacks in conjunction and block only bad traffic with exceptional accuracy. Imperva WAF provides comprehensive graphic reporting capabilities for easy understanding and compliance with regulatory requirements. Imperva provides flexible and predefined reports. Quickly evaluating the security state of PCI, SOX, HIPAA, FISMA, and other standards of compliance, and streamlining the demonstration. Imperva service is PCI certified, highly customizable, SIEM ready, and ready for threats blocking with false positives. A simple GUI allows users to customize rules based on signal data such as IP credibility, URL slug, client type, number of requests, and geo-data according to their particular security needs.

Imperva WAF primarily integrates with the leading systems such as Splunk, ArcSight, and other for security information and event management (SIEM). It exports events as Syslog, CEF, and JSON formats, respectively. The Imperva WAF events are intuitively indexed for quick incident responses and it can be easily searched.

Security: Imperva WAF incorporates dynamic application profiling to understand all aspects of the typical activity of a web application, like directories, URLs, parameters, and user-acceptable inputs. This detects and blocks attacks accurately, with few false positives. It defends from attacks on the application layer like all the top 10 and even zero-day threats from OWASP.

Performance: Can scale by deploying multiple gateways managed from one single centralized management server to meet the requirements of the largest enterprise. There are no throughput or transaction restrictions about performance. 10 Gbps throughput, with a latency of less than 5 ms.

No Application changes: Provide full and exact application security without forcing companies to redesign their web applications.

No Changes to Current Network: This versatility ensures that implementation does not require improvements to the existing network architecture.

Unparalleled accuracy: It includes dynamic positive (white list) and dynamic negative security models (blacklist).

Value: The starting prices are relatively low despite the good performance and features. But, for larger deployments, that may change.

Implementation: The cloud-based WAF is supplied as a managed service and can run in minutes. On-premises WAF is delivered in the public cloud (AWS and Azure) as a physical appliance, a virtual appliance, or enabled. Deployment rates differ based on how they are deployed in the public cloud, the number of appliances, and other factors.

Management: the high-level WAF Lacks management reports, which could significantly improve the reporting to reach an enterprise-class level.

Support: Imperva customer service is extremely satisfactory to customers, citing the high quality, easy resolution of tickets.

Pricing: Pricing for small enterprises starts at $59 a month. Pricing begins at $6,000 for larger enterprises and increases from there depending on the amount of bandwidth and number of applications. The on-premises WAF is valued at $10,000 per appliance. Enterprise clients usually purchase four or five physical or virtual appliances and spend anywhere between $50,000 and $100,000.

Conclusion:

Imperva WAF protects against critical web application security risks. Its on-premises WAF is rated highly by analysts and should be a strong contender for midsized and large organizations. Imperva High Availability protocol (IMPVHA) offers sub-second failover and Inline network fail-open interfaces ensure availability in case of software, hardware, or power failures.  It provides centralized management capability; including management of profiles, status monitoring, alerting, logging, and reporting.

References

https://www.imperva.com/products/web-application-firewall-waf/

https://www.imperva.com/products/on-premises-waf/

https://www.predictiveanalyticstoday.com/imperva/

https://www.esecurityplanet.com/products/imperva-waf.html