How to find a great web application firewall.
Why is a Website Firewall Important?
A web application firewall (WAF) prevents website hacks and data breaches. Visitors trust you to keep them secure. Ecommerce sites that take credit card payments must be compliant with the PCI data security standards–even if it uses a third-party payment processor. Regardless of the size or type of website, a WAF will protect the integrity of your content, your website traffic, and your brand reputation.
By intercepting and inspecting traffic, a website firewall blocks hackers and malicious traffic. Without a cloud-based WAF and CDN, websites can be taken down with DDoS attacks or can be infected by exploited code vulnerabilities and poorly secured user accounts.
We encourage you to research your options and use this guide to choose the best WAF for you.
What is a Web Application Firewall (WAF)?
A WAF is a cloud-based or hardware protection system that includes intrusion prevention and content delivery networks to ensure the integrity, confidentiality, and availability of websites. Activating a WAF protects visitors and business from data breaches, attacks, and malware infections. Hackers will abuse compromised websites by injecting SEO spam, drive-by-downloads, defacements, and malicious redirects. Keep visitors and web content secure by preventing vulnerability exploitation, brute-force (password guessing), and DDoS attacks. In our 2018 Hacked Website Report, we identify some of the most common types of malware and the blacklist authorities that block visitors from visiting compromised websites.
WAF vs. Firewall
All firewalls monitor and block traffic. A WAF protects web applications (websites) from external malicious requests to the web server, while network firewalls protect data flowing between web servers. Computer firewalls are software firewalls supplied by the operating system or by anti-virus companies.
How Do Web Application Firewalls Work?
Every WAF has different features and pricing. Some charge for additional features like Layer 7 DDoS protection, while others charge fees for customization. Here are the features to look for in a WAF.
1. Prevent a Future Hack
By detecting and blocking known hacking methods and behaviors, a website firewall keeps your site protected against brute force attacks, data breaches, and attempts to inject content into your web server.
2. Virtual Security Patches
Hackers quickly exploit vulnerabilities, and new ones are always emerging (called zero-days). A good website firewall will
even if you haven’t applied security updates.
3. Block Brute Force Attacks
A website firewall should stop anyone from accessing your protected pages if they aren’t supposed to be there, and make sure attackers can’t use brute force automation to guess your passwords.
4. Mitigate DDoS Attacks
Distributed Denial of Service (DDoS) attacks attempt to overload your server or application resources. By detecting and blocking all types of DDoS attacks, a website firewall makes sure your site is available if you are being attacked with a high volume of malicious traffic.
5. Performance Optimization
Most WAFs include a content delivery network (CDN) to cache your website for faster global access. This speeds up your website and keeps visitors happy while reducing the load on your web server.
How to Choose a Web Application Firewall (WAF)
- Intrusion Prevention System. A WAF should include a variety of methods to detect and thwart attacks, including signature-based and behavior analysis. You may want to ask WAF providers about the false positive/negative rate, and how often it blocks zero-day vulnerabilities.
- Bandwidth Limitations. Many WAF and CDN providers charge depending on how much traffic you have. In the case of DDoS mitigation, it’s important to know how much capacity the WAF has across its network. This is one reason why cloud-based WAFs have an advantage over hardware WAFs.
- Points of Presence. With multiple geographic locations, a WAF and CDN can offer high performance, low connection times, and fast-loading web pages. A globally distributed Anycast network also allows for load balancing in the event of traffic spikes or DDoS attacks.
- Logging and Reporting. Investigation of a security incident is easier with access to detailed WAF logs and audit trails. Talk with WAF vendors about what is possible, how reports are accessed, and whether the WAF integrates with your SIEM system or security operations team.
- Page Speed. It takes time for a website firewall to inspect traffic. To avoid lag time, a CDN allows visitors to access a cached version of your website stored in different locations. Often, these locations are closer and faster for visitors to connect to.
- Customization Requirements. If your website requires custom rule sets, load balancing, or high availability, discuss this with the WAF provider. You may also want to ask about uptime guarantees, whitelisting and blacklisting, and any advanced security settings.
- Total Cost. Price is always a factor. There may be hidden costs and unexpected fees, not to mention upgrades and upsells. Make sure your plan covers what you need for support, features, and bandwidth.
- SSL Support. If you have an SSL on your website already, you want to make sure the website firewall can support your existing certificate. HTTPS is automatically enabled on the Sucuri firewall servers for users who do not have a certificate.
- Industry Research. To stay ahead of emerging cybersecurity threats takes constant work. Vulnerability research and malware analysis should be important to any WAF provider. It’s also good to know whether the website firewall specializes in your website software or CMS.
- Customer Service. Ask about the response time you can expect from your WAF provider in the event on an emergency. You should consider whether you will require customization, setup, or troubleshooting. It’s also a good idea to read a few reviews online from current customers.