Don't Drown your Security Team in Low-Value WAF Alerts
Use machine learning to deliver advanced protection without the overhead of false positives.
Today’s businesses run on applications. So, if your organization is like most, you’re deploying more business-critical web applications than ever before. Well established web technologies, including RESTful APIs, and a growing selection of open source and commercial-off-the-shelf software enable your users to access critical business capabilities using any device that can connect to the internet, including personal mobile devices. This gives your business the ability to rapidly adapt to change while also meeting the evolving demands of today’s workforce.
However, as you scale up your use of web applications, you should take the time to reassess your approach to protecting those applications. In many cases, existing web application firewall (WAF) solutions may not be able to keep up.
What are the signs of a WAF solution that is falling behind? First, your security team is drowning in false positive alerts, diverting their attention from real threats. Another sign is that legitimate users are getting blocked, preventing them from accessing business-critical resources. Your developers can also get tied up helping tune WAF rules and signatures instead of delivering valuable new features. And as performance lags, you may be tempted to go into “monitor only mode” in hopes of getting business done -- leaving a critical portion of your attack surface unprotected.
A WAF that can’t keep up can keep you from achieving your business objectives, reduce productivity, and expose you to business continuity risks. You need something better.
That starts with selecting a solution that is not only available to users and devices both on and off network, but one also designed to work smarter than traditional WAF solutions. FortiWeb Cloud, a WAF-as-a-Service solution, leverages machine learning to defend the modern web application attack surface without generating the false positives that can eat up your security team’s valuable and limited resources. In addition to traditional tools, such as signatures, IP block lists, etc., FortiWeb leverages machine learning to build and then continuously update a model of the specific applications your organization uses. Then, instead of relying on manually created signatures and exceptions, this machine learning capability can identify anomalies that can then be subjected to additional analytics. The result? Your users get the benefit of high-performance and reliable applications without the need for your IT team to manually adjust WAF rules every time you deploy an update.
Available on the widest array of public cloud environments of any WAF solution -- including AWS, Azure, and Google Cloud (either through the marketplaces on a pay-as-you-go-basis or via annual contracts from your Fortinet reseller) -- FortiWeb Cloud lets you maintain a consistent security posture across all of your web applications, including key parts of the attack surface such as APIs and bot mitigation. And because it can also use pre-defined configuration templates for common content management systems such as SharePoint, WordPress, and Drupal, organizations are able to protect multiple applications with ease. With a WAF-as-a-Service solution in place, there is no infrastructure to manage and new applications can be protected within minutes.
In addition to the power of machine learning, FortiWeb Cloud also defends two aspects of the attack surface that many WAFs neglect -- protecting your APIs and defending against malicious bots. Web APIs are increasingly used to support both B2B communication and the mobile applications that users increasingly rely on in lieu of a traditional web browser. And threat actors are using increasingly sophisticated bot networks not just for DDoS attacks, but for data mining, account takeover, digital ad fraud, and transaction fraud. With FortiWeb Cloud, protection against these threats are not add-on options -- they are included by default because we don’t believe a WAF can be effective in the modern threat landscape without them.
A modern WAF, powered by machine learning, is a business enabler that lets you deploy more web applications more effectively to address evolving business challenges. You can also update these applications more frequently and deliver new features and capabilities more rapidly without continually adjusting WAF configurations or being deluged with false positive alerts. Instead, you can deliver line of business capabilities to your users anywhere in the world, from any device with an internet connection, without complications or compromise. In a world with already overburdened security teams, giving your team the tools to support application deployment without dramatically increasing their workload or compromising your security posture is more critical than ever.
See how easy FortiWeb Cloud is to deploy and manage with a free trial available through AWS, Azure, and Google Marketplaces.
Brian Schwarz is Director of Product Marketing for Application Security at Fortinet. With over 20 years of experience working with networking and security solutions for the enterprise, Brian currently focuses on Fortinet’s Web application and API security solutions. Previously, Brian has held a variety of positions spanning product marketing, product management, technical marketing, and technical training for leading industry vendors.
About the Author
You May Also Like