Cyber security: How to choose the right web application firewall

Although firewalls have been available to businesses for more than 30 years – with roots tracing back to the late 1980s – it is a fact that cyber security threats are becoming ever more sophisticated, and businesses need to keep up.

Cyber crime is at an all-time high and, with the penetration of internet usage now reaching all parts of our planet, there is heightened demand for the monitoring, filtering and blocking of users from accessing an organisation’s web applications.

Subsequently, businesses and organisations that are interconnected around the globe need to provide a safe and secure online environment that doesn’t make them easy targets for the hacking of valuable or sensitive business or customer data.

Cyber attackers are increasingly looking to web applications as a primary target for their damaging actions. Some web apps lack the security and defence necessary to thwart such attacks and can be easily compromised, providing a direct route into an organisation’s systems through anything from content management systems (CMS), e-commerce stores and software-as-a-service (SaaS) apps to hosted websites.

As cyber criminals utilise automation to carry out their underhand work in the background, it’s important that organisations have protection to protect the most common vulnerabilities of web apps as a whole. SQL injection attacks tend to be one of the most dangerous and common threats according to the OWASP. They have the ability to insert malicious code directly into a website’s database in order to gain access to it. Increasingly, businesses are recognising the need for solutions that closely monitor HTTP traffic and prevent identity theft and data leaks from valuable web applications.

Why a firewall is essential for protecting your web apps

It’s therefore important that businesses and organisations increasingly look to tighten their security by implementing web application firewalls that are intuitive and capable of spotting and learning usage patterns to validate genuine access and thwart malicious attacks before they can wreak havoc.

In order to make the right choice of firewall protection for your web apps, consider the following features and functionality that could save your organisation considerable time and money in the long run:

  • Automated to learn application changes
    Your chosen firewall needs to understand the application it’s protecting, responding and adapting to any changes made to the application without the need for manual intervention.
  • Simultaneously shut out hackers and allow genuine users in
    The purpose of any effective web app firewall is ensuring legitimate traffic still gets through. Always make sure your firewall has an in-built analytical engine to recognise attack indicators for brute force logins while also identifying genuine visitors.
  • Capable of recognising automated attacks
    There is no denying that cyber criminals are increasingly seeking to automate their attacks with the use of bots and web scanners. By multiplying the number and scale of online attacks, they have created an underground industry which costs the global economy $450 billion a year. Web app firewalls subsequently need to be able to recognise automated behaviour such as comment spam, site scraping and vulnerability scans to keep malicious users at bay.
  • Flexibility to develop custom patch updates
    Although many developers and IT security technicians don’t like to admit it, most web applications will have varying degrees of vulnerabilities at all times. The ability to patch up those potential loopholes with custom-made system updates ensures a future-proof firewall.
  • Recognise malware to minimise potential cyber fraud
    There are no two ways about it: malware fraud has become one of the biggest challenges for online businesses and financial institutions. Last year, Action Fraud calculated that banking malware accounts for more than two fifths (41 per cent) of all recorded malware attacks. Firewalls should be able to recognise malware-infected devices and even integrate fully with a fraud management solution if necessary.

It’s difficult to deny that today’s web applications generate more revenue and drive more business than ever before. To look after your business-critical data and resources, a web application firewall must now be at the heart of any organisation’s security infrastructure.


Ken Davis


Photo from DennisM2 (Public Domain). Cropped.