Web application firewalls (WAF) provide effective protection against viruses and malware of all kinds by monitoring, filtering and possibly blocking access to your own applications. In order to be able to choose the right product from the multitude of software solutions available on the market, one should be clear in advance about the type of defence system to be purchased (procedure in case of attacks, logging of incidents), and the question of which threat scenario is to be assumed should also be clarified.
Web application firewalls (WAF's) can be divided into 3 categories:
- Connectivity WAF's
- Cloud/hybrid WAF
- integrated WAF solution
Comparison of the best web-based application firewalls
Since the systems continuously search for unusual patterns in the data traffic, they are able to detect even previously unknown threats. They are either installed integratively on a proxy server or connected logically and physically to the application at the gateways to the web application. It is also possible to set up the software as a stand-alone cloud application.
Category 1: Connectivity Web Application Firewalls
Connectivity WAF's represent an easy to configure and implement technology that allows permanent control of the entire system and immediately issues an alarm in case of attacks. They are generally used by medium-sized and large companies.
The first candidate in this category - Citrix's Netscaler MPX scores with SSL data throughput capacity of up to 75Gbps, enabling the processing of 1500 transactions per second (tps). However, the flat rate price of $4,000 for the MPX 550 does not include upgrades, maintenance and support costs, so the Netscaler MPX is particularly suitable for SMBs that want to expand their onlineShop mainly via cloud applications.
The WAF of the security company Barracuda impresses with a varied capacity in terms of the processable data volume, depending on the selected hardware. The Barracuda model 360 can process up to 2000 tps, the all-inclusive price of $6,350 includes one year of unlimited updates.
The next candidate in the list, Imperva's SecureSphere, covers a wide range of performance specifications, with data throughput of up to 10 Gbps and transaction speeds of between 440 and 9,000 tps. With an entry-level price of $4,200 for the X2010 model, SecureSphere represents a full-featured web Firewall System that allows high data throughput rates.
The F5 10200 model from ASM is tailored to the needs of companies that use the Internet intensively, since only then does the firewall provide optimum economic benefit. Due to permanent updates of the virus signatures, back door detection and other useful features, the product benefit of the F5 is higher than that of the competition, which is also reflected in an increased usage capacity.
Finally, the SonicWall SRA 4600 from Dell is designed for SMEs with average Internet usage. However, the SonicWall requires the installation of the SonicWall security system, and gadgets such as back door detection are provided for this purpose.
Category 2: Cloud/hybrid WAF's
Cloud and Hybrid WAFs are either shared between the customer company and the WAF service provider according to a sharing principle, or the WAF is used as an external security system. Since the costs for hardware are eliminated, cloud WAFs are attractive in budget terms, covering all business activities like their "terrestrial" counterparts.
The WAF from Incapsula, a company specializing in online security solutions, is a true cloud solution supported by 25 global data centers. The system offers protection against denial-of-service (DoS) attacks, and numerous tools are also provided at no extra charge. The entry-level price of $300 for the basic version depends on the subscription period and the number of display stations to be protected.
For those who prefer a hybrid version, the WAF from Qualys is the right choice. Virtually integrated into the local IT environment, decision makers benefit from management and internet perspectives provided in a special overview mode. For a maximum of 100 applications the rental price is $1,995 depending on the subscription period.
Category 3: Integrated WAF solutions
The software "ModSecurity" is the only professional solution in the category of Integrated WAF's. As an open source variant embedded in the Trustwave WAF program, the system offers individually adjustable protection against cyber attacks of any kind. The firewall allows the configuration of individual plausibility rules, however, for the parameterization of the system sound expert knowledge is required. A single license is available from $495, depending on the desired number of licenses and the duration of the subscription.