Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Transformation

    Drone

    HPC

    Internet of Things

    IT Services

    Marine Tech

    Networking

    Plastic Tech

    PropTech

    Robotics

    Sensor Tech

    Simulation

    Smart City

    Software Testing

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Capital Market

    Compliance

    Construction

    Custom Software Development

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • CISCO

    Google

    IBM

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cognitive

    Collaboration

    Contact Center

    Corporate Finance

    CRM

    Data Center

    Digital Signage

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Communications

    Enterprise Performance Management

    ERP

    Facility Management

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Infrastructure

    IT Service Management

    Managed Services

    PLM

    Procurement

    Project Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Amazon
    • Cloud
    • HPC
    • Capital Market
    • Collaboration
    • CEM
    • Drone
    • Facility Management
    • Fleet Management
    • Food and Beverages
    • Business Intelligence
    • IBM
    • Insurance
    • IT Infrastructure
    • Legal
    • Marine Tech
    • Networking
    • Plastic Tech
    • Procurement
    • RegTech
    • Sensor Tech
    • Simulation
    More
    Facility Management Fleet Management Food and Beverages Business Intelligence IBM Insurance IT Infrastructure Legal Marine Tech Networking Plastic Tech Procurement RegTech Sensor Tech Simulation
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    The Organization's Responsibility for its Own Protection

    Michael Wallmannsberger, Chief Information Security Officer, Wynyard Group

    Don't Rush to Hire an Anti-DDoS Expert!

    Barry Greene, Co-founder and Chief, Technical Officer, GETIT

    Attaining the Needs of Infrastructure Investment

    Yong Chiang Neo, CIO

    Constructing a Marketing IT Collaboration

    Jenny Williams,

    The Organic Adaptability of IT

    Pedro Sttau,

    The Weakest Link Is Your Strongest Security Asset

    Christian Anschuetz, CIO & Security Practitioner, UL

    Achieving Greater Business Value with Innovation

    Denise A. Saiki, CIO& VP Enterprise Business Services, Lockheed Martin

    Using Data Analytics for Loss Prevention

    Jonathan Lowsley, CIO, ADrive

    right

    The Dawn of Hybrid Web Application Firewall-Why it will define security for the foreseeable future

    By Carl Herberger, VP-Security Solutions, Radware

    Tweet
    content-image

    Carl Herberger, VP-Security Solutions, Radware

    As the threat landscape transforms as quickly as advances in network protection, a sea of change is occurring in how organizations secure their networks. Dramatically different visions of how to effectively protect a network presents a juxtaposition—forcing pause and deep thought before executing a strategy.

    The Web Application Firewall or WAF has undergone a shift in approach, as a result of changing business conditions as concepts of security perimeter protection have eroded. This confluence, a result of the growing cloud technology, is no longer manageable with today’s standard application security approaches. Out of necessity, a new hybrid approach that combines technologies to protect both cloud-based and on premise applications has evolved.

    Why is a Hybrid Approach so Compelling?

    Like two raging rivers that join together, the migration of business applications from on premise data centers to off premise cloud providers has erupted in a sprawl of security solutions. The result is an unmanageable and untenable security environment. Many suggest that you can no longer think of the cloud and premise-based technologies as disparate and isolated, but rather consider and manage them as one, in order to provide unified protection with no security gaps between on-premise and cloud-based devices.

    The likes of IBM and others robustly declared at this year’s InterConnect Conference that the cloud can no longer be categorized as private or public—but instead has shifted to a hybrid state. To remain competitive and relevant, every business must transform and adapt. There are three major reasons behind the idea of cloud being synonymous with “hybrid”:

    1. Most companies will retain some internal application delivery infrastructure

    Most businesses simply aren’t positioned to move all legacy applications to the cloud. Starting a hybrid cloud approach does not require a complete migration of traditional IT infrastructure to a public or private cloud.

    2. Dedicated infrastructures are a luxury

    This will make most companies uncompetitive vis-à-vis hybrid competitors. The verdict is in about the merits of virtualization and cloud in that it unleashes hidden efficiencies which were elusive to classic data centers in the past.

    At its core, the cloud was designed to take the complexity of virtualization away from the end user and fully enable self-provisioning and speed to service delivery.

    3. Information Security and Compliance

    From the inception of cloud delivery models, security has provided the anchor to adoption because of concerns of inadequacies. In the end, most companies who are “cloud-ifying” applications from more traditional deployments found themselves with fewer options and features in which to secure applications in the cloud. Also, cloud companies needs to be in lock-step with stringent compliance requirements of client companies such as PCI-DSS, HIPPA, and Patriot Act and Sarbanes-Oxley Act.

    The task of keeping a business up and available while orchestrating cloud delivery service models is not trivial. Similar to the change of just-in-time inventory in manufacturing models, the cloud, with all its cost and agility benefits, ushered in a whole new era of requiring a high degree of uptime. The issue of uptime is multi-faceted. There is a need to cover numerous categories of security threats such as volumetric vs. non-volumetric attacks, bots vs. humans, multi-vector attack campaigns and web exhaustion techniques.

    “The need to secure applications on-premise, in the cloud, and during the transition period from on-premise to the cloud, requires a hybrid solution”

    Current technology shifts have changed business leaders' expectations of IT and disrupted many of the security models we’ve come to expect. These changes have resulted in complications for security professionals dealing with different operating environments and also a loss of visibility to the overall 'business' picture. Businesses are now looking for IT to respond in hours or even minutes compared to what used to be days or weeks. Organizations need to have the ability to detect threats with high quality in one location and react to those revelations in all operating environments in real time, and then orchestrate changes to the affected systems quickly and universally.

    Until recently, no single web application firewall technology existed which addressed these problems. Solutions offered by security vendors did not include a web application firewall that integrated seamless on premise and cloud protection. This lack of integration led to limited visibility, a lack of policy orchestration, and muted attack responses. Organizations could also not differentiate attacks that occurred in the cloud from those on premise in a timely fashion. Was it the same vulnerability? Was it the same perpetrator in both attacks? Those questions could not be answered because the quality of detection was limited. The need was established that organizations needed to be able to mitigate a security problem both on-premise and in the cloud.

    So, what needs to be coordinated and integrated between the cloud and premise-based applications to provide seamless protection? One needs to mitigate attacks in all environments, including behind a Content Delivery Network (CDN) or multiple CDNs. Powerful considerations need to be made for network latency and disruption as coordinating disaggregated devices will require high network fidelity and response. Moreover, compliance, and role-based-access-controls (RBAC) will be a key attribute to honing panoramic visibility.

    In conclusion, the need to secure applications on-premise, in the cloud, and during the transition period from on-premise to the cloud, requires a hybrid solution. That will allow simple policy migration from the premise to the cloud while supporting a seamless migration without exposing the newly migrated applications to web attacks. The need for quick panoramic visibility to the entire delivered application infrastructure no matter where it is served is paramount. Quick and coordinated control and mitigation are essential to bring the balance of defense back into the defender’s court. The current path is clear—a hybrid solution is a must. The faster this architecture is migrated, the least amount of damage and harm will occur.  

    Check out: Top Web Security Solution Companies
    tag

    virtualization

    Information Security

    Firewall

    inventory

    Read Also

    Blockchain's Impact on Business Growth

    Blockchain's Impact on Business Growth
    Preventing Malware Dangers for Your Company's Macs

    Preventing Malware Dangers for Your Company's Macs
    Identifying Trojans and Stopping Them

    Identifying Trojans and Stopping Them
    Five Security Measures to Overcome API Vulnerabilities

    Five Security Measures to Overcome API Vulnerabilities

    Weekly Brief

    loading
    25 Most Promising Enterprise Security Solutions Providers

    Featured Vendors

    F5 Networks

    Mohan Veloo , Vice President

    Banff Cyber Technologies Pte Ltd

    Matthias Chin, CEO
    ON THE DECK

    Security 2015

    Top Vendors

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://security.apacciooutlook.com/cxoinsights/the-dawn-of-hybrid-web-application-firewallwhy-it-will-define-security-for-the-foreseeable-future-nwid-282.html