Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Whitepapers
  • Partner Conferences
  • News
  • Subscribe
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Business Intelligence

    Business Process Management

    CEM

    Cloud

    Collaboration

    CRM

    Cyber Security

    Data Center

    Digital Technology

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Security

    ERP

    Gamification

    Geographical Information System

    HR Technology

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    PLM

    POS

    Project Management

    QA and Testing

    Risk Management

    SaaS Solutions

    Security

    Simulation

    Smart City

    Sports

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

    Workflow

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Fleet Management

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Managed Services

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Payments

    Pharma and Life Science

    Procurement

    Retail

    Sales and Marketing

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Corporate Finance

    Google

    HP

    IBM

    Intel

    IT Service Management

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

Menu
    • Security
    • Agile
    • Automotive
    • CEM
    • Cyber Security
    • Data Center
    • FinTech
    • Security
    • SAP
    • Business Intelligence
    • Media and Entertainment
    • Oracle
    • Networking
    • Legal
    • Home
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    Journey to the Cloud - Getting Things Straight

    Alex Konnaris, Group CIO, RMA Group

    Redefining the CIOs role

    David Kennedy, Group CIO, Transaction Services Group

    At the Pinnacle of Smart City Aspirations

    Peter Auhl, CIO, City of Adelaide

    Identifying the Ideal DMS

    Judi Flournoy, CIO, Kelley Drye & Warren LLP

    Transformational Change Challenging Information Technology Teams

    Dave Hudson, CIO, Veritiv Corporation

    right

    The Dawn of Hybrid Web Application Firewall-Why it will define security for the foreseeable future

    By Carl Herberger, VP-Security Solutions, Radware

    content-image

    Carl Herberger, VP-Security Solutions, Radware

    As the threat landscape transforms as quickly as advances in network protection, a sea of change is occurring in how organizations secure their networks. Dramatically different visions of how to effectively protect a network presents a juxtaposition—forcing pause and deep thought before executing a strategy.

    The Web Application Firewall or WAF has undergone a shift in approach, as a result of changing business conditions as concepts of security perimeter protection have eroded. This confluence, a result of the growing cloud technology, is no longer manageable with today’s standard application security approaches. Out of necessity, a new hybrid approach that combines technologies to protect both cloud-based and on premise applications has evolved.

    Why is a Hybrid Approach so Compelling?

    Like two raging rivers that join together, the migration of business applications from on premise data centers to off premise cloud providers has erupted in a sprawl of security solutions. The result is an unmanageable and untenable security environment. Many suggest that you can no longer think of the cloud and premise-based technologies as disparate and isolated, but rather consider and manage them as one, in order to provide unified protection with no security gaps between on-premise and cloud-based devices.

    The likes of IBM and others robustly declared at this year’s InterConnect Conference that the cloud can no longer be categorized as private or public—but instead has shifted to a hybrid state. To remain competitive and relevant, every business must transform and adapt. There are three major reasons behind the idea of cloud being synonymous with “hybrid”:

    1. Most companies will retain some internal application delivery infrastructure

    Most businesses simply aren’t positioned to move all legacy applications to the cloud. Starting a hybrid cloud approach does not require a complete migration of traditional IT infrastructure to a public or private cloud.

    2. Dedicated infrastructures are a luxury

    This will make most companies uncompetitive vis-à-vis hybrid competitors. The verdict is in about the merits of virtualization and cloud in that it unleashes hidden efficiencies which were elusive to classic data centers in the past.

    At its core, the cloud was designed to take the complexity of virtualization away from the end user and fully enable self-provisioning and speed to service delivery.

    3. Information Security and Compliance

    From the inception of cloud delivery models, security has provided the anchor to adoption because of concerns of inadequacies. In the end, most companies who are “cloud-ifying” applications from more traditional deployments found themselves with fewer options and features in which to secure applications in the cloud. Also, cloud companies needs to be in lock-step with stringent compliance requirements of client companies such as PCI-DSS, HIPPA, and Patriot Act and Sarbanes-Oxley Act.

    The task of keeping a business up and available while orchestrating cloud delivery service models is not trivial. Similar to the change of just-in-time inventory in manufacturing models, the cloud, with all its cost and agility benefits, ushered in a whole new era of requiring a high degree of uptime. The issue of uptime is multi-faceted. There is a need to cover numerous categories of security threats such as volumetric vs. non-volumetric attacks, bots vs. humans, multi-vector attack campaigns and web exhaustion techniques.

    “The need to secure applications on-premise, in the cloud, and during the transition period from on-premise to the cloud, requires a hybrid solution”

    Current technology shifts have changed business leaders' expectations of IT and disrupted many of the security models we’ve come to expect. These changes have resulted in complications for security professionals dealing with different operating environments and also a loss of visibility to the overall 'business' picture. Businesses are now looking for IT to respond in hours or even minutes compared to what used to be days or weeks. Organizations need to have the ability to detect threats with high quality in one location and react to those revelations in all operating environments in real time, and then orchestrate changes to the affected systems quickly and universally.

    Until recently, no single web application firewall technology existed which addressed these problems. Solutions offered by security vendors did not include a web application firewall that integrated seamless on premise and cloud protection. This lack of integration led to limited visibility, a lack of policy orchestration, and muted attack responses. Organizations could also not differentiate attacks that occurred in the cloud from those on premise in a timely fashion. Was it the same vulnerability? Was it the same perpetrator in both attacks? Those questions could not be answered because the quality of detection was limited. The need was established that organizations needed to be able to mitigate a security problem both on-premise and in the cloud.

    So, what needs to be coordinated and integrated between the cloud and premise-based applications to provide seamless protection? One needs to mitigate attacks in all environments, including behind a Content Delivery Network (CDN) or multiple CDNs. Powerful considerations need to be made for network latency and disruption as coordinating disaggregated devices will require high network fidelity and response. Moreover, compliance, and role-based-access-controls (RBAC) will be a key attribute to honing panoramic visibility.

    In conclusion, the need to secure applications on-premise, in the cloud, and during the transition period from on-premise to the cloud, requires a hybrid solution. That will allow simple policy migration from the premise to the cloud while supporting a seamless migration without exposing the newly migrated applications to web attacks. The need for quick panoramic visibility to the entire delivered application infrastructure no matter where it is served is paramount. Quick and coordinated control and mitigation are essential to bring the balance of defense back into the defender’s court. The current path is clear—a hybrid solution is a must. The faster this architecture is migrated, the least amount of damage and harm will occur.  

    25 Most Promising Enterprise Security Solutions Providers

    25 Most Promising Enterprise Security Solutions Providers

    Featured Vendors

    F5 Networks

    Mohan Veloo , Vice President

    Banff Cyber Technologies Pte Ltd

    Matthias Chin, CEO

    Security Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.

    follow on linkedinfollow on twitter
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://security.apacciooutlook.com/cxoinsights/the-dawn-of-hybrid-web-application-firewallwhy-it-will-define-security-for-the-foreseeable-future-nwid-282.html