Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Dynamics 365

    Google

    HP

    IBM

    Intel

    Microsoft

    Microsoft Azure

    Oracle

    Red Hat

    Salesforce

    SAP

    Share Point

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • Amazon
    • Augmented Reality
    • Blockchain
    • CISCO
    • DevOps
    • Enterprise Asset Management
    • Startup
    • ERP
    • Field Service
    • Gamification
    • IoT
    • IT Services
    • Metals and Mining
    • Microsoft Azure
    • Project Management
    • Robotics
    • Smart City
    • Sports
    • Travel and Hospitality
    More
    ERP Field Service Gamification IoT IT Services Metals and Mining Microsoft Azure Project Management Robotics Smart City Sports Travel and Hospitality
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    The Organization's Responsibility for its Own Protection

    Michael Wallmannsberger, Chief Information Security Officer, Wynyard Group

    Don't Rush to Hire an Anti-DDoS Expert!

    Barry Greene, Co-founder and Chief, Technical Officer, GETIT

    Attaining the Needs of Infrastructure Investment

    Yong Chiang Neo, CIO

    Constructing a Marketing IT Collaboration

    Jenny Williams,

    The Organic Adaptability of IT

    Pedro Sttau,

    The Weakest Link Is Your Strongest Security Asset

    Christian Anschuetz, CIO & Security Practitioner, UL

    Achieving Greater Business Value with Innovation

    Denise A. Saiki, CIO& VP Enterprise Business Services, Lockheed Martin

    Using Data Analytics for Loss Prevention

    Jonathan Lowsley, CIO, ADrive

    right

    The Dawn of Hybrid Web Application Firewall-Why it will define security for the foreseeable future

    By Carl Herberger, VP-Security Solutions, Radware

    Tweet
    content-image

    Carl Herberger, VP-Security Solutions, Radware

    As the threat landscape transforms as quickly as advances in network protection, a sea of change is occurring in how organizations secure their networks. Dramatically different visions of how to effectively protect a network presents a juxtaposition—forcing pause and deep thought before executing a strategy.

    The Web Application Firewall or WAF has undergone a shift in approach, as a result of changing business conditions as concepts of security perimeter protection have eroded. This confluence, a result of the growing cloud technology, is no longer manageable with today’s standard application security approaches. Out of necessity, a new hybrid approach that combines technologies to protect both cloud-based and on premise applications has evolved.

    Why is a Hybrid Approach so Compelling?

    Like two raging rivers that join together, the migration of business applications from on premise data centers to off premise cloud providers has erupted in a sprawl of security solutions. The result is an unmanageable and untenable security environment. Many suggest that you can no longer think of the cloud and premise-based technologies as disparate and isolated, but rather consider and manage them as one, in order to provide unified protection with no security gaps between on-premise and cloud-based devices.

    The likes of IBM and others robustly declared at this year’s InterConnect Conference that the cloud can no longer be categorized as private or public—but instead has shifted to a hybrid state. To remain competitive and relevant, every business must transform and adapt. There are three major reasons behind the idea of cloud being synonymous with “hybrid”:

    1. Most companies will retain some internal application delivery infrastructure

    Most businesses simply aren’t positioned to move all legacy applications to the cloud. Starting a hybrid cloud approach does not require a complete migration of traditional IT infrastructure to a public or private cloud.

    2. Dedicated infrastructures are a luxury

    This will make most companies uncompetitive vis-à-vis hybrid competitors. The verdict is in about the merits of virtualization and cloud in that it unleashes hidden efficiencies which were elusive to classic data centers in the past.

    At its core, the cloud was designed to take the complexity of virtualization away from the end user and fully enable self-provisioning and speed to service delivery.

    3. Information Security and Compliance

    From the inception of cloud delivery models, security has provided the anchor to adoption because of concerns of inadequacies. In the end, most companies who are “cloud-ifying” applications from more traditional deployments found themselves with fewer options and features in which to secure applications in the cloud. Also, cloud companies needs to be in lock-step with stringent compliance requirements of client companies such as PCI-DSS, HIPPA, and Patriot Act and Sarbanes-Oxley Act.

    The task of keeping a business up and available while orchestrating cloud delivery service models is not trivial. Similar to the change of just-in-time inventory in manufacturing models, the cloud, with all its cost and agility benefits, ushered in a whole new era of requiring a high degree of uptime. The issue of uptime is multi-faceted. There is a need to cover numerous categories of security threats such as volumetric vs. non-volumetric attacks, bots vs. humans, multi-vector attack campaigns and web exhaustion techniques.

    “The need to secure applications on-premise, in the cloud, and during the transition period from on-premise to the cloud, requires a hybrid solution”

    Current technology shifts have changed business leaders' expectations of IT and disrupted many of the security models we’ve come to expect. These changes have resulted in complications for security professionals dealing with different operating environments and also a loss of visibility to the overall 'business' picture. Businesses are now looking for IT to respond in hours or even minutes compared to what used to be days or weeks. Organizations need to have the ability to detect threats with high quality in one location and react to those revelations in all operating environments in real time, and then orchestrate changes to the affected systems quickly and universally.

    Until recently, no single web application firewall technology existed which addressed these problems. Solutions offered by security vendors did not include a web application firewall that integrated seamless on premise and cloud protection. This lack of integration led to limited visibility, a lack of policy orchestration, and muted attack responses. Organizations could also not differentiate attacks that occurred in the cloud from those on premise in a timely fashion. Was it the same vulnerability? Was it the same perpetrator in both attacks? Those questions could not be answered because the quality of detection was limited. The need was established that organizations needed to be able to mitigate a security problem both on-premise and in the cloud.

    So, what needs to be coordinated and integrated between the cloud and premise-based applications to provide seamless protection? One needs to mitigate attacks in all environments, including behind a Content Delivery Network (CDN) or multiple CDNs. Powerful considerations need to be made for network latency and disruption as coordinating disaggregated devices will require high network fidelity and response. Moreover, compliance, and role-based-access-controls (RBAC) will be a key attribute to honing panoramic visibility.

    In conclusion, the need to secure applications on-premise, in the cloud, and during the transition period from on-premise to the cloud, requires a hybrid solution. That will allow simple policy migration from the premise to the cloud while supporting a seamless migration without exposing the newly migrated applications to web attacks. The need for quick panoramic visibility to the entire delivered application infrastructure no matter where it is served is paramount. Quick and coordinated control and mitigation are essential to bring the balance of defense back into the defender’s court. The current path is clear—a hybrid solution is a must. The faster this architecture is migrated, the least amount of damage and harm will occur.  

    Read Also

    Data-secured Environment- A priority for Enterprises

    Data-secured Environment- A priority for Enterprises
    Information Security as a Framework

    Information Security as a Framework
    Enterprise Security - Keys to Enhance Data Security

    Enterprise Security - Keys to Enhance Data Security
    Enterprise Security - Keys to Enhance Data Security

    Enterprise Security - Keys to Enhance Data Security
    25 Most Promising Enterprise Security Solutions Providers

    25 Most Promising Enterprise Security Solutions Providers

    Featured Vendors

    F5 Networks

    Mohan Veloo , Vice President

    Banff Cyber Technologies Pte Ltd

    Matthias Chin, CEO

    Security Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://security.apacciooutlook.com/cxoinsights/the-dawn-of-hybrid-web-application-firewallwhy-it-will-define-security-for-the-foreseeable-future-nwid-282.html