The problem with rule-based WAFs is that they require very high maintenance. Traditionally, this filtering was performed using rules, either provided out of the box by the WAF vendor, or customized by the organization deploying the WAF. ![]() WAFs are deployed at the edge, and attempt to filter and block traffic suspected to be malicious. The WAF/CDN is deployed on multiple points of presence (PoP) distributed around the world, and the website is served to users through the nearest PoP.ĭisadvantages of Rule Based Web Application Firewalls (WAF) Content delivery network (CDN)-because WAFs are deployed at the network edge, cloud-based WAFs may also provide a CDN that caches the website to improve website load time.When a DDoS attack is detected by the WAF, it can block the requests, and switch traffic over to the DDoS protection system, which can scale up to withstand large volumetric attacks. DDoS protection-WAFs commonly integrate with cloud based distributed denial as a service (DDoS) protection platforms.Correlation engine-analyzes incoming traffic and triages it using known attack signatures, AI/ML analysis, application profiling and custom rules to determine if it should be blocked or not.This is important to allow customization of WAF behavior and avoid blocking legitimate traffic. Customization engine-the WAF allows operators to define security rules specific to the organization or web application, and instantly applies them to application traffic.This can help identify abnormal or malicious requests and block them. Application profiling-the WAF analyzes web application structure, including URLs, typical requests, allowed data types and values.This makes it possible to identify attacks even if they do not match a known malicious pattern. They identify baselines for specific types of traffic, and capture anomalies that might represent an attack. AI/ML analysis of traffic patterns-modern WAFs perform behavioral analysis of traffic using artificial intelligence algorithms.In the past, WAFs primarily relied on databases of attack patterns, but this technique is largely ineffective against new and unknown attacks. They can include known malicious IPs, types of requests, unusual server responses, and more. Attack signature database-these are patterns that can be used to identify malicious traffic. ![]() ![]() WAFs typically provide the following capabilities:
0 Comments
Leave a Reply. |