Hot Topics
Security Bloggers Network 
SBN

Too Busy Tuning Your WAF to Realize You Don’t Have To?

by Mackenzie Jacobson on October 3, 2018

Over the past few years, web and application development has undergone a considerable change. Not only is application development and integration dominated by web and mobile-enabled solutions, but technologies like APIs and microservices are also breaking into the scene. 

While these recent advancements have increased connectivity and productivity, they have complicated application security for many organizations. From botnets to targeted attacks, web applications are the target and successful source for a growing number of malicious threats – nearly 10% growth YoY*.

Tune Guitars, Not WAFs

In an effort to simply keep up with these threats, security teams often spend a great detail of time, energy and human resources tuning their WAF, responding to false positives, and managing signatures. In addition to the obvious inefficiency, this approach is unreliable at detecting high-impact threats beyond well-known “commodity” threats like SQL injections and XSS attempts.

Couple this with the fact that malicious actors are also becoming more cunning, it is nearly impossible to secure apps effectively with current generation tools. It’s time to shift the focus away from chasing down application anomalies and hone in on fundamental attacker behaviors. Why?

By monitoring attacker behavior and building attacker profiles, organizations can:

  • Prioritize the high-risk, high-impact threats
  • Track behaviors and proactively block malicious attackers long before they cause damage
  • Stop chasing down countless application anomalies and focus on the most malicious behaviors

We recently partnered with SC Magazine to deliver a webcast during which we discuss this attacker-centric phenomenon – How does it work? What should you expect from a WAF that has these capabilities? And more…

You can register for and access the on-demand version of the webcast, Beyond Signatures and Anomalies: Attacker-Centric Web Security, at any time. 

Beyond Signatures & Anomalies Webinar: Attacker-Centric Web Security

*According to the 2018 Data Breach Investigations Report from Verizon

*** This is a Security Bloggers Network syndicated blog from ThreatX Blog authored by Mackenzie Jacobson. Read the original post at: https://blog.threatxlabs.com/too-busy-tuning-your-waf-to-realize-you-dont-have-to

Mackenzie Jacobson