Web applications are rapidly becoming the preferred option for online business. Indeed, statistics show that upwards of 90% of mobile device traffic is for web apps, typically eCommerce. The recent COVID-19 outbreak has shown that hosted and cloud-based web apps, if configured and resourced appropriately, can withstand spikes in activity without falling over. Web apps help maintain revenues, even in the face of physical disruption, and ensure business continuity.
Revenue is only part of the business continuity equation. Staff still have to work, otherwise income dries up. Web apps have proven their worth by giving remote workers another option to access selected network functions from any device.
But both customer-facing and staff-specific web applications need to be secured. Web application firewalls (WAFs) provide protection from adversaries and malware and ensure a positive user experience.
For the most effective core-to-edge network protection and most efficient network management, the WAF should be fully integrated into your overall security fabric.Business continuity in a dynamic environment
The recent COVID-19 event has fast-tracked digital transformation for enterprises of all sizes. Nowhere has this been more critical than providing secure network access for the remote workforce.
Today's dynamic networks incorporate an ever-increasing number of ‘edges'. Each remote worker, every web application and every cloud service represents a network edge. The more edges, the greater the attack surface, the greater the risk.
The challenge is to protect each and every network edge with a broad, integrated security fabric that employs standardised policies, tightly-managed incident responses and automation to streamline operations. Traditional perimeter security solutions are simply not up to the job. The edges are the new battlespace and, without full protection, can leave a weak underbelly in an otherwise secure environment.
Web application firewalls are critical for business continuity, along with next generation firewalls, secure SD-WAN deployments, real-time threat intelligence and a raft of other security services. Working together as a fabric, these security services protect the core and all the edges to reduce risk and help ensure business continuity even under the most trying circumstances.More access, more risk with web apps
Web apps can be deployed quickly and give users access to network or eCommerce functions. They are, by definition, multi-platform and eliminate the need to develop device-specific apps. And, increasingly, web apps are becoming smarter, more interactive and, unfortunately, more difficult to secure.More functionality with APIs
Smart web apps incorporate APIs to provide richer, more responsive user experiences. These enhanced web apps allow clients to process raw data instead of just rendering simple HTML. As a result, API-enabled web apps require more than just basic controls.
Advanced WAFs defend the Layer 7 (application) perimeter and are responsible for securing business-critical and API-enabled web apps from zero-day threats, known or unknown vulnerabilities and an array of other Layer 7 attacks. Smart WAFs also provide granular visibility into web traffic and support SOC (security operations centre) analysis with detailed logs and alerts.Advanced WAFs and the security fabric
Advanced WAFs are most effective when deployed in conjunction with a comprehensive security fabric. Indeed, savvy operators are using advanced WAFs as the starting point to migrate their legacy and point security services towards a common security fabric. Advanced WAFs give IT managers a clear pathway forward to a broad, integrated and automated security ecosystem.
Advanced WAFs are available as appliances, virtual machines, cloud-based or as-a-service and should ideally orchestrate with your over-all security fabric.
About the author
Cornelius Mare is Director, Security Solutions at Fortinet ANZ. As such, it is his business to know what's happening in the cybersecurity world and how to help enterprises secure their transitional networks without sacrificing speed, functionality or control. In particular, Corne is an expert with hybrid cloud environments and artificial intelligence. These tools, along with other Fortinet security services, help organisations manage their digital transformations with confidence.
Fortinet (NASDAQ: FTNT) secures the largest enterprises, service providers and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.