In their latest State of Cloud Security Report, our security partner Alert Logic shared some interesting statistics about the type and frequency of attacks their customers experience. Web application attacks represent a significant threat—Alert Logic’s analysis found that 7 out of every 10 customer environments experienced an average of 40 web application attacks over a 12-month period. The company also found that the majority of attacks are perpetrated using commonly available tools, such as the free SQL injector tool Havij, which enables less sophisticated hackers to easily launch attacks.
So what does a web application attack look like? It could be an attack that takes advantage of an application flaw to inject malicious code into a web application, or one where attackers can compromise passwords because authentication and session management are not implemented correctly. There are hundreds of issues that could affect the overall security of a web application. The OWASP Top 10 is a good resource to help you identify the most critical risks.
Web Application Firewalls (WAFs) like Alert Logic’s Web Security Manager are designed to block web application attacks. Unlike a network firewall, which simply allows or blocks traffic (e.g., allow this computer to accept FTP requests), a WAF can both understand web application traffic and intercept attacks, making WAFs and firewalls complementary solutions.
Similar to our previous article about how different intrusion detection systems use different techniques to identify network anomalies, different WAFs use different techniques to block malicious web attacks. Alert Logic’s Web Security Manager uses two separate techniques that enable it to provide immediate protection against known attacks and to learn behavior over time to protect against unknown attacks:
- Signature-based protection against known attacks. The Alert Logic security research team is continually adding new signatures from external sources and internal discovery.
- Positive protection against unknown attacks by only allowing permitted actions. Permitted actions are learned over time by Web Security Manager’s Learning Engine and can be tuned as needed to minimize false positive hits.
Like other Alert Logic Security-as-a-Service solutions, Web Security Manager customers can subscribe to 24×7 monitoring, tuning, and incident response service, where Alert Logic security analysts will help you aggressively manage and tune your WAF solution without impacting your business or impacting your resources. To learn more, download the Pragmatic WAF Management white paper or contact us today.