sb-au logo
Story image

How integrated edge security and WAF can secure application delivery

14 Jan 2020

Article by Kemp principal technical advisor Ben Hodge

As organisations come to rely more and more on web-based applications and a mobile workforce, the importance of secure application publishing backed by a carefully integrated web application firewall (WAF) increases steadily.

A solution that provides edge security, SSO application integration and flexible authentication options is critical for both optimal user experience and information security policy compliance.

Historically, Microsoft applications such as Exchange, Skype for Business, SharePoint and IIS-based web services were deployed with Microsoft’s Forefront Threat Management Gateway (TMG) to meet these requirements and provide a way to securely publish applications in Internet-facing deployments.

But since TMG reached its end of sale and mainstream subscription closed, customers have been evaluating alternative solutions for its replacement.

Ideally, they need a solution that provides edge security, SSO application integration and flexible authentication options, which is critical for optimal user experience and information security policy compliance.

Such a solution should provide a comprehensive set of features in an edge security pack that can enhance a load balancer’s ability to secure public-facing applications and improve user experience.

Preferably the pack should include some of the most common features familiar to TMG users, that are most logical for consolidation with an application-centric load balancer.

Look for a web application firewall (WAF) that combines Layer 7 WAF protection with other application delivery services including intelligent load balancing, intrusion detection, intrusion prevention as well as edge security and authentication.

By integrating the world’s most deployed WAF engine, ModSecurity open-source application firewall, augmented by threat intelligence and research from a trusted information security provider, such a solution will protect against known and evolving vulnerabilities.

With a targeted focus on application-specific exploits missed by traditional firewalling techniques, a carefully combined WAF can play a key role in a defence-in-depth strategy that mitigates risk and optimises application security.

Such a firewall will enable secure, scalable and always-on workload delivery in a single fully integrated, easy to use and deploy load balancing solution.

The benefits of integrating a carefully selected ADC platform include:

  • Simplified deployment and management of application protection services.
  • Operating as either an active or passive setup allows flexible deployment in either a block or log inactive mode; or a log only in passive mode.
  • Daily rule updates maximise protection against evolving threats and latest application vulnerabilities.
  • SQL injection protection guards against exploits that leverage weakness in web application SQL implementations,.
  • Cross-site scripting mitigation prevents injection of untrusted content into user content.
  • Cookie tampering protection prevents sensitive corporate and personal data such as credit card numbers from being accessed.
  • Custom rule support builds deeper levels of protection for applications.
  • Regulation compliance simplification enables compliance with PCI-DSS (payment card industry) security standards.