sb-au logo
Story image

Securing the pervasive web properties and applications

21 Nov 2017

Organisations are building and buying web applications more aggressively than ever, to stay relevant and competitive in today’s digital marketplace. Although revenue-generating external applications command great attention, the internal applications like those for SCM, HR and R&D, serve as the conduits to sensitive information such as customer data, proprietary product specifications, payroll records and other personally-identifiable information. 

These web applications are also under enormous security risks due to the high degree of complexity, regular use of embedded, third-party libraries, routine incorporation of new protocols and features, and business emphasis on rapid time-to-market over enhancing code quality to reduce vulnerabilities.

A global study from Citrix and The Ponemon Institute reveals that 79 per cent of the participants are worried about security breaches involving high-value information and 89 percent believe that the complexity of business and IT operations puts their organisation at a security risk.  

According to Gartner, 90 per cent of current applications will still be in use in 2023. That means there are going to be tens of thousands of applications that will need to be assessed and secured, as attackers often only need to find a single weak link to topple all the IT dominoes. 

With countless combinations of commercially-available and custom-built web apps, it is unrealistic to expect that security technologies using only broad-spectrum rules and mechanisms can fully protect them. Security teams also need tools that offer greater flexibility, deeper granularity of inspection and control. 

For this, organisations need access to real time vulnerability information, and technologies that deliver complete physical coverage (protection for all use cases), functional coverage (detection/prevention of threats) and logical coverage (protection across all layers of the computing stack). Establishing comprehensive coverage such as this requires investing in more than just ordinary network firewalls and intrusion prevention systems (IPSs). 

It’s important to understand the security tools available today to tackle the cyber threats for web applications.

Network intrusion prevention systems

Typically offering little in the way of access control capabilities, network IPS technology is focused on detecting threats from unauthorised access.

The broad-spectrum mechanisms this technology relies on include signatures for known vulnerabilities, and protocol anomaly detection for suspected malicious activities and unknown threats. While the coverage is typically provided up to the application services layer and for all common Internet protocols, it may not be able to identify any behavioural anomaly at the user-end.  

Next-generation firewalls

The next-generation firewall (NGFW) combines the capabilities of network firewalls and IPSs in a single solution. To these capabilities, the NGFW typically adds user and application identity as attributes for controlling access to/from a network. 

Although NGFWs deliver enhanced access control capabilities and an opportunity to eliminate numerous single-technology appliances, the breadth and depth of coverage are simply not sufficient to protect most web properties from increasingly sophisticated and targeted attacks. The ability to reliably identify applications regardless of the port and protocol being used, remains a shortcoming.

The web application firewall – master of the app domain

The web application firewall (WAF) picks up where other security technologies leave off. A cloud and IPS based protection platform, WAF decides by activity to send a user to the application or to block them. It intercepts and inspects all incoming HTTP/HTTPS requests to a website, and thereby helps secures Static, Dynamic, E-commerce, ERP, CRM or any kind of web application irrespective of their platforms. 

WAFs are unique in their ability to validate inputs; detect cookies, session or parameter tampering attacks; block attacks and stop exfiltration of sensitive data through object-level identification and blocking. This is achieved by automated learning routines supplemented by manually-configured policies, to enable the understanding of how each protected web application works characteristically.

The most commonly deployed security technologies like Network Firewalls and IPSs are useful for screening out high volumes of low-layer threats, however, they are unable to sufficiently cover web applications. Although no single security technology provides complete protection for web applications, combining NGFWs with WAFs proves to be an efficient way to establish powerful, full-spectrum threat protection for all important web properties of an organisation.

Article by Safi Obeidullah, director, sales engineering (A/NZ), Citrix.

Story image
Interview: Check Point profiles 5 battles that SOC teams face in 2020
Security operations centres (SOCs) are often the first lines of defence.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Why securing IoT installations will be ‘do or die’ in post-pandemic Australia
Unless IoT technology is visible on the network, organisations will find themselves at risk with an unmanageable high-tech morass, warns ExtraHop A/NZ regional sales manager Glen Maloney.More
Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More