At the global energy company, the chief architect says his company was able to configure one use case in two hours with the Cisco WAF. However, he would like more best practices guides for configuring things like character filtering "rather than us scrambling to do this."
DO consider a learning engine feature. With a learning engine, the WAF learns about applications so it can create and even enforce rules. In very dynamic environments, Krikken says, it's better for the WAF to alert you to aberrant behavior than block it.
Patel uses Breach's learning engine, which he says profiled Web applications over a couple of months. During that time, it flagged irregular behavior, which his team reviewed. "You need a certain level of comfort that it's going to make the right decisions," he says. Over time, however, Patel wanted automated blocking. "With the amount of traffic we get on the site, it's key that the WAF recognises irregularities and shuts down those attempts while they're happening, rather than later on," he says.
For instance, the WAF now stops competitors from scraping product data from the website, which includes millions of SKUs, as well as pricing information. "If we see someone is checking data weekly or monthly, that represents a huge loss of competitive intelligence," Patel says.
DO consider enterprise-level capabilities. Jarden's Nelson chose Check Point's product in part for its enterprise-level console, which provided centralised management for all of Jarden's firewalls. He particularly likes that he can group the firewalls into what's called "containers" and apply different policies within those containers.
Meanwhile, the security-messaging engineer at a nutritional supplements manufacturer says a big advantage of the Barracuda system he uses is its scalability. The company's main motivation for a WAF was to provide a secure Web mail interface to users who wanted to access e-mail from around the world. It also uses it to protect against application-layer attacks.
The security engineer wanted to provide users with a single URL to access e-mail no matter where they were, and he wanted to be able to scale up the system without interruption. Because he can add an additional WAF appliance without giving it a new IP address, it's transparent to users. "If it starts being overloaded, all we have to do is get another one, put in a rack, cluster it with this one and we've got twice as much capacity," he says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.