sb-nz logo
Story image

How to protect applications across multiple clouds

18 Dec 2020

By Radware senior security solutions architect for APAC Yaniv Hoffman.
 

With cloud-based applications come new security risks that require expertise which is typically scarce, and that can delay application deployment and maintenance.

While web application firewalls (WAFs) play a critical role in protecting applications, deploying and managing a WAF can be complicated and require ongoing refinement of security policies.

Managing these policies often requires expertise and intimate familiarity with any WAF solution. In addition, it is not always possible to leverage the same WAF across heterogeneous cloud environments, which limits the ability to enforce security policies across environments.

DevOps typically automates application integration and deployment cycles (CI/CD) to accelerate the process of deploying new applications. To accomplish this, they will often integrate with solutions that facilitate integration and speed. Security solutions, which are typically complex, are not prioritised for this reason, leaving applications unprotected.

Monitoring security events across applications is another challenge because there is no central dashboard across disparate cloud computing environments. It also requires security expertise to understand which security policy updates need to be implemented based on the reporting above.

What to look for

When evaluating a solution, look for the highest level of application protection while minimising false positives and maintenance, and the ability to run across multiple private and public cloud environments. Further, consider if the solution offers the following:

Full Coverage of OWASP Top-10 — including injections, cross-site scripting (XSS), cross-site request forgery, broken authentication and session management and security misconfiguration.

The reduced total cost of ownership — with the lowest false positives through unique auto-policy generation technology designed to secure a web application automatically.

Protection from zero-day web attacks — using both negative (signature-based) and positive security models that ensure the lowest false positives and minimal operational effort, but also robust protection against known and unknown (zero-day) threats.

Device fingerprinting for bot protection — The power of the fingerprint is in the consolidated information extracted from dozens of browser attributes collected on the client side, facilitating accurate bot classification.

Actionable reporting — For example, Radware’s Alteon Multi-Cloud provides a monitoring and reporting tool that makes it easy to monitor application protection events and actions, the attacks it identifies, and any blocked transactions.

Scalability — A WAF is a resource-intensive function. Allocating WAF resources to match peak application usage periods can be costly when operating in a cloud environment.

Deploying a firewall does not need to be a complex, resource-intensive process. Choosing a solution with the ability to span multiple cloud environments and automatically scale WAF services to match application usage levels will allow organisations to deploy application security policies seamlessly without extensive expertise.

Through an application-centric approach, leading technology enables application owners, DevOps, SecOps and others to deploy application delivery and security services instantly and in a self-service manner.

Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
New year, time to update your passwords
The most popular passwords of 2020 were easy-to-guess number combinations, such as 123456, the word password, qwerty, iloveyou, and other uncomplicated options.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More
Story image
The top search terms from IT execs in 2020
Covid, cybersecurity and operating models were amongst the most searched terms by IT executives in 2020, according to the analyst firm.More