Higher utilization leads to additional resource requirements, which consumes budgets. Utilization becomes a key factor in operational costs. Modern data center models borrow heavily from cloud and its usage based cost structure. This is generally why a LB is able to simultaneously support millions of users, and WAFs require more utilization – because they're inspecting the entire payload and evaluating it against signatures and policies to determine whether the request is valid and safe. The resource requirements (CPU and the like) involved in making a load balancing decision are minimal. This optimizes for utilization, performance, and reliability while providing the protection necessary for all apps – but particularly for those exposed on the Internet. Ideally, you’ll deploy a WAF behind your load balancing tier. Some are less efficient than others, some introduce unacceptable points of failure, and others introduce architectural debt that incurs heavy interest penalties over time. But that doesn’t mean every insertion point is a good idea. The data path contains multiple insertion points at which a WAF can be deployed. The question is, where do you put such protection? They’re also a go-to solution for addressing zero-day vulnerabilities either through rapid release of signature updates or, in some cases, the use of programmatic functions to virtually patch applications while a long term solution is being deployed. In addition to being a requirement for complying with PCI-DSS, WAFs are excellent at protecting against the OWASP Top 10. Proxy-based web application firewalls (WAFs) are an integral component of application protection.
0 Comments
Leave a Reply. |