Not that long ago, firewalls were simple things. They fit neatly into corporate networks and helped to protect anything residing on that network from external threats. Today, the mission isn’t so simple.
Many corporate applications reside beyond the firewall and many workers need to access internal application from remote locations. And while traditional firewalls are good at blocking suspicious traffic at the lower levels of the TCP/IP protocol stack, they’re not designed to block layer 7, or application layer, attacks.
For instance, think of how much information enters your databases through web-based forms. Hackers obviously see those forms as a point of entrance they can compromise. As attackers started moving up the stack, security companies had to respond in kind.
Thus, web application firewalls are designed specifically to protect against layer 7 attacks. Web application firewalls are becoming nearly as important as traditional firewalls, and if your organization doesn’t have one, you are courting danger.
Keep these five questions in mind as you search for the web application firewall that is right for your organization:
For some organizations, the main thing to protect will be a web-based email portal for traveling employees. For others, they need to protect sensitive customer data from prying eyes – a challenge that, if not met, could compromise compliance with industry regulations.
Carlos Romero is the EVP of Technology for Smart Business Technology (SMART), a developer of payment and transaction software. After more than two decades of developing payment software, their customers began asking them for a hosted solution.
“If you’re going to host and process payments, you need to achieve Level 1 PCI compliance,” Romero said. “That meant our online security had to meet the same standards as Wal-Mart or Visa.” (In contrast, the typical corner store is Level 4 compliant.)
SMART brought in an auditor, and the auditor’s main recommendation was to install a web application firewall. Romero investigated some low-cost, software-only solutions, but quickly dismissed them as inadequate.
Protecting cardholder data and maintaining PCI compliance meant that discount solution weren’t worth the risk, and that his organization would need to invest in a more robust hardware-based solution.
After ruling out low-end web application firewalls, Romero then looked at solutions from Barracuda and Fortinet, eventually going with Fortinet.
SMART was already using Fortinet’s traditional firewalls, so the decision made sense. “We have a comfort level with Fortinet,” Romero said. “We know their products work as advertised. The UI is easy to use, and their support has always been top-notch.”
Romero liked the fact that his IT staff already pretty much knew their way around the FortiWeb product because the UI was consistent with other Fortinet firewalls. This reduced training time and, on an ongoing basis, will make managing the device much easier.
Human Kinetics (HK) publishes online materials related to kinesiology. It hosts its own e-commerce website and nearly 40 other educational and storefront sites, which together get about half a million unique visits per month.
Especially for e-commerce sites, the traditional method of blocking traffic doesn’t work. People need to be able to get to your storefront. After evaluating several (unnamed) vendors, HK selected F5’s BIG-IP Application Security Manager (ASM).
HK didn’t realize until after deploying F5 that the previous solution had been blocking more traffic than it should have. “Users would get an error message and the page wouldn’t load at all,” said Brad Trankina, Director of Network and Information Systems at Human Kinetics. “Some customers would leave the site in frustration rather than wait 10 to 15 seconds for a page to download.”
The previous solution they were using provided only high-level, non-specific error reports, which made it difficult to pinpoint and correct problems.
Lyons says HK’s entire approach to security has changed from that of keeping people out of the network to inviting them in. “With the F5 solution, we’re getting far fewer false positives, so we’re allowing more legitimate traffic,” he said. “Because F5 enables deep packet inspection, we can tell exactly what is causing an error and know how to fix it.”
Most web application vendors offer a number of complementary security solutions that can be delivered as part of a larger solution. In the case of HK, for instance, they went with a combined Local Traffic Manager (to improve app delivery) and BIG-IP ASM solution.
For customers of Check Point, many want the ability to consolidate external web protection with internal controls to prevent abuses. AAA of New York has processes and procedures in place when employees need to bring information into the network.
“In the past, applications such as Dropbox were a concern as they enabled people to get around our processes and allowed them to send out or bring in documents and files which could compromise our security,” said Fred Komoroski, CIO, AAA New York.
The Check Point URL Filtering and Application Control Software Blades integrate with one another to provide AAA with unified enforcement and management for all aspects of its web security strategy. The solution provides AAA with the ability to identify, block, or limit applications, widgets, and URLs that pose a threat to its network environment or employee productivity.
Global investment bank Greenhill & Co. must comply with strict federal requirements for capturing the content of all interactions with customers. However, Greenhill was experiencing numerous issues with its incumbent firewall from Juniper Networks. In particular, monitoring and controlling webmail was problematic.
Webmail applications were easily evading detection by legacy “port-blocking” firewalls and other security infrastructure by tunneling over SSL. Greenhill needed a flexible solution that would deliver network visibility, even into activities tunneled over SSL, and then allow it to select which users to block, assign different blocking criteria for certain users, and set such policies based on an Active Directory (AD) group.
“We needed better visibility into our network in order to block access to certain applications – especially Gmail over HTTPS,” said John Shaffer, Greenhill’s Director of Global Systems and Technology. “We could see users were circumventing our blocking solution by switching to SSL encrypted versions of webmail applications.”
The situation raised concerns internally about the firm’s vulnerability to data leakage and its overall compliance stance.
Shaffer read about Palo Alto Network’s PA series firewalls in a trade publication and decided to test one out. The demonstration instantly unearthed users accessing Facebook, Gmail, RSS, Google Desktop, AOL Instant Messenger (AIM), Meebo, Skype and Yahoo! Mail.
“For the first time we could see exactly which users were accessing specific applications,” said Shaffer. One of the features that won over Greenhill’s IT team was Palo Alto’s ability to control application access on a per-user basis through integration with Active Directory.
Now that it has been deployed, the PA Series has helped Greenhill rein in webmail usage by blocking access to it unless a user has been added to the company’s Webmail Exception Users Group in Active Directory.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.