|
|
|
|
| Read more articles on: |
|
|
 |
|
MUMBAI: With networks relatively well protected with a myriad security technologies, hackers and other malicious third parties are
directing their attacks on business applications on the Web, said a Frost & Sullivan report.
Enterprises are employing Web Application Firewall (WAF) technology to protect their Web applications, most of which contain multiple vulnerabilities due to a lack of proper attention to security factors by software developers.
"Traditional network security protects lower layers of the open system interconnection (OSI) reference model alone and hence, is incapable of protecting business Web applications, which run at layer seven of the OSI," says Frost & Sullivan, Senior Industry Analyst Jose Lopez. "This is where WAF technology comes into play as the only technology available that is capable of safeguarding the integrity of Web applications."
Moreover, the introduction of specific legislations mandating database protection is likely to have a very positive effect on the penetration of the technology. The California Law SB 1386 Act and Japan's Personal Information Protection Law oblige companies to inform their customers in the event their databases have been, or are suspected to be, compromised by a malicious third party.
Due to the high focus of WAF technology vendors on the financial services market, existing legislations regulating financial services such as Basel II in Europe are also contributing to the uptake of this technology.
Despite such legislations and the solid message that most applications are vulnerable and need protection using adequate technology, many enterprises, distributors and value added resellers (VARs) are not fully aware of the existence and benefits of WAF.
This is partly because vendors have focused mainly on selling the highly priced technology to financial services while ignoring the potential of other sectors.
"Vendors have realised the folly of such an approach and have started promoting WAF to a broader group of enterprises since late 2004. In addition, specialised media is publishing more information regarding the technology," notes Mr. Lopez. "This growth is fuelled by the increased awareness among organisations regarding the futility of network firewalls and intrusion prevention systems in stopping Web attacks and ensuring Web applications security."
However, vendors have to increase their efforts if this technology has to appeal to the mass audience. They have to keep in mind that the price of WAF products is also an important restraint for the penetration of the technology. While prices are affordable for larger enterprises, which understand that the value of their applications and the information they contain is much higher than the actual cost of the solution, there are plenty of medium-sized organisations that are left aside due to the cost of the solutions.
|