Indusface Unveils 7 Habits of Highly Effective WAFs ( Web Application Firewalls)

July 24, 2014 - PRLog -- Stephen R Covey’s best seller, “The 7 Habits of Highly Effective People” is largely considered to be the best business and self-help book. This book was the very first to introduce the concept of paradigm shift, and emphasized on self-change and interdependence rather than the oft confused power of independence. Mr. Covey said, “We believe that organizational behavior is individual behavior collectivized”. With great finesse, Mr. Covey conveyed a fact to us which many of us choose not to give importance to.

Just like, we know that our online presence is an extremely important and crucial part of our and our organizations existence, and getting access to it is a very lucrative deal for the cybercriminals. Online presence that exists primarily in the form of web and mobile applications. But we do not make securing them a priority, unless we suffer a loss. Unfortunately, this loss at times is too great to be measured only in dollars, as trust and loyalty loss of customer’s is priceless.

Web application firewalls (WAF) ( have been a critical part of securing external facing websites for years now. According to Gartner, 70% of attacks happen at the application layer. According to most industry analysts, organizations need to ensure that they deploy WAFs to ensure agile application layer protections. Network elements are unable to provide broad coverage for application layer issues. WAFs should be considered for more than just Compliance, they should be designed with the end security posture in mind.

This illustration, is aimed at highlighting an ideal security vendor’s Application Security Paradigms.

Key Paradigms According to COVEY

Be Proactive -
I am responsible for my behaviour and the choices I make in life.
Begin with the End in Mind - I will create results mentally before beginning any activity.
Put First Things First - Focus on ‘Truly’ important and say no to unimportant.
Think Win-Win - Effective, long-term relationships require mutual benefit.
Seek First to Understand Then to Be Understood - Diagnosis must precede prescription.
Synergize - The whole is greater than the sum of parts
Sharpen the Saw - Results require constant improvement/development of resources.

Key Application Security Paradigms According to Indusface

Be Proactive -
Vendor must provide WAF-as-a-Service, accept the responsibility of making WAF work for the customer, refine it as needed, and develop proactive defense mechanisms.
Begin with the End in Mind - WAF vendors must configure the WAF rule-set to ensure minimal false positives. The goal must be to improve the security posture without degradation of user experience
Put First Things First - Protecting against Critical known issues – Effective virtual patching – should be the first priority of WAF deployments.
Think Win-Win - WAFs need to be able to demonstrate ROI while improving security posture of the application.
Seek First to Understand Then to Be Understood - Ability to provide detail forensics, logging any suspicious activities and providing enhancements based on application nuances is the key feature of WAF core rule set improvement.
Synergize - WAFs must be leveraged to develop a total application security posture, combine deployments of WAFs along with application scanning and secure coding practices to get a holistic application security program.
Sharpen the Saw - Constant update and monitoring of WAF Core Rules sets, getting intimate with application and user behaviour via forensics on legal/suspicious/illegal user actions.
Source:Indusface (
Tags:Hacking, Information Security, Web Application Firewall, Online Threats, Cyber Threats
Industry:Banking, Finance
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse

Like PRLog?
Click to Share