dcn-eu logo
Story image

How integrated edge security and WAF can secure application delivery

14 Jan 2020

Article by Kemp principal technical advisor Ben Hodge

As organisations come to rely more and more on web-based applications and a mobile workforce, the importance of secure application publishing backed by a carefully integrated web application firewall (WAF) increases steadily.

A solution that provides edge security, SSO application integration and flexible authentication options is critical for both optimal user experience and information security policy compliance.

Historically, Microsoft applications such as Exchange, Skype for Business, SharePoint and IIS-based web services were deployed with Microsoft’s Forefront Threat Management Gateway (TMG) to meet these requirements and provide a way to securely publish applications in Internet-facing deployments.

But since TMG reached its end of sale and mainstream subscription closed, customers have been evaluating alternative solutions for its replacement.

Ideally, they need a solution that provides edge security, SSO application integration and flexible authentication options, which is critical for optimal user experience and information security policy compliance.

Such a solution should provide a comprehensive set of features in an edge security pack that can enhance a load balancer’s ability to secure public-facing applications and improve user experience.

Preferably the pack should include some of the most common features familiar to TMG users, that are most logical for consolidation with an application-centric load balancer.

Look for a web application firewall (WAF) that combines Layer 7 WAF protection with other application delivery services including intelligent load balancing, intrusion detection, intrusion prevention as well as edge security and authentication.

By integrating the world’s most deployed WAF engine, ModSecurity open-source application firewall, augmented by threat intelligence and research from a trusted information security provider, such a solution will protect against known and evolving vulnerabilities.

With a targeted focus on application-specific exploits missed by traditional firewalling techniques, a carefully combined WAF can play a key role in a defence-in-depth strategy that mitigates risk and optimises application security.

Such a firewall will enable secure, scalable and always-on workload delivery in a single fully integrated, easy to use and deploy load balancing solution.

The benefits of integrating a carefully selected ADC platform include:

  • Simplified deployment and management of application protection services.
  • Operating as either an active or passive setup allows flexible deployment in either a block or log inactive mode; or a log only in passive mode.
  • Daily rule updates maximise protection against evolving threats and latest application vulnerabilities.
  • SQL injection protection guards against exploits that leverage weakness in web application SQL implementations,.
  • Cross-site scripting mitigation prevents injection of untrusted content into user content.
  • Cookie tampering protection prevents sensitive corporate and personal data such as credit card numbers from being accessed.
  • Custom rule support builds deeper levels of protection for applications.
  • Regulation compliance simplification enables compliance with PCI-DSS (payment card industry) security standards.
Story image
NAKIVO launches new backup functionality for Office 365 & Oracle RMAN
Two latest releases introduce new features to NAKIVO Backup & Replication: reliable backup and recovery for Oracle databases and Office 365 application data.More
Story image
Heficed offers infrastructure support frontline R&D on COVID-19
Heficed is offering its cloud hosting, data storage and processing, and internet connections free of charge to organizations committed to fighting the virus.More
Story image
Databricks launches new features for data analytics platform
Databricks has released new features for its platform for greater security, proactive administration and automation across the data and machine learning lifecycle.More
Story image
ThousandEyes launches outage map as internet usage explodes during COVID-19 outbreak
"Over the past couple of weeks, we’ve been inundated with requests from businesses, industry analysts and other various parties wanting to get a better understanding of global internet health during these trying times."More
Story image
Server market and ESS revenues slump as COVID-19 spreads - IDC
The enterprise storage systems market as well as server markets will see declines in the first two quarters of 2020, but are expected to recover near the end of the year, according to IDC.More
Story image
COVID-19: Telco cloud revenue from 5G to drop by 25%
Telco cloud revenue from 5G core deployments will fall between 20%-30% short of the forecasted US$9 billion in 2020. The investment shortfall in modernising telco networks may be somewhere in the range of US$2 to US$3 billion in the short term.More