| Corporate security demand
to fuel growth of Web Application Firewall market
12 October, 2005
By Liam Lahey
With networks relatively well protected with a myriad of
security technologies, hackers and other malicious third parties
are directing their attacks on business applications on the
Web. Enterprises are employing Web Application Firewall (WAF)
technology to protect their Web applications, most of which
contain multiple vulnerabilities due to a lack of proper attention
to security factors by software developers. "Traditional
network security protects lower layers of the open system
interconnection (OSI) reference model alone and hence, is
incapable of protecting business Web applications, which run
at layer seven of the OSI," said Jose Lopez, an IT industry
analyst with Frost & Sullivan.
"This is where WAF technology comes into play as the
only technology available that is capable of safeguarding
the integrity of Web applications." Moreover, the introduction
of specific legislations mandating database protection is
likely to have a very positive effect on the penetration of
the technology.
The California Law SB 1386 Act and Japan's Personal Information
Protection Law oblige companies to inform their customers
in the event their databases have been, or are suspected to
be, compromised by a malicious third party. Despite such legislations
and the solid message that most applications are vulnerable
and need protection using adequate technology, many enterprises,
distributors and value added resellers (VARs) are not fully
aware of the existence and benefits of WAF. This is partly
because vendors have focused mainly on selling the highly
priced technology to financial services while ignoring the
potential of other sectors. "Vendors have realized the
folly of such an approach and have started promoting WAF to
a broader group of enterprises since late 2004. In addition,
specialized media is publishing more information regarding
the technology," Lopez said.
"This growth is fuelled by the increased awareness
among organizations regarding the futility of network firewalls
and intrusion prevention systems in stopping Web attacks and
ensuring Web applications security."
However, vendors have to increase their efforts if this
technology has to appeal to the mass audience. They have to
keep in mind that the price of WAF products is also an important
restraint for the penetration of the technology. While prices
are affordable for larger enterprises, which understand that
the value of their applications and the information they contain
is much higher than the actual cost of the solution, there
are plenty of medium-sized organizations that are left aside
due to the cost of the solutions, officials said.
|
