Web application firewalls offer an added layer of protection if the technology is deployed and configured properly. But the Internet is a confusing place and proper deployment often requires trained IT security professionals who can master the policy administration and tuning needed to keep up with application changes and compliance requirements.
Tellingly, the winners in this year's Web Application Firewall category both received nods for their centralized management features. Voters also agreed that the top Web application firewalls are worth the investment in a technology category that is still out of reach for many small to medium-sized enterprises.
We congratulate the Web application firewalls at the top of the leaderboard in our 2014 Readers' Choice Awards. Both technologies are first-time winners in this category.
Winner: Dell SonicWall Web Application Firewall Service, Dell
Dell's SonicWall Web Application Firewall Service is an add-on module to the company's Secure Remote Access platform. The Web Application Firewall Service received high marks from readers for its application-layer, protocol and HTTP controls, as well as its ability to block intrusions, attacks and unauthorized network traffic.
"What we like is the ability to specify only those application types our organization needs as allowed traffic," noted one voter. "All other application types are blocked. This decreases our attack footprint, and the reporting features allow us to see how much traffic each application is generating on our network."
In addition to application profiling, the SonicWall Web Application Firewall offers deep traffic inspection, access control, HTTPS inspection, website cloaking, botnet filtering, and automatic signature updates and administration. The product includes reporting to support OWASP Top Ten and PCI DSS compliance, offering protection against SQL injection and cross-site scripting attacks, credit card and Social Security number theft, cookie tampering and cross-site request forgery. Enterprise security professionals can also use SonicWall Web Application Firewall Service to inspect encrypted traffic on SSL VPN portals and deny access after detection of malware.
To keep up with compliance standards, the Dell SonicWall product uses reverse proxy analysis of Layer 7 traffic against known signatures, denies access to detected Web application malware and redirects users to an error page. The Web Application Firewall also offers customizable rules to protect against zero-day vulnerabilities. Geolocation and Botnet filtering functionality can be used to create and enforce policies that block connections from a specific region or from known malware-infected sites. A multifaceted product, the Dell SonicWall Web Application Firewall Service is applauded by readers and security professionals, alike.
Winner: Barracuda Web Application Firewall, Barracuda Networks Inc.
Barracuda Networks' Web Application Firewall received high scores from readers for its integration with other network defense and management tools, as well as its ability to block intrusions, attacks and unauthorized network traffic. Voters described the Web Application Firewall as "effective," and able to "protect…data efficiently."
This product is available as hardware or as a virtual appliance, based on-premises or in the cloud. All of the Barracuda firewalls, including the Next Generation Firewall and the SPAM Firewall --a winner in this year's email security products category -- are available in cloud editions for Amazon Web Services and Microsoft Azure.
The Barracuda Web Application Firewall, which features automatic security updates based on threat information from Barracuda Labs' worldwide sensors, enables advanced protection against application-layer DDoS attacks and zero-day vulnerabilities, according to the company. In addition to HTTP server inspection to prevent data loss, the technology offers standard firewall features such as advanced logging (system, access and audit), monitoring and reporting, adaptive profiling, server cloaking and proactive risk monitoring through customizable alerts.
The technology integrates with Active Directory (RADIUS/LDAP) and other identity and access management tools, to provide authentication and access control capabilities that restrict access to Web applications and sensitive data. The firewall supports two-factor authentication technologies (SMS PASSCODES and RSA SecurID) and enables client IP reputation control, integrating with the company's Reputational Database.
With five different firewall models, Barracuda has expanded well beyond email security to offer a wide array of Web application controls and outbound data protection features. The Barracuda technology also enables enterprise developers to use application programmability to automate and scale with a RESTful API.
Send comments on this article to firstname.lastname@example.org.
Curious about last year's winners? Check out the best of Web application firewalls 2013.