Best Web Application Firewalls 2011

Readers' Choice Awards 2011

Best Web Application Firewalls 2011

Readers vote on the best standalone Web application firewalls as well as WAFs that are part of application acceleration/delivery systems.

In this part:

Barracuda Web Application Firewall

Barracuda Networks
Barracuda Networks’ Web Application Firewall appliance line takes a big bite out of the competition, earning the gold. Web application firewalls have been riding a wave of popularity among information security and compliance managers for several years, thanks in large part to Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6, which mandates that Web-facing card data systems either be protected by a WAF, or vetted with an onerous manual code review. And nobody likes code reviews.

Information Security readers credited Barracuda for its ease of installation, configuration and administration, plus its ability to spot and block known attacks and its frequent detection updates. According to Campbell, Calif.-based Barracuda, its enterprise WAF product stands (or swims) above competitors not only for its attack-mitigation features, but also for its custom response capabilities, its feature-rich application delivery platform, and its ease of management, reporting and alerting.

The product was updated last July to extend support to enterprise authentication systems, including RSA SecurID and CA SiteMinder, on its mid-range and high-end models.

Expert's market reflection:
"Web application attacks are on the rise and there’s a lot of buzz about the application-aware ‘next-generation’ perimeter firewalls. But the original application-aware firewalls were WAFs and these devices are more relevant than ever because they can be deployed directly in front of mission-critical application servers and tuned with specialized rules specific to the applications they’re protecting."
— Diana Kelley, founding partner, SecurityCurve

Cisco ACE Web Application Firewall (discontinued)

Cisco Systems
Cisco ACE Web Application Firewall’s ability to detect and report known attacks, as well as block attacks and remediate vulnerabilities scored highly with readers. The product also got high marks for the frequency of its updates to detect new exploits and new vulnerabilities. Cisco ACE performs deep inspection of Web and XML traffic to protect organizations from Web-based attacks such as SQL injection and cross-site scripting. The firewall also enforces authentication and authorization policies to block rogue access to applications and data.

Citrix NetScaler Application Firewall

Citrix Systems
Readers were high on Citrix Systems Citrix NetScaler Application Firewall’s ease of configuration and management, two definite stumbling blocks stymying the progress of the Web application firewall market. NetScaler also drew high praise from readers for its effectiveness in preventing known attacks and detecting and remediating vulnerabilities in Web applications that could lead to exploit. The product is not signature-based; instead it sets a baseline of acceptable application behavior, and alerts and/or blocks anomalous behavior.