Comparative Product Review: Six Web Application Firewalls


This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.

No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls that help deliver your critical apps securely.

Consider how much information gets plugged into databases through applications and then regurgitated in queries, reports and content. We live in a world of HTTP and HTTPS, where everything has been ported to Web-based interfaces and consoles. Traditional network firewalls operating lower on the stack have no way of identifying malicious requests traversing TCP ports 80 and 443 to online shopping sites, Web mail or business portals such as online banking and account services.

Add PCI-DSS requirements for application security, and it's easy to see why Web application firewalls, once considered niche technology, are gaining traction in corporate data centers. They prevent attacks that network firewalls, IDS/IPS and antivirus filters cannot by limiting suspect access through combinations of behavioral analysis and policy controls.

In a head-to-head review, Information Security examined six application firewall appliances, all of which delivered centralized management, enterprise reporting and comprehensive protection for applications: Barracuda Networks' Web Application Gateway (formerly NetContinuum); Bee Ware's

    Requires Free Membership to View

iSentry; Breach Security's WebDefend; Citrix's Application Firewall; F5 Networks' Big-IP 8800 Application Security Man-ager; and Imperva's SecureSphere Web Application Firewall.

Each product was graded on ease of installation and configuration; administration; depth of security policy control; monitoring, alerting, auditing and reporting; and overall security effectiveness.

This was first published in March 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: