Feature

Comparative Product Review: Six Web Application Firewalls

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.

The first order of business with Citrix was switching from bypass mode to operating mode--basically turning on the firewall. From the same page, we were able to choose whether to include failover protection in our security policy, assign session timeout thresholds and toggle between two diverse degrees of overall security--Enterprise, which included full filtering and blocking, or Express, with basic Web server policies.

Once traffic began passing through the appliance, we had to determine whether to enable failover protection. Initializing this option was difficult, as it required an in-depth understanding as to whether or not pages containing Web forms utilized Javascript or Get calls.

Citrix's Adaptive Learning mode examines traffic to determine what is normal and then builds recommendations that let users apply, edit and apply, skip or ignore. Unfortunately, when a recommendation is ignored, the firewall will no longer view that particular action as a threat when encountered. We would have preferred to see a threshold set for the skip option to allow change to meet new zero-day exploits and adaptive malware.

F5's policy management is quite flexible. Initially, the wizard walked us through each aspect rule definition. F5 also supports an assortment of adaptive learning tools to assist with policy generation. We found the Learning Manager and its

    Requires Free Membership to View

counterpart, the Traffic Learning Screen, to be the most helpful in determining policy. Each time we created a potential violation, such as forceful browsing or multiple failed login attempts, the Learning Manager made suggestions as to how to adapt our security policy.

F5 offers the ability to create security policy templates to facilitate large-scale deployments.

At the Core - Overall Security Effectiveness
The good news Imperva is the closest thing to a silver bullet for application security, based on its combination of adaptive learning and other techniques.

The bad news Citrix delivers good security against attacks, but we would like to see traffic logging for comparison while it is run in passive mode.

Between Barracuda's policy wizard and the dynamic application pro- filing, we were able to create security policies specific to the traffic generated during our testing. However, it's easy to see how in a high-traffic environment, the constant tweaking would be bothersome and ultimately create a security risk from multiple changes.

Barracuda's passive mode is very good at displaying what results would be if policies were actively enforced. While the other products displayed what was taking place on the network, they didn't offer the extensive understanding of the ramifications of the security policy had it been active.

This was first published in March 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: