Comparative Product Review: Six Web Application Firewalls


This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.

While Bee Ware's security policies provided adequate protection against our assortment of attacks, setting up polices proved to be difficult. The appliance utilizes blacklists, dynamic whitelists and behavioral analysis, but the logic required to institute rules and patterns is time-consuming and disorganized. Policy creation was spread across a series of tabs. We would have like to been able to create policies from a centralized location using drop-down menus and tables.

Imperva delivered an impressive set of predefined attack signatures. Custom signatures can be easily created through a simple menu system that includes a wide variety of metadata choices (Web, stream, SQL). The easy-to-navigate interface allowed us to peruse polices through a variety of filters listed in a hierarchical tree on the left side of the policies page.

Monitoring, Alerting, Auditing, & Reporting
All the products we examined had features specific to aid compliance auditing and reporting. Security managers want detailed information about malicious activities on their network--the who, what, why, where, when and how details. Auditing and reporting features can make or break a product's chances of ending up at the top of the short list.

Imperva sports a highly configurable real-time interface, in which we were able to monitor all our applications, alerts, events,

    Requires Free Membership to View

connections and the overall health of our systems at a glance under the Monitoring tab.

A separate and equally functional tab offers more than 100 types of reports from which to choose--from a list or using Imperva's robust filtering capabilities.

The Admin tab put everything neatly at our fingertips. With a mouse click we could access users, sessions and, most important, the Application Defense Center--a catch-all for updates and information on signatures, policies, protocols, reports, etc.

Breach also offers an assortment of useful reports, many which are obviously focused on PCI compliance reporting. Monitoring our shopping cart application, it took only minutes to compile detailed reports about how credit card information transmitted through specific Web pages.

The Event Viewer offers nine filtering options to drill down on an incredible amount of information, as well as the ability to create customized filters.

Citrix provided adequate monitoring, alerting and logging capabilities. Monitoring is accessed via a dashboard icon on the main interface, as are reports and logs. There are two basic types of logs: The firewall log provides information about security-related events, and the audit log records all activities you select when you configure the box.

This was first published in March 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: