This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."
Download it now to read this article plus other related content.
Web app firewalls, source code and app scanners and appliances
Citrix Application Firewall
Citrix Systems' Citrix Application Firewall utilizes what the vendor calls a positive security model that establishes a baseline of approved application behavior, and blocks any application traffic that deviates.
"There are no concerns with zero-day attacks, which can be an issue for products that rely on signatures or blacklists for protection," says Citrix product manager Morgan Gerhart.
Readers gave Citrix Application Firewall good marks for its threat protection and integration with other security tools for reporting and remediation. It can be purchased standalone, or as a module on the Citrix NetScaler Application Delivery System.
Gerhart says the vendor plans enhancements around integration, simplicity and performance, particularly addressing performance issues for smaller companies running the firewall on an entry-level server.
Future versions will also look at XML traffic and SOA applications.
NOTABLE This technology was acquired in 2005 from Teros. Integration with the NetScaler delivery system is important because most application firewall purchases are reactive, and companies are hesitant to buy a standalone product that adds another network hop and latency, says Gerhart.
This was first published in April 2008