Enterprises rushing to meet PCI compliance requirements may find themselves in a quandary when it comes to choosing a Web application firewall (WAF). How do you know what to look for? How do you deploy and manage the appliance or software effectively? How do you fit it into your existing infrastructure? We'll highlight the key considerations when evaluating products so your company is in compliance. .

A Web application firewall or application-layer firewall is an appliance or software designed to protect web applications against attacks and data leakage. It sits between a Web client and a Web server, analyzing application layer messages for violations in the programmed security policy. Web application firewalls address different security issues than network firewalls and intrusion detection/prevention systems, which are designed to defend the perimeter of a network. But before you rush to buy, you'll need to understand that this is not a plug-and-play check box compliance item and requires more than just putting an appliance in front of your application servers.

1. Use security policy objectives to define what controls your WAF must have.
2. Review the types of risk each product covers.
3. Test performance and scalability.
4. Evaluate the vendor's technical support.
5. Assess whether you have the required in-house skills to maintain and manage it.
6. Balance security, throughput, and overall cost.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >