Web application firewalls: a crucial element for cybersecurity success

In March, Progress added web application firewall (WAF) functionality to its MOVEit Cloud managed file transfer solution. The new feature strengthens security by blocking malicious web traffic before it can infiltrate systems. John Yang, VP, APJ, Progress, explains more about the current landscape, and what WAFs do:

Q: In the ever-changing threat landscape, what are the most significant cybersecurity changes you've observed in recent years?

Source: Progress. John Yang.
Source: Progress. Yang.
Yang (JY): As artificial intelligence continues to advance, it’s easier for cyber attackers to execute more sophisticated and highly targeted attacks. Unfortunately, defensive measures haven’t kept pace with these developments.

To stay protected in today’s evolving cybersecurity landscape, organisations need to adopt layered defense strategies that combine prevention with early detection, while emphasising the importance of user education, as human error remains the most significant vulnerability. In fact, human error is at the root of 95% of all data breaches.

Businesses took more notice of WAFs when the PSS DCI standard stipulated that organisations responsible for processing bank or credit card information need to have a WAF. What do WAFs do?

JY: The Compliance with the Payment Card Industry Data Security Standard (PSS DCI) is mandatory for all organisations handling online credit card payments. As public web applications are constantly targeted by evolving new threats, protection is essential. They face a dynamic threat landscape where cybercriminals continuously develop and utilise new exploits and modify their attack methods to evade defences. Persistent threats like SQL injections, XSS, and DDoS* attacks pose serious dangers.

WAFs function as an effective barrier, scrutinising web traffic between load balancers and web application servers to block harmful and suspicious activity. Using WAFs, organisations can filter and block harmful traffic at the application layer and, when combined with network firewalls, prevent application-layer attacks arising from coding or configuration errors. This requires both technology and timely alert responses to effectively stop attacks. 

What’s the best way for organizations to implement a WAF solution?

JY: One of the most convenient ways for organisations to deploy a WAF is within their load balancing solution. In most cases, organisations can choose between network-based and cloud- based options. Network-based deployment can be done as a dedicated instance or alongside other functionalities like load balancing, with virtual machine-based deployment being common, though hardware options are available. This approach offers lower network latency but involves additional management overhead. 

Alternatively, cloud-based deployment provides the flexibility of public cloud benefits, allowing capacity adjustments as needed and reducing the management burden of on-premise infrastructure.

For the WAF itself, it’s important for organisations to define the allowed traffic to minimise the attack surface, use rule sets and templates to block known threats, regularly update rule sets to address emerging threats, and continuously monitor for incidents while adjusting WAF settings accordingly. Implementing these best practices, they can enhance their security posture and safeguard their digital assets effectively.

How do WAFs fit into the broader context of an organisation's security architecture? 

JY: Employing WAFs is an important component of a comprehensive cybersecurity strategy, as it greatly minimises the likelihood of successful cyberattacks and data breaches. It safeguards business applications, sensitive information, and organisational reputation.  Operating across application, transport, and network layers, WAFs are essential in modern layered security, as they provide enhanced web application protection beyond traditional defences.

Having a layered defence approach is crucial. WAFs provide a specialised layer of security for web applications and websites, working alongside traditional firewalls to improve protection.

The best approach is to deploy them within a strong, layered cybersecurity defence that encompasses network firewalls and a range of technologies such as intrusion detection systems, network detection and response (NDR), security event and information management (SIEM), identity and authentication management (IAM), and Zero-Trust network access (ZTNA). 

How can organisations balance cost with the need for robust security, especially in the era of AI?

JY: Organisations must leverage AI to their advantage, allowing for faster data analysis, enhanced pattern recognition, and more informed decision-making. Ultimately, they need a proactive and adaptive approach for maintaining robust cybersecurity defenses in the face of evolving threats. 

This growing recognition of cybersecurity's importance is reflected in increased spending and executive attention. IDC projects that cybersecurity spending in the region will experience a substantial five-year CAGR of 12.8%, reaching US$52 billion by 2027.

Cybersecurity is no longer perceived as solely an IT issue. Instead, it's increasingly understood as a business-wide risk that demands scrutiny at the highest levels of the organisation. In fact, 95% of organisations now report on their cyber risk exposure and mitigation measures directly to their boards of directors.

On the other hand, cybersecurity budgets are not unlimited. Organisations need to optimise their spending and prioritise the most effective security measures. Leveraging AI and automation can enhance threat detection and response, reducing breach costs and operational burdens. 

Ultimately, balancing cost and security is not about finding the cheapest solution, but about making informed decisions that provide the best possible protection for the organisation's assets and ensure its long-term resilience.

Would small and medium-sized enterprises (SMEs) benefit from WAFs?

JY: SMEs can benefit from outsourcing security functions to managed security service providers (MSSPs) for expertise and advanced technologies. Collaboration and information sharing with industry peers are also crucial for staying ahead of emerging threats and improving overall security posture, especially in the Asia-Pacific (APAC) region.

*DDoS refers to distributed denial of service, SQL is an acronym for Structured Query Language, and XSS stands for cross site scripting.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more