The most important factors that must be considered to determine a WAF are performance and security.
When performance is focused, security may decrease. When security is decreased, performance may be degraded.
An excellent WAF provides sufficient security without degradation of performance.
Generally, the WAF searches the string at the content level to check the signature of the syntax.
The 1st-generation firewall created a list of normal accesses to determine whether to block or not. The white list is a list of safe accesses and the black list is a list of dangerous attacks. However, the 1st-generation firewall frequently considered and blocked a safe access as an attack. To reduce this misdetection, the web service administrator had to update the black list and the white list constantly.
The 2nd-generation firewall has evolved to create the list automatically. With this automation, the problem of the 1st-generation looked to be solved. However, as the size of web services increased, it could not properly respond to the changing environment. In addition, even if the list was automatically created, confirmation of the list was solely left to the administrator.
To solve this problem, the 3rd-generation intelligent WAF was developed.
The intelligent WAF does not rely on the list, nor does it rely on the black list or the white list. With a rule-based intelligent engine, it determines as normal access when the access passes all criteria. It shows little misdetection and hardly affects the service performance in comparison to the list type WAF.
Penta Security’s WAPPLES is an intelligent WAF.
With Penta Security’s own logic operation detection engine, the COCEP, through semantic and heuristic attack technique analysis, WAPPLES can detect attacks accurately and block ‘unknown attacks.’