Posts

Cloud based WAF

Using a Cloud-Based WAF as a Service for Better Web Security

Before the advent of the cloud-based WAF, Web Application Firewalls (WAF) usually came in the form of hardware. These WAF appliances were great for big businesses and enterprises. They provided flexibility, fast accessibility to the device and  did not depend on external connections for functionality. However, they also had a few disadvantages.

Hardware WAFs were very difficult to install and deploy since they are heavy and take up a lot of space. They can be hard to maintain, and lastly they’re on the costly side. Only large enterprises can actually afford hardware WAFs. Meanwhile, small and medium companies were left to fend for themselves.

The Birth of the Cloud-Based WAF

Thankfully, this has changed rapidly over time. Since the birth of the cloud, many innovative WAF vendors have turned these same enterprise level security features into a cloud-based WAF as a service specifically aimed at SMBs. The shift from hardware to cloud based WAF as a service have proven to be beneficial for three reasons.

1. Fully Managed Security

WAF as a service doesn’t require any hardware to operate. All one needs to do is configure their DNS information to start securing a website. This provides great accessibility for small and medium sized businesses. It also reduces any resources needed to setup and customize a traditional enterprise solution.

2. No Technical Knowledge Needed

A cloud-based WAF as a service also handles and manages all of your HTTP and HTTPS traffic. WAF vendors have detection technologies in place that can automatically detect and filter malicious attacks. This means you can focus on what’s most important for your business—gaining customers. The need for specialized security staff or technical experts is unnecessary when using a WAF as a service.

3. Easy to Understand Analytics

We make providing web security to SMBs our top priority. That being said, many WAF as a service vendors want to cater to the SMB market by providing easy to understand web traffic analytics. There is absolutely zero need to have a specialist scrub your web traffic data to look for any inconsistencies and how many attacks were actually blocked. These days, almost all security vendors provide great metrics and analytics that can help any business owner see the impact of their WAF.

most cloud-based waf solutions will give analytics

Cloud-based WAF as a service solution has made it possible for more people to secure their websites with zero hassle and at a much lower cost. Implement a WAF today so you can focus on growing your business while we take care of the rest.

clouds

Cloud Trends…or Cloud Threats?

“Cloud” is a term that’s thrown around quite often in the IT world. But are we talking enough about cloud threats?

Even if you’re not familiar with technology, you probably own at least one device that’s essential to your every-day responsibilities. Your immediate thought? Probably your smart phone.

Mobile technology affects every corner of our lives. Before smart phones, cell phones were mainly for calling, texting, and maybe a few other novelties . But within the past few years, people are becoming accustomed to smart phone technology. In fact, most would agree that using your cell phone for just calling and texting could be “old-fashioned.”

What’s the reason behind this change? Advancements in hardware and communication technologies are givens, but development in cloud computing is also a major contributor. Cloud computing has allowed users to produce, store, share, and utilize content more conveniently. This in turn increased the value of technologies aiming to provide convenience because suddenly, data isn’t just sitting thereit’s portable. No need to carry around all of your devices to be productive in your workload.

But this is no win-win mentality. Because due to its rapid growth and development, the cloud is becoming a target for hackers, and many are concerned about the state of safety and security in the cloud.

Cloud Threats

The Cloud Security Alliance (CSA) is an organization that’s dedicated to raising awareness and spreading knowledge about cloud threats and security. Every year, CSA releases a “Top Threats” list of the cloud threats to be on the lookout for – here’s their full list for 2016, but for the purposes of this blog post, let’s take a look at two in particular: Data Loss and Abuse and Nefarious Use of Cloud Services.

cloud computing can be done from a phone but dark and dangerous sometimes

Data Loss

Many people who have multiple devices tend to store their data in the cloud, but it’s not always 100% safe. An accidental deletion, a physical catastrophe, a malicious attack… all of these could lead to the permanent loss of your data unless you as a consumer takes the measures to back the data up. When you’re signing up with a cloud data storage provider, make sure to read the fine print. Although your data could have been lost, depending on the provider, the responsibility might not be on the provider’s shoulders but on yours.

Reviewing the provisions and understanding the conditions is important for any contract. However, especially when sensitive information is at stake, this is not a step you want to skip. More and more consumers are putting risky information into cloud storage while assuring themselves that this is the safest way to go. Although this is partially true, this doesn’t mean that there is no action necessary.

Abuse and Nefarious Use of Cloud Services

While this sounds like a extravagant title, the summarized version: there will always be people who want to use your data for unethical purposes. Whether it’s through the guise of free cloud trials or maybe just a poorly designed cloud service, not all providers are created equal. Malicious hackers may try to use the cloud to launch DDoS attacks, spam and phishing scams, or defacement.

So be prudent when choosing a provider. They should include controls and monitoring so you can see how the cloud workload is doing. A cloud provider shouldn’t have anything to hide, and should be reputable.

So we’re doomed? 

Not at all. Cloud computing is a great development – we can access any kind of information from virtually anywhere in the world. It’s permeated different markets and services and has users ranging from people like you and me, to SMBs or startups, to large enterprises and government entities. It’s affordable, accessible, and maintenance is fairly easy.

But like any service (tangible or virtual), we need to make sure we know what we’re getting into, and take precautions for cloud threats as necessary. Just because you can’t see it, doesn’t mean someone isn’t after it.

For more information on products or services pertaining to web security, check out our products page or leave us a comment – we’d love to continue this conversation with you.

clouds

Looking for Security Services, SMBs? Get on the Cloud

Nowadays, as more internet security incidents occur — data breaches via the web and webpage defacements — it is natural for organizations to consider introducing internet security solutions. Along with this trend, cloud-based security services are getting more attention from SMBs, which had previously regarded internet security services as not mandatory and simply cost ineffective, due to their relatively expensive introduction and management costs. This newly found interest in security is not the only motivating factor for this recent trend though. The consecutive launching of cloud-based security services by multiple service providers has accelerated the cloud security industry.

SMBs also need security services.
The cloud approach is appealing among SMBs because it requires a smaller budget and less effort to install, run, and manage the organization’s security. This is largely due to the scalability of cloud technology; companies are able to more precisely pay for the amount of resources that they need rather than have to adhere to the static capabilities and limitations of physical solutions. Considering the fact that the traditional method of security implementation requires that an organization spend many additional resources for installation, operation, monitoring, establishing countermeasures, and customization this new approach is fitting into the market perfectly.

Jaeun Sim, Director at Monitorapp, a web application firewall (WAF) provider based in Korea, which recently launched a WAF SaaS with Innogrid, stated, “Security services provided via cloud can cut down on budget costs for SMBs attempting establish a web security system. An end user now pays just about five percent what pre-existing WAF solutions are charging.”

Furthermore, several security solution providers have made alliances with large IT infrastructure hosting companies to launch joint security service packages. Ahnlab, a Korean based company famous for its antivirus solutions, provides security services for SMBs with the cooperation of LG U+, one of the largest telecommunication companies in Korea. The two remaining telecommunication giants in Korea, KT and SKT, are also offering security services through their own cloud service platforms. The security solutions offered include technologies from Ahnlab, Monitorapp, and Penta Security Systems.

Hyungseop Cho, a Manager at LG U+ explained, “Firewall, DDoS protection, IPS, and Web Application Firewalls are all offered via our cloud service in a pay-as-you-go model. Management and operational services are offered as well for SMB end users.”

These types of services are expected to grow in the future since many security professionals warn that there has been a dramatic increase in hackers attacking enterprises via their SMB-level partners. Gwangtaek Yoon, Director at Symantec Korea, said, “We have seen that attacks targeting organizations with fewer than 250 employees accounts for 31% of all hacks, a 72% increase compared to 2011.”