You may not always be able to tell while you're surfing it, but the Web is under almost constant siege. Companies have to find effective ways to secure and protect websites and Web-based applications. At the Black Hat security conference in Las Vegas Wednesday, Qualys announced a new tool to make it easier for small and medium businesses to manage Web security.
Qualys' Web Application Firewall (WAF) is delivered as a component of the QualysGuard Cloud Platform, which provides a simple, centrally-managed tool for administering security for both on-premise and cloud-based servers. The WAF beta is available as an Amazon Machine Image (AMI) to be used with Amazon EC2 cloud services, and as a VMWare virtual image for use with on-premise virtual servers.
As information is passed from a PC to the Web server and back, there is ample opportunity for an attacker to inject him or herself into the equation and intercept the traffic or possibly compromise the server. A Web application firewall applies rules to the HTTP traffic to prevent attacks, but it can be costly and complex to configure and administer a Web application firewall. The rules applied have to be frequently updated to reflect changes in the applications and to guard against new threats. Small and medium businesses, in particular, seldom have the expertise or budget necessary to properly manage a Web application firewall.
The Qualys WAF service addresses those concerns by providing businesses with a simple, affordable, automated tool to protect websites from attack. Qualys WAF promises real-time protection--blocking Web attacks as they happen--as well as application hardening to minimize the potential exposure to attack.
WAF is maintained and updated by Qualys security experts to identify and implement new defense techniques and features transparently without impacting the website. Qualys is has a broader "10,000 foot view" of new threats on the Web, and it can use security events from all WAF customers to help identify threats and develop an appropriate defense.
WAF gives customers the protection they need for their websites, in a simple, automated, cost-effective tool. Amazon Web Services customers can start using the WAF AMI beginning Aug. 1. The VMWare virtual image for on-premise virtual servers will be available for download Sept. 1.