Hackers are often able to bypass Web Application Firewall (WAF) solutions, putting many businesses at risk of downtime, data theft and reputational damage, a new report from Neustar claims.
According to the report, half of security professionals report at least a quarter of attempts to sidestep WAF are successful, while 40% said almost half of evasion attempts succeed.
Further, the report claims that almost a third of businesses (29 percent) struggle to change their WAF policies to better defend themselves from web application attacks. Just 15 percent found the process “very easy”.
Fully integrating WAF into other security functions is “critical in developing a holistic defence against a variety of attack types”, the report states, with WAF labelling almost a third (30 percent) of all network requests as false positives.
- Nearly 30,000 Apple Mac devices infected with ‘mysterious’ malwareAbout 30,000 Mac devices have been infected with a mysterious piece … Read More
- A critical Windows Defender vulnerability went 12 years unnoticedA critical bug, Facepalm, in Windows Defender has gone 12 years … Read More
- Over 3 billion emails and passwords were just leaked online – Read Now!Normally when a data breach occurs, the cybercriminals responsible may leak the usernames … Read More
- New Phishing toolkit that can create real-time realistic phishing pages raises eye-browsAttackers have fashioned a new phishing toolkit that can create real-time realistic phishing pages … Read More
- Ubiquiti hit with a security breach – Tells customers to change passwords!Networking equipment and IoT device vendor Ubiquiti Networks has sent out … Read More
Four in ten businesses are yet to fully integrate WAF with the rest of their security functions.
For Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow at Neustar, the rise in application-layer attacks is “unsettling”.
“Due to their ‘under-the-radar’ nature, application-layer attacks are difficult to detect and therefore require a security posture that is always-on in order to be identified and mitigated. Only by providing protection across the entire network can organisations respond to the type of threats we are seeing today.”
Neustar claims that DDoS attacks were the biggest worry for cybersecurity pros during March and April this year. Ransomware, as well as the theft of intellectual property, were also listed among major concerns.