Qualys Blog

www.qualys.com

Simplifying Web Application Security with Qualys Web Application Firewall 2.0

The completely redesigned Qualys Web Application Firewall (WAF) 2.0 provides greater confidence in application security through increased customization, one-click virtual patching ability, simplified controls and stronger security rules. Available now with these and other improvements, WAF 2.0 helps customers fend off hackers’ increasingly common, aggressive and destructive web app attacks.

We’re living in a global application-driven era. Rapid expansion of the Internet and the proliferation of mobile and IoT devices has empowered businesses, financial institutions and governments with new ways to reach their target users and to solve great problems with web and mobile apps. On the other hand, consumers are also discovering the convenience and power of these apps for transportation, e-commerce, travel, entertainment and many other purposes.

This revolution, in one form or another, is driven by nothing but plain old – yet sophisticated and complex – web applications. Whether you are making an online purchase, updating your status on social media or calling a cab from your mobile app, web applications are running the show behind the scenes. Those applications could be browser-based online stores, APIs driving mobile applications or a complex combination of both. And with so much sensitive data being exchanged online, it’s critical to secure these web applications and prevent exposure of user data. The consequences of insufficient security are huge. According to a Ponemon Institute study, in 2016, the average cost of a data breach incident in the U.S was $221 per stolen record and $7.01 million per incident.

But web application security is becoming increasingly complex due to the continuously evolving threat landscape, the diverse nature of web applications and the broad range of systems needed to manage security. That’s where the totally revamped Qualys WAF comes into picture.

Introducing WAF 2.0

Qualys WAF 2.0 reduces the complexity for application security by providing a unified platform to rapidly detect and patch web application vulnerabilities. Customers can scan their applications using Qualys Web Application Scanning (WAS), deploy one-click virtual patches for detected vulnerabilities in the WAF and manage it all from a centralized cloud-based portal. This gives security professionals a complete end-to-end solution for mitigating web application vulnerabilities.

screenshot of virtual patch interface

WAF 2.0 comes with comprehensive security policies, backed by the industry-leading Qualys security intelligence, that stop OWASP’s “Top 10” risks including SQL injection and cross-site scripting. It also provides out-of-the-box security templates for WordPress, Joomla, Drupal and Outlook Web Application, offering simple and easy protection for these popular platforms.

We understand that each application has its own unique security requirements. So Qualys WAF 2.0 allows you to create custom security rules based on various attributes of HTTP requests, clients, servers and transactions. Custom rules will enable you to tailor WAF defenses for specific requirements of your applications and to minimize false positives.

Qualys WAF 2.0 is architected for easy and flexible deployment and management. You can completely manage the WAF security configuration and monitor security events through our cloud-based Qualys Suite portal. Your website traffic never leaves your environment, because the traffic inspection and attack mitigation is managed by our virtual appliances that can be deployed alongside your web applications. These virtual appliances are horizontally scalable, require no special hardware and can be deployed using VMware vCenter, Microsoft Hyper-V or AWS AMI.

The unified and easy- to-deploy WAS-WAF solution empowers DevOps teams to make continuous application security testing an integral part of their workflows. This allows teams to detect and mitigate serious security issues early in the development cycle and drastically reduces the cost of patching issues after the application goes live.

More Features

Additional Qualys WAF 2.0 features include:

  • Load balancing of web servers, allowing customers to control how requests are distributed among their web servers, ensuring high performance and eliminating the need for an additional load-balancing layer in their network.
  • Web application health checks, enabling customers to monitor the availability of their business critical web applications.
  • Deeper Qualys WAS integration with the new ScanTrust feature, allowing customers to evaluate WAF responses for scanning requests, and to apply one-click virtual patches for vulnerabilities discovered by WAS.
  • Simplified user interface and configuration workflows that enable complete customer control over security settings.
  • Centralized WAF management and access to actionable security event logs through the Qualys Suite portal.

screenshot of dashboard in Qualys WAF

As security professionals, we believe that we can make the online world safer by simplifying application security and the Qualys WAF 2.0 was designed with that specific goal in mind. We invite you to read more about Qualys WAF and register for a free trial.

Qualys WAF 2.0 is available now. It is currently being sold as an annual subscription starting at $1,995 for small businesses and $9,995 for larger enterprises based on the number of web applications and virtual appliances.

Leave a Reply