Web applications are everywhere. In many ways, particularly in today’s world of remote work, they are the cornerstone of daily business operations. However, web apps are the most frequently attacked assets in an IT environment and present some of the greatest security challenges. Why? Well, the obvious reason is that they’re public (on the internet), and they’re typically tied into a back-end system that houses restricted data, making them rich targets.
To put the risk in perspective, the more employees there are in an organization, the greater the number of custom web apps. Add to that the fact that each web app carries an average of 22 vulnerabilities, and you end up with a significant security concern.
So, how do you go about addressing this risk? Let’s explore the solutions.
Web Application Firewalls (WAFs)
WAFs are a proven technology; however, they do have drawbacks—they’re expensive, hard to manage, and can be too restrictive and not aligned to business risk. Given that mid-sized organizations can have upwards of 50 web applications, this process can quickly become unmanageable.
Further, consider the fact that 80 percent of all internet traffic is encrypted. Cybercriminals hide in this encrypted traffic to carry out their attacks, and this modern encryption can’t be seen by traditional network security like intrusion detection systems (IDS).
For example, the Diffie-Hellman encryption protocol encodes at the sender and decodes at the recipient point. Such protocols have been designed to prevent man–in–the–middle attacks in which an attacker could decrypt a transmission, inject harmful code, re-encrypt, and then send it on its way. This kind of encryption prevents many IDS technologies from being effective. This requires a WAF to serve as the destination for the traffic, where it would decode it, analyze it, then send it on to its destination. The obvious solution would be to put a WAF in front of every single web application, but this is not financially feasible for the vast majority of organizations.
[Further Reading: What Is a Web Application Firewall?]
Extending Your Posture with Threat Detection
The solution is to extend your security posture, beyond prevention methods, to include log-based threat detection technologies. The value of threat detection is to provide early warning, faster detection, deeper visibility, and broader coverage. Detection solutions are delivered through focused expertise in threat research, data science and analysis, deep system knowledge, and behavior analysis. They are applied everywhere an organization operates—in the cloud, in the network, and at endpoints.
However, most vendor’s threat detection technologies do not include web applications.
Maximizing Coverage with Web Log Analytics (WLAs)
Alert Logic takes a unique approach to WLAs, providing specific security for web applications as part of our threat detection solution.
Through our Web Log Analytics (WLA) technology, web server access logs are routinely analyzed using a combination of techniques including pattern-matching signatures, anomaly detection, and machine learning. WLA provides detection of known vulnerabilities and exploits, anomalous behavior, attempted attacks, and unauthorized vulnerability scans. It additionally detects unknown and zero-day attack attempts on an organization’s web applications.
The addition of WLA, included as part of Alert Logic Professional, will help you determine where you need to prioritize protection with a WAF. The two co-exist to provide maximum coverage, visibility, and protection.
Our AWS Network Firewall extends this capability and provides yet another point of threat visibility for web applications. Through this integration, Alert Logic provides web application threat detection coverage to AWS users through a curated set of Alert Logic signatures covering thousands of web application exploits.
Learn more about our web application firewall.