What is a Web Application Firewall (WAF)?

A Web Application Firewall (WAF) is a security device designed to protect organizations at the application level by filtering, monitoring and analyzing hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS) traffic between the web application and the internet.

A WAF acts as a reverse proxy, shielding the application from malicious requests before they reach the user or web application. Part of a comprehensive cybersecurity strategy, a WAF helps protect the organization from a variety of application layer attacks, including Cross Site Scripting (XSS), SQL injection, Zero Day attacks, and Denial of Service (DoS)/Distributed Denial of Service (DDoS) attacks.

How Does a Web Application Firewall Work?

A WAF operates according to a set of rules or policies defined by the network administrator. Each WAF policy or rule is designed to address an application-level threat or known vulnerability. Taken together, the policies work to detect and isolate malicious traffic before it reaches a user or application.

There are three main types of web application firewalls:

• Blocklist Web Application Firewall: A blocklist WAF, or negative security model, protects against known attacks by denying access to traffic.
• Allowlist Web Application Firewall: An allowlist WAF, or positive security model, admits only traffic that is on a pre-approved list.
• Hybrid Web Application Firewall: A hybrid WAF applies elements from both the blocklist and allowlist models.

What’s the difference between a Network Firewall and a WAF?

A WAF differs from a network firewall in terms of the type of protection it provides and how that security is applied. Put simply, a WAF protects the organization at the application level by analyzing all HTTP/HTTPS communication, whereas the network firewall acts as a barrier that prevents unauthorized access to the network on a whole.

What’s the difference between a Next-Gen Firewall and a WAF?

A WAF provides protection only from web application attacks. While a WAF is an important part of an organization’s cybersecurity strategy, it is by no means a comprehensive solution and must be supplemented by other security measures.

A next-generation firewall (NGFW) is an advanced firewall option that combines antivirus, network firewall, WAF and other security devices into one solution. Like a traditional firewall, an NGFW can detect and block attacks at the application, port and protocol levels. However, it can also block modern threats such as advanced malware and application-layer attacks. An NGFW also incorporates more advanced features including application awareness, an intrusion prevention system (IPS) and cloud-enabled threat intelligence services.

Web Application Firewall Deployment Options

A WAF can be implemented one of three different ways:

1. Network-based WAF

A low-latency hardware solution installed locally on the network. While effective, this option requires significant storage and typically carries high maintenance costs, making it one of the more costly deployment options.

2. Host-based WAF

A customizable solution that is integrated into the application software. While less expensive than a Network-based WAF, this option is often more complex to deploy and still consumes considerable resources.

3. Cloud-based WAFs

The most affordable deployment option, Cloud-based WAFs are turnkey solutions offered by the cloud provider, such as Amazon Web Services (AWS). In this model, implementation and updating is the responsibility of the cloud provider. While this lowers complexity for the organization and reduces the burden on the IT team, the business relinquishes some control to the third-party organization. As a result, the organization may not be fully aware of the threats the WAF is uncovering. There may also be limitations on how the solution is integrated within the organization’s broader cybersecurity strategy.

CrowdStrike’s Falcon Firewall Management

As more organizations look to adopt host firewall capabilities native to the operating system, they often find effective functionality but are faced with complex, cumbersome management and visibility blind spots that can frustrate administrators and open security gaps.

Falcon Firewall Management is an advanced solution from CrowdStrike that provides simple, centralized firewall management, making it easy to manage and enforce host firewall policies.

Delivered via the CrowdStrike Falcon® lightweight agent, single management console and cloud-delivered architecture, Falcon Firewall Management immediately enhances protection from network threats with minimal impact on the host — from initial enablement to ongoing day-to-day use.