Qualys Brings WAF to the Cloud
Open source IronBee project graduates to the cloud in an effort to protect enterprise networks from Web application vulnerability risks.
Security vendor Qualys is now throwing its hat into the commercial WAF ring with a new WAF service in the cloud. The goal of the QualysGuard WAF is to enable more organizations to leverage WAF technology to protect their applications.
"We've noticed that traditional WAFs are usually hardware appliances and usually difficult to use," Ivan Ristic, director of Engineering at Qualys told InternetNews.com. "The problem is that even for companies that can afford WAF tools, they're only using them for their most precious assets."
According to Ristic, that all means there is a long tail of websites that aren't being protected by a WAF. The Qualys WAF only requires that a network is in control of its domain name in order to begin the process of setting up the protection. Administrators simply need to make a DNS change to redirect traffic to go through the Qualys' global network of proxy servers.
"We see all the traffic and we're able to screen it," Ristic said. "Once we're sure that it's not malicious we pass it to the actual real site."
The same process works in reverse to check all outgoing traffic from an enterprise for any potential unauthorized information leakage.
Qualys isn't the first vendor to market with a Web-based WAF. Back in 2009, content delivery network vendor Akamai debuted a cloud WAF service, though it was limited only to Akamai's users.
The QualysGuard WAF is based on the open source IronBee project that Qualys officially launched in 2011. IronBee is not a fully featured product on its own but is something that advanced users could benefit from. In the coming weeks there will be a new release of IronBee showcasing a new rules language.
In addition to the cloud WAF, Qualys is now launching a cloud based malware detection service (MDS). The MDS can be integrated with the WAF to provide a more comprehensive approach to cloud delivered security. Ristic explained that with both services enabled, as malware scanning is performed that data can be shared with the WAF to block malicious pages in real time.
The combined system will also enable enterprises to specifically pinpoint areas of risk and vulnerability on a website application.
"We could do a pretty surgical removal of malware and still maintain the functionality of a webpage rather than blocking it completely," Wolfgang Kandek, CTO of Qualys told InternetNews.com.