In a recent article, “What’s a WAF?” we discuss the fundamentals of traditional WAF architectures and look at the three most common WAF implementations. All three fall far short of protecting organizations from today’s malicious and persistent cyber threats.
In fact, the existing practice of accumulating point products as part of a WAF strategy creates vulnerability gaps that allow threat exploits to proliferate. Two Gartner WAF Magic Quadrant analysts, Jeremy D’Hoinne and Adam Hils, note that the ever-evolving web standards and complex architecture requirements aggravate technical debt in WAF appliance solutions, limit innovation, and increase deployment complexity. “[Traditional] WAF technology,” they write, “has failed to deliver on the promise to automatically enforce a positive security model.”
Forrester analyst Sandy Carielli has a similar take on the shortcomings of traditional WAFs:
WAFs remain a fundamental technology for application security protection, but customer requirements have changed…customers expect WAFs to provide protection against an ever-broader spate of application attacks, including API-based attacks, client-side attacks, and even bots. Furthermore…WAFs must integrate with the rest of the application development and security infrastructure and help security leaders quickly identify and respond to application threats. Organizations want more from their WAF providers—and the degree of negative feedback…warns that, unless vendors adapt, the WAF market is ripe for disruption.
We agree the WAF market is ripe for disruption, yet many newer market entrants (think Tala, Page Integrity Manager) still fall short by offering only limited functionality on insufficient, incomplete platforms. We, on the other hand, have crafted a solution with true disruption and transformation in mind: Enter the client-side WAF, protecting applications at the browser.
Unlike complex network-side technologies that take months to deploy and provide only limited risk prevention, transformational solutions like CymaticONE + VADR are designed for speed, scale, and simplicity.
A flexible, scalable microservices architecture offers improved foundational security and faster speed to market for new features. Advanced behavioral biometrics protect against user and device vulnerabilities, and real-time BYOD scans to ensure outdated browsers don’t pose a code-injection risk.
Importantly, location-based threats are thwarted using intelligence from dark web, geolocation, and IP data.
Additionally, we provide immediate bot detection and remediation and we continually ingest and learn from user behaviors to maximize device hygiene. Our open APIs allow for any level of data extraction: Data can be distilled in its entirety or exfiltrated at the microservices level for ingestion into SIEM, SOAR, fraud and other security tools.
Perhaps most importantly, Cymatic actually delivers on the WAF promise by supporting both active and passive policy enforcement, while a chatbot provides just-in-time awareness training and other valuable information.