Every so often, there is a technological shift in the information security industry. Sometimes it is due to new cyberattack discovery, aka a  Zero-day. Many times, the catalyst is legacy technology. When a legacy technology no longer adequately responds to the technological world around it, it is simply time to evolve. The recent increase in Web Application Firewall (WAF) related incidents make the writing on the wall clear: Evolve or suffer!  

InfoSec family! We need to come together and have a rather overdue discussion. Legacy WAFs live in the dark ages of security.  On October 10th at 10 am PST /1 pm EST, we will have this conversation. Global strategist, Kavya Pearlman, will moderate the discussion with two of the industry’s experts, Alissa Knight and Ivan Novikov

Alissa Knight is a senior analyst with Aite Group’s cybersecurity practice. Ms. Knight covers cybersecurity in financial services, serving as a thought leader and trusted advisor to financial institutions, established technology vendors, startups, and venture capital firms. She has worked in cybersecurity for over 20 years as a penetration tester and incident responder, is a published author, was featured in the well known Brian Krebs Imperva data breach article for having a unique take and intimate knowledge of the incident.

This promises to be one of the most significant discussions around WAFs in a long time. If you care about application security, don’t miss this opportunity. It is more than just another webinar. It is an honest conversation that we, as an Information Security family, have never had. Let’s change that. Traditional Web Application Firewalls are failing us, resulting in security incidents and data breaches. We have to ask, What happens when a Security product becomes the source of a security breach? 

The following quote from DevSecOps Manifesto serves as an important reminder to all of us in InfoSec:

“We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.”                                          – DevSecOps Manifesto

In our discussion, What the Actual WAF?!, we will reflect on a few key points: 

  • The evolution of WAFs
  • Recognizing that legacy WAFs are inadequate
  • Critical lessons from recent security incidents
    • Imperva Security Incident (Aug 2019)
    • Cloudflare Outage (July 2019)
    • Capital One Data Breach (July 2019)
WAF Evolution

Fig -1: Evolution of Web Application Firewall

Our conversation needs to cover all the bases—configuration issues, high rate of false positives, evasion of WAF, insider threats, Reg-Ex Based rules, and a whole bunch of other challenges surrounding WAFs. 

Solutions do exist. Before we can properly recognize and apply them, we need to come to terms with the inadequacies that are currently taking up space in modern security landscapes. Consider it a scarcity for resources issue; we need to kick out the solutions that are no longer functioning to give ample room for the advanced WAF solutions. Join us in this discussion. Let’s think through how we can do better? Let’s explore what the consequences are if we don’t. As an industry, we need this moment of self reflection and improvement. 

Register now for What the Actual WAF!? 

Can’t make it to the webinar? Sign up and we will send the slides afterward!