Let's make one thing absolutely clear at the outset: the time to think about the best options for cyber-threat mitigation is NOT when your network is being attacked. In the best-case scenario you will already have a mitigation strategy in place for defending against both network-layer and application-layer attacks. The most important thing to know when you are building a multi-layered approach to securing web applications is that security solutions aren't one-size-fits-all. You have several options to mix and match. Akamai's free eBook, "Threats and Mitigations: A Guide to Multi-Layered Web Security", gives you options for making the choices that best fit both your business and IT infrastructure requirements.
These days it's not enough to have a web-application firewall (WAF). The key to using hardware devices in a mitigation strategy is understanding what these devices can and cannot do. Defending against today's increasingly sophisticated application-layer attacks can be resource-intensive. WAFs require large amounts of computing resources and processing, which can degrade performance. The fact is that most devices represent a single point of failure. Moreover, by definition on-premises hardware attempts to stop an attack only after it's entered the data center - when it's simply too late.
Enter the new era of cloud-based mitigation services that reside outside of your data center and stop malicious traffic before it can penetrate your company's infrastructure. You have choices to make here, too. You can go with always-on mitigation that acts like a shock absorber that protects your network by taking the first big hit of a cyber-attack. Or you can choose an on-demand solution that you can engage once an attack is suspected to intercept your incoming traffic using mitigation services where legitimate traffic is forwarded on and malicious attack traffic is scrubbed.
Yet another option is Website Protection Service providers who utilize CDNs to provide network- and application-layer security for Web sites and applications. As a cloud-based proxy, these networks sit in front of your IT infrastructure and deliver traffic from your end users to your Web sites and applications. The cloud platform examines network traffic for known threats and passes only legitimate traffic to the Web application. Chapter 3 in "Threats and Mitigations: A Guide to Multi-Layered Web Security" discusses the advantages and caveats of using each of these solutions, or blending them in a multi-layer mitigation strategy.
Don't wait until your business is targeted by a cyber-attack. Download our free eBook, "Threats and Mitigations: A Guide to Multi-Layered Web Security," which covers everything you need to know about the types of cyber threats, how to secure websites, how to protect applications against data theft, how to choose a web security solution, and how to make your network less vulnerable to attack.