Get In Touch
In my last articles I introduced the idea of how simple is the concept of a WAF (although implementing a reliable WAF system is not that simple), what are false positives and false negatives and the best approach to trade-off between them, what is the impact of wide visibility when it comes to build a WAF, the importance of having a solid team of experts backing up a WAF solution,
Let's move on with our analysis of the ideal WAF requirements. Scale is, without a doubt, one of the most important requirements of an effective WAF. Scale has to be considered from two perspectives: under standard traffic conditions and under unusually high levels of traffic. Let's look at each one.
I've always hated security 'predictions'; they range from scientific guesses to self-serving marketing drivel, trending mostly towards the latter. But they do serve a purpose when done right, in that they draw attention to the trends currently happening and how they might play out in the future. Given that there's been more focus on the field of computer security in 2015 than in any year before, it's probably not a
First time I jumped into a plane I was around 10 or 12 years old. The crew, moved by my innocent face and my dazzle, gave me a great gift: they allowed me to enter into the cabin where the pilot was commanding the flight. This is what I saw:
In previous posts WAF: False Positives vs. False Negatives and WAF: trade-off between false positives and false negatives, we talked about the importance of WAF accuracy and the strategy that Akamai follows when developing the system of proprietary rules (Kona Rule Set or KRS) that govern the WAF.
When we were young, we had fun playing hide and seek. As 5 year olds there were a limited number of places our friends could hide, and we could methodically check each one and then giggle when we found them. As we grew older, we expanded the boundaries of the game. Today, as security researchers, hide-and-seek is no longer so fun because the boundaries are nearly infinite. How do you
In the previous article, we introduced, arguably, the most important metric to measure WAF quality (in subsequent entries we will talk about WAF performance). But we left one question flying in the air: How can we achieve that our WAF rules provide a virtually null False Positive rate, keeping at the same time a very low percentage of False Negatives?
It's hard to miss all the media attention surrounding data breaches in healthcare. If you're involved in information security at a healthcare organization, it's no surprise to you that more than 143 million individuals have been affected by data breaches since HHS started tracking incidents in September 2009.
I said in my last article that one of the key factors when it comes to judging the effectiveness of a WAF is accuracy. There is a metric that, measured in an objective way, provides an unmistakable view of quality and accuracy of a WAF solution: false negatives and false positives.