There’s no way to get around it: Application security isn’t easy or simple, from either a technical or an organizational/cultural perspective. But it’s never been more important to correctly configure robust WAF capabilities to protect your organization, users, and data against a growing tide of application-layer attacks, including the newest variants of ransomware.
On the technical side, the sheer number of threat types and vulnerabilities means that an effective WAF has a lot of moving parts and capabilities — and configuring it all correctly depends on having basic knowledge and data about your apps, who uses them, and how.
On the organizational/cultural side, success depends on close, effective collaboration between network and application teams — which as you may know, can be a significant challenge in many organizations.
Expert advice for a successful deployment
At Secured.21, Barracuda’s recent global virtual customer conference, Director of Application Solutions Brett Wolmarans led a session called “How to train your WAF – Getting AppSec up and running, fast,” which you can watch here. If you’re preparing to deploy a WAF solution — especially Barracuda WAF-as-a-Service — this is a must-see pre-recorded event.
In his 24-minute presentation, Brett delivers a comprehensive set of practical, manageable recommendations and tips for how to carry out your WAF deployment and configuration quickly and successfully — without having to become an application-security expert.
Watch a brief sample here:
A comprehensive set of best practices
Watch the full session to get much more of Brett’s insights and advice about how to deploy WAF successfully, including:
- Why you should reach out to the Apps team and work proactively to establish clear communications and set appropriate expectations and shared goals
- The info you need to seek out to gain a basic — not expert — understanding of your apps, users, traffic, and threats
- Why it’s critical to gather and understand a full month of application logs to set baselines prior to deploying your WAF
- Why you MUST ensure your WAF fully protects inputs, actively enriches outputs, and prevents interactions with bad bots
- How to gather baseline vulnerability data on your apps with Barracuda’s free online scanner, Barracuda Vulnerability Manager
Brett also explains why he says the real secret to AppSec success is to be a great collaborator — not only with all the teams involved, but also with Barracuda support teams, who are there to talk whether you have a major issue to resolve or a simple question about how a particular feature works.
A guide on your journey to app security
Application security is too complex for most of us to undertake without a guide. Watch this Secured.21 “Deep Dive” session and let Brett be your guide to preparing for and executing a successful WAF deployment that eliminates vulnerabilities, blocks a wide range of attack types, stops bad bots, and prevents both volumetric and application DDoS.
Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.
You can connect with Tony on LinkedIn here.