Companies must recognize vulnerabilities before they become a threat!
Enterprise web applications have become a major target of cyber attacks. Almost all of these IT systems contain serious security holes and allow hackers to access sensitive data. In some cases, cyber criminals may even gain complete control over web servers. However, network level firewalls are not capable of fully protecting http or https protocols. In an interview, Walter Schumann, Senior Vice President Sales & Marketing at Rohde & Schwarz Cybersecurity, describes the extent of the threat and which strategy is actually effective.
Mr Schumann, why are web applications so susceptible to cyber attacks?
Hackers make their work as easy as possible. They are looking for doors to push open. Web applications and web services are such access paths. Organized criminals can already overcome the barriers of web-based apps with simple means. There is a simple reason for this: http and https protocols form the basis for innovative IT processes in all industries. However, the web is not designed for such complex applications. This is especially true for the http and the somewhat more secure https protocols. Almost every web application therefore contains vulnerabilities and is vulnerable.
Given the risk, are web applications really that important for businesses?
Absolutely! Web applications have become indispensable in modern IT infrastructures of companies. Business processes are increasingly outsourcing to the Internet. Whether SAP NetWeaver, SharePoint, Outlook Web Access or CRM applications: all applications are realized in the background by web applications. In addition, web services serve as a backend for mobile devices and enable communication between machines. Large companies actively use up to 100 applications. Web applications are also standard in small and medium-sized businesses. The security of web applications therefore affects every company today - and not just operators of online shops and banking portals.
What are the specific threats that companies need to respond to?
There are a multitude of cyber attacks on web applications and the corresponding protocols. One of the most common weaknesses is the so-called "Cross-Site Scripting" (XSS). Hackers infiltrate a malicious script into an unprotected web application called by users. In this way, hackers can gain data that is exchanged between the user and the respective website. Another example: With the help of so-called "SQL injections", hackers can exploit and manipulate security leaks in SQL databases. The attackers simply feed web forms with additional commands of their own and spy out data in this way. With this technology, cybercriminals can even gain control of a server.
However, almost every company has a network firewall. Is that not enough?
Companies often believe that everything on the network is okay as long as there is a firewall. That is a dangerous fallacy. Conventional firewalls end at the network protocol level. There, for example, they use the IP address to check whether someone has access rights or not. However, network firewalls cannot detect content at the application level. Here, however, the hacker infiltrates his commands when attacking web applications. That's why companies have to face danger before they become a threat: Only a special Web Application Firewall (WAF) can detect and block such attacks. This is installed as a reverse proxy. This enables it to analyze the entire data exchange between client and web server. Thus the WAF offers protection against SQL injections, XSS and many other web attacks.
What should a company pay attention to when selecting a Web Application Firewall? Are there differences in the approach?
The way in which the WAF detects malicious intruders is crucial for the quality and effectiveness of protection. List models are widespread: Whitelisting blocks all traffic except those explicitly allowed. Blacklisting, on the other hand, allows through all data that is not expressly prohibited. However, list models often lead to so-called "false-positive" messages. This is a huge problem.
In what way?
With imprecise methods, these false alarms quickly add up to over several hundred per day. It takes a long time to work off these false warnings. A Web Application Firewall is often switched off again because the workload becomes too high. This is fatal, of course. The firewall can be configured to detect malicious traffic more precisely. But that requires special knowledge. This is therefore not an option for small and medium-sized companies without their own IT department.
Is there no simple and precise way to detect attackers?
Rohde & Schwarz Cybersecurity has developed such new methods for its Web Application Firewall. One example is the workflow concept. It identifies Internet threats based on their activities and specific behaviors. Complex presettings by the IT administrator are then no longer necessary. The scoring model also considerably specifies the location of attackers. Different elements of a data set are weighted differently. When a data set arrives at the web application, the firewall compares the sum of the weighting with a defined threshold value. As soon as this is reached, the WAF classifies the data traffic as harmful and blocks it. Such scoring models are particularly effective against Denial of Service (DoS) attacks.
For very complex attacks, an Advanced Threat solution is recommended. This uses, for example, so-called sandboxing technologies, with which areas in need of protection are completely insulated. However, an advanced and effective WAF must also be able to verify identities in addition to content. This is the only way to prevent unauthorized persons from accessing applications.
Does a WAF not make it considerably more difficult for users to access web applications?
That does not have to be the case. We have designed our WAF in such a way that further strong authentications are grouped behind a logon using single sign-on. In this way, the user can access all computers and services at his workstation with a unique and successful identity check.
Is a network firewall still necessary for everything a WAF does?
Absolutely! A network firewall is indispensable. It ensures that only a certain amount of data traffic is authorized to access the IT infrastructure. However, it does not guarantee that the data transported by this traffic is secure. Here the Web Application Firewall secures. Only the combination of both firewalls offers comprehensive protection of your own sensitive data.
Mr Schumann, thank you very much for the interview!