According to a study made by Forrester Research, businesses don't realize they don't have defense methods to avoid application-layer attacks, which turns them into easy targets.
Forrester Research stated: "
Most enterprises are not even aware that their traditional network firewalls cannot protect against these attacks". Web application firewalls (WAFs) will be more and more demanded over the next three years, and drop afterwards, according to a Web Application Firewall Forecast report for 2007 to 2010.
Not being aware of the flaws in their web applications could harm businesses. Symantec has shown this in a report on Internet security threats over the last six months of 2006.
According to Symantec Internet Security Threat Report Trends for July-December 06, web applications have been affected by sixty-six percent of vulnerabilities notified during this period. They have also been affected by 77 percent of easily exploitable vulnerabilities, according to the same report.
According to the Forrester study, there is a big difference between traditional firewalls that examine packets and WAFs that examine flows of packets that represent sessions with web servers. The study also mentions that "What many firms do not understand is how [WAFs] differ from a traditional network firewall".
According to Forrester, businesses could become more and more aware of web application threats, especially if they come in contact with the Payment Card Industry (PCI) standards for data security. Due to these standards, credit card numbers and other personal data transferred during credit card checks and online transactions are protected. In order to protect them from web application attacks, WAFs are required.
There is a deadline in mid-2008 asking businesses to respect the PCI standards. Forrester thinks WAFs sales will grow, as businesses will become more aware of their Web application security. He also considers that WAFs sales will decrease after this period, because businesses and retailers depending on use of credit cards to do business will have complied.
Forrester claims that businesses will move their defenses higher on the IP hierarchy, as well as will those trying to steal private data.
According to the report, "Attackers are also moving up the stack, with application layer and session layer attacks increasing in frequency and destructiveness - but traditional network firewalls don't help."
Forrester also seems to think that WAFs devices will be bought by many customers by mid-2008 in order to protect themselves from these threats, but that in time other equipment will absorb the functionality of these boxes. Application acceleration platforms and generalized security appliances will also probably be absorbed. It is thought that larger networking firms will buy some WAFs vendors.
According to the report, "This consolidation will further push prices lower as WAF gets included as part of a packaged network security or application delivery offering."
Home
Contact Us
Increasing incidents of mobile viruses, spyware make organizations unwilling to enable mobile access to applications.Not sure about how to secure smartphones in the face of increasing threats is slowing enterprise adoption of mobile applications, experts exhibiting at the 3GSM World Congress in Barcelona this week said. 
