Things to consider when choosing a Web Application Firewall
Step 1. General audit
Explain to us, how does your network work. We also need to know how does your infrastructure looks like.
Step 2. Level of security
Are you a "Secret Service" like organization, a bank, or just regular e-commerce? Do you need to have the WAF on-premise or can it work in a cloud?Read more
Step 3. Performance
How much traffic do you handle? Are your users from all around the world? How many milliseconds of delay can you tolerate?
Step 4. Virtual Patching
What if there is a well-known vulnerability in the WAF you are using? How rapidly do you want the fixes to be applied?Read more
Step 5. On-demand or always on?
Do you want to keep your WAF in a monitoring mode or keep it actively blocking unwanted visitors?Read more
Step 7. Rules & Regulations
Do you need a WAF with PCI DSS? Does your industry require additional certifications? Are there any regulations we should think about?Read more
Step 8. OWASP TOP 10 + ?
Do you need standard protection from the most popular attacks or things like cookie modification and brute force login attempts, need to be handled as well?Read more
Step 9. Decrypting Data
Should your WAF decrypt data that flows from or to your users? Proper WAFs can terminate a package that has been encrypted with an SLL.Read more
Step 10. Reporting
Do you need reporting? Would you like to know how many times were you attacked this month?