Chapter 7. Web Application Security: Planning Your Next Move
For most small- to medium-sized enterprises, managing the products and resources for web application security is a challenge unto itself. You need to find, hire, and retain the right people, which is a challenge considering the significant skills shortage in the security realm. In many cases, you are balancing a long list of vendors, contracts, products, and specialists to handle your approach to web application security in pieces and parts.
Cutting through the hype, overcoming the fears of malicious bots and other attackers that make up the current threat landscape, and making effective decisions requires a comprehensive and prioritized strategy. Whatever your approach to web application security, consider following a plan for prioritizing the activities discussed in this report. Your plan should first concentrate on the following:
-
Build on a strong foundation for DNS infrastructure availability
-
Incorporate steps to protect against DDoS-induced outages
-
Mitigate malicious bot threats
-
Protect against an overabundance of application vulnerabilities
-
Address API security issues
-
Manage and mitigate malware risks
With a comprehensive plan for web application security in place, your business can move forward with confidence, knowing you are taking proactive steps to reduce risks and control the threats heading toward the edge.
The Benefits of Teaming with an Edge Services Partner
One approach for cloud-based web application security is to partner with an edge services partner that can proactively bolster your defensives before your web applications are threatened. Edge services can play a critical role in your approach to cloud adoption and successful cloud migration. The edge is where many critical decisions are made with respect to how your customers and users can securely get the content and services they’re trying to reach in order to get work done and do business with your enterprise. Cloud service providers often manage hundreds or thousands of web applications, so their security teams have a great deal of experience in keeping web applications secure. They see a large number of threats that an individual organization might not see, and this collective insight and knowledge can be very beneficial to keeping all of their customers secure.
Options that partners can provide include the following:
-
DNS infrastructure services as edge tools for maintaining sites, improving response time, more efficiently directing traffic, and finding healthy endpoints and paths to those endpoints
-
Security services that preemptively identify, throttle, and thwart malicious attacks of every kind at the pre-edge of the cloud before it can reach your own sites
DNS is a prime example of an edge service that is underutilized today as an edge tool for more efficiently directing traffic and finding healthy endpoints and healthy paths to those endpoints.
What a Web Application Security Suite Looks Like
A comprehensive application security suite can be a multitenant, hosted platform with globally distributed point of presence (PoP) and geographically dispersed attack mitigation centers. It also can include security operation centers focused on monitoring and mitigating attacks 24/7. Proprietary machine learning algorithms, coupled with threat intelligence and big data analysis, reside at the core. Specific elements include the following:
-
Highly available DNS services
-
Hardened DDoS protection and mitigation
-
Advanced malicious bot detection and mitigation solutions
-
WAF AI-driven web application firewall
-
Advanced API protection with token challenges for web and mobile
-
Cloud-based malware protection for websites offered as a 24/7 managed cybersecurity service