Qualys: WAF to the Cloud

Security vendor Qualys is now throwing its hat into the commercial WAF ring with a new WAF service in the cloud. The goal of the QualysGuard WAF is to enable more organizations to leverage WAF technology to protect their applications.

“We’ve noticed that traditional WAFs are usually hardware appliances and usually difficult to use,” Ivan Ristic, director of Engineering at Qualys told InternetNews.com. “The problem is that even for companies that can afford WAF tools, they’re only using them for their most precious assets.”

According to Ristic, that all means there is a long tail of websites that aren’t being protected by a WAF. The Qualys WAF only requires that a network is in control of its domain name in order to begin the process of setting up the protection. Administrators simply need to make a DNS change to redirect traffic to go through the Qualys’ global network of proxy servers.

“We see all the traffic and we’re able to screen it,” Ristic said. “Once we’re sure that it’s not malicious we pass it to the actual real site.”

The same process works in reverse to check all outgoing traffic from an enterprise for any potential unauthorized information leakage.

Read More here: http://www.enterprisenetworkingplanet.com/netsecur/qualys-brings-waf-to-the-cloud.html

Related articles

• Qualys: Going Public with IPO? (netsecurityit.wordpress.com)
• RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service (windowsitpro.com)
• 5 Schemes For Redeeming Trust In SSL (informationweek.com)

February 29, 2012 | Categories: Enterprise, General Security, Hacking, Network Management, Network Security, Patching, Security, Security Advisory, Vulnerabilities, Zero-Day | Tags: application firewall, DNS, dns change, Domain Name System, information leakage, IP address, Ivan Ristic, outgoing traffic, precious assets, Protocols, Proxy server, proxy servers, Proxying and Filtering, Qualys, Ristic, Security, Web application | Leave a comment