You are here
Approach WAF, an innovative technology combined with extended expertise
WAF, an essential security tool
Web Application Firewalls (WAF) can monitor, detect, and block web-based attacks by inspecting the content of the traffic so as to improve the security of your web applications. They are complementary to traditional network firewalls that can only block traffic based on its origin and destination..
"We have drawn on our in-depth cybersecurity expertise and methodology to develop an innovative and unique WAF that provides proven effective security at limited license cost. "
Approach WAF, much more than a traditional WAF
Traditional WAFs often fail in practice due to “bad” implementation and deployment :
- They are black boxes. They contain obscure one-size-fits-all "magic rules" that generate unexplainable false positives. This often leads to the deactivation of most of the rules that are supposed to protect the application.
- They allow most traffic and expect you to explicitly add most of security. As a result, security is generally very limited and does not cover the full spectrum of the content.
- They lack an integrated methodology to manage their configuration, deployment and maintenance. As a result, WAF configurations are often not in line with the applications.
Approach WAF offers a completely different and innovative approach to ensure proven effective security:
- By default, the “deny all” rule is applied to all traffic. Security is therefore extended to the full spectrum of the content; no part could be mistakenly “forgotten”.
- Rules are activated to allow expected traffic only. Our WAF includes many preconfigured rules that will suit most of your applications. The Approach WAF is transparent and open and can therefore be easily used with full knowledge of the purpose of such rules.
- We have developed a fully integrated methodology to ensure proper implementation and maintenance.
Here is an highlight of our major differentiators compared to traditional commercial WAFs and the main Open Source solution:
Core Rule Set
|Attack Pattern detection||✔||✔||✔|
|Default "Deny all"||✔||—||—|
|Behavioural & history analysis||✔||—|
|Transparent and open||✔||✔||—|
|Good Practice enforcement||✔||—||—|
|Complete Management Framework||✔||—||—|
Approach WAF, more value for less money
The licence cost is minimal by relying on open-source technologies. You mainly pay for security expertise.
Furthermore a “deny all” philosophy translates into an immediate level of security. In other words, more security for less money.
Approach WAF, two editions for two different needs
Approach WAF is available in two versions coming with the same modules and the same security features.
The difference lies in the pre-configuration and in the customization capabilities.
|Approach Security Framework||✔||✔|
|Approach Management Framework||✔||✔|
|Default "Deny all" (H&V)||✔||✔|
|Full control on white listing||✔||—|
|Deployment & Management|
|Redundant & Scalable||✔||✔|
|Easy 3rd party integrationt||✔||—|
|Transparent and open||✔||—|
|Full Managed services||Optional||Optional|
- The “Advanced Edition” is intended for datacentres and large companies. It is entirely customizable and aims to be tightly integrated in your environment with your own technologies. This version is preconfigured with the “deny all” philosophy and white listing must be explicitly activated.
- The “Standard Edition” is a standalone virtual machine, with pre-activated security rules that will allow most common traffic. The operating system and the core components cannot be modified.
For both versions, you can subscribe to a service to have Approach managing the WAF and its evolution.
Approach WAF, from a custom implementation to a product
"The Approach WAF solution is protecting our key eBanking applications already for some years. The tailor-made solution meets our needs and it follows the technological evolutions (API, cloud, ...). The high security level of the solution combined with the responsive support team makes this a solid and effective service." Mathieu Desmet, CIO CPH Bank
" Approach is providing us with their solution as managed service since 2007. The low cost adapted to a start-up was the key decision factor, but the very high availability we had during huge attacks proved the maturity of the product. It smoothly supported our migrations over the years (development frameworks, cloud infrastructure, ...), without being distracted by security concerns and technical issues. " Frederic Tais, ATLAS Expat Operations Manager
Publications & events
Published on 31 October 2018
ModSecurity extensions by Approach Belgium
Download the additional input filters developed by Approach for ModSecurity.
Published on 12 October 2018
How do you deal with low risk level vulnerabilities ?
Nothing should be left behind when speaking in terms of security... A story by David Bloom, Cyber-Security Consultant at Approach.
Axis Parc (4 hours)
WAF open forum: is the technology mature?
Isaca Belgium and Approach are pleased to welcome you to the open forum " Web Application Firewalls: is the technology mature" ...
Published on 05 June 2018
Approach is recruiting IT Security experts
The Waldorado team from RTL TVI visited us to know more about our activites and the profiles we are recruiting. Watch the movie !
Published on 04 April 2018
Rise of DDoS Amplification Attacks
Since the end of February 2018, we’ve seen a rise of DDoS Amplification attacks, with in some case more than 1Tbps of traffic generated. ...