You are here
WAF, an essential security tool
Web Application Firewalls (WAF) can monitor, detect, and block web-based attacks by inspecting the content of the traffic so as to improve the security of your web applications. They are complementary to traditional network firewalls that can only block traffic based on its origin and destination..
"We have drawn on our in-depth cyber security expertise and methodology to develop an innovative and unique WAF that provides proven effective security at limited license cost. "
Approach WAF, much more than a traditional WAF
Traditional WAFs often fail in practice due to “bad” implementation and deployment :
- They are black boxes. They contain obscure one-size-fits-all "magic rules" that generate unexplainable false positives. This often leads to the deactivation of most of the rules that are supposed to protect the application.
- They allow most traffic and expect you to explicitly add most of security. As a result, security is generally very limited and does not cover the full spectrum of the content.
- They lack an integrated methodology to manage their configuration, deployment and maintenance. As a result, WAF configurations are often not in line with the applications.
Approach WAF offers a completely different and innovative approach to ensure proven effective security:
- By default, the “deny all” rule is applied to all traffic. Security is therefore extended to the full spectrum of the content; no part could be mistakenly “forgotten”.
- Rules are activated to allow expected traffic only. Our WAF includes many preconfigured rules that will suit most of your applications. The Approach WAF is transparent and open and can therefore be easily used with full knowledge of the purpose of such rules.
- We have developed a fully integrated methodology to ensure proper implementation and maintenance.
Here is an highlight of our major differentiators compared to traditional commercial WAFs and the main Open Source solution:
Core Rule Set
|Attack Pattern detection||✔||✔||✔|
|Default "Deny all"||✔||—||—|
|Behavioural & history analysis||✔||—|
|Transparent and open||✔||✔||—|
|Good Practice enforcement||✔||—||—|
|Complete Management Framework||✔||—||—|
Approach WAF, more value for less money
The licence cost is minimal by relying on open-source technologies. You mainly pay for security expertise.
Furthermore a “deny all” philosophy translates into an immediate level of security. In other words, more security for less money.
Approach WAF, two editions for two different needs
Approach WAF is available in two versions coming with the same modules and the same security features.
The difference lies in the pre-configuration and in the customization capabilities.
|Approach Security Framework||✔||✔|
|Approach Management Framework||✔||✔|
|Default "Deny all" (H&V)||✔||✔|
|Full control on white listing||✔||—|
|Deployment & Management|
|Redundant & Scalable||✔||✔|
|Easy 3rd party integrationt||✔||—|
|Transparent and open||✔||—|
|Full Managed services||Optional||Optional|
- The “Advanced Edition” is intended for datacentres and large companies. It is entirely customizable and aims to be tightly integrated in your environment with your own technologies. This version is preconfigured with the “deny all” philosophy and white listing must be explicitly activated.
- The “Standard Edition” is a standalone virtual machine, with pre-activated security rules that will allow most common traffic. The operating system and the core components cannot be modified.
For both versions, you can subscribe to a service to have Approach managing the WAF and its evolution.
Approach WAF, from a custom implementation to a product
Approach, your cyber security partner
NewsSee all publications
Reduce exposure and impact of phishing attacks. Cyber security story #2
Chapter two of our cyber security story! How will our experts reduce the...
How to deal with phishing? Cyber security story #1
Two security experts face a phishing attack but the story ends as a dark day for...
VLAIO agreement for cyber security projects
Get subsidies via the VLIAO for your cyber security projects together with...