A web application firewall — also known as a WAF — is basically a website’s gatekeeper. Once installed, it monitors all incoming traffic to determine whether website visitors are legitimate or malicious. It then denies access to suspicious traffic, blocking out nefarious players.
You may think that your small business’s website doesn’t receive enough traffic to necessitate a gatekeeper, but consider this: More than 60% of all internet traffic is made up of bots. Of course, not all bots are dangerous; some serve a positive purpose, such as search engine crawling. But many pose a significant threat to your website and its visitors. These bad bots visit websites for negative purposes — crawling a site’s code in search of security vulnerabilities, for instance.
Given the significant number of bad bots roaming the internet, all small businesses should be on guard. And a web application firewall is your first line of defense to ward off attackers.
Why Are Small Businesses a Target?
No matter the size of your business, your website’s database contains valuable intellectual property, sensitive customer data like credit card numbers, and other critical business details. Small businesses often lack the resources and budget to leverage IT teams that can continuously monitor their databases for cybercriminals looking to exploit precious data.
Cybercriminals also target small businesses to access their connections or vendor partners. For example, when hackers stole the information of millions of Target customers, they originated the attack on a small HVAC vendor the retailer contracted. Cybercriminals often see small businesses as backdoor access points to larger, more secure networks.
Small businesses are valuable targets, but they also tend to be easy ones. Many have minimal cybersecurity solutions in place, not to mention limited resources to prevent and mitigate an attack. Don’t be the low-hanging fruit; instead, implement a strong cybersecurity solution — starting with a WAF.
What Do Web Application Firewalls Protect Against?
WAFs offer different levels of protection. The most basic WAF can spot malicious bots and deny them access to your site, but bad bots aren’t your only concern. You should also make sure your WAF includes protection from DDoS attacks and every threat on the Open Web Application Security Project’s top 10 list.
It’s also worth noting that some firewalls can’t protect data as it travels between the client and the server. Data entered into an online form — think credit card information, Social Security numbers, or login credentials — is at risk unless it’s encrypted. This is why you need to ensure your WAF is compatible with an SSL certificate and supports HTTPS to encrypt such data.
Finally, keep in mind that WAFs only protect against incoming traffic trying to access your website through the domain name. The firewall will not recognize any traffic that tries to access the server directly by going through the IP address. Fortunately, this is a simple fix: Use the .htaccess file to block all traffic except the IP addresses used by the firewall.
Web application firewalls are key for effective cybersecurity. They play an important role in blocking bad actors from entering your website and keep your customers’ information secure. For the utmost protection, ensure that your WAF goes beyond the basics to block every vulnerability.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.