FortiWeb - For the protection of your web applications

In today's world, where more and more companies are decentralised, web applications have become increasingly important. These web applications can be accessed from anywhere via the internet, usually through a browser. Microsoft, for example, offers the popular web application OWA for Microsoft Exchange so that people can access their e-mails. This has the immense advantage that one can provide platform-independent applications and company information and access them from anywhere with an internet connection. No installation is necessary. However, this also means that these applications can be attacked more easily and need to be protected.

In 2017, 29% of all data breaches occurred due to attacks on web applications.
Compared to 2016, there was a 69% growth in attacks on web applications in 2017!

It is therefore advisable for companies where sensitive business processes run via web applications to deploy a web application firewall (WAF). Fortinet offers the FortiWeb VM and device series for this purpose.

What exactly does a web application firewall protect against?

While a conventional firewall (e.g. FortiGate) protects the network, a WAF specialises in protecting communication between the web application and the outside world. There are many possible attacks:

Bruteforce

The attempt to discover a functioning access by trying out access data. Thresholds can be set for the number or speed of login attempts at which the login should be rejected, even if it is correct. Theoretically, this can only slow down a bruteforce attack. In practice, however, you can react before an account is "cracked". In addition, you can slow down the bruteforce process so much that the attacker aborts because it simply takes too long.

DoS (Denial of Service)

Here, the aim is not to penetrate a network, but to restrict or even prevent accessibility. Threshold values can also be set here, from how many connections from an IP the connection should be blocked. This reduces the possibility of blackmail. Who wants to be forced to pay a ransom for their own website so that it can be accessed again?

Defacement

In this case, a web server is attacked via acquired access data or security holes in order to exchange content. These are usually harmless attacks, but they are often associated with a loss of reputation, as one is presented as vulnerable. FortiWeb monitors the files on a web server for changes and can send an alert e-mail in the event of a change or even automatically restore a backup of the file.

Credential Stuffing

A variant of the dictionary attack where known credentials stolen from other platforms are used to gain unauthorised access. Many use the same credentials for different platforms. Unfortunately, not all platforms are equally well secured. FortiWeb compares the access data with a list of known access data stolen from other platforms and thus prevents unauthorised access.

In addition, FortiWeb also offers the possibility to harden existing web applications. This is intended to eliminate potential attack possibilities. Here, too, Microsoft with Active Sync and OWA is a good example. If you access your company e-mails from outside the company via a smartphone or a browser, you are most likely using Active Sync. Since Active Sync does not use an SMTP protocol, the usual e-mail protection of a firewall does not work here. FortiWeb can then step in and check emails for spam and viruses. Thanks to the Security Fabric integration, e-mail attachments can also be sent to a FortiSandbox and analysed before the e-mail is delivered.

With the help of Virtual Patching, FortiWeb can even protect against known threats from security vulnerabilities for which updates are not yet available. While Virtual Patching cannot replace a proper update, it can bridge the gap between detection and remediation.

In the case of applications that are essential to the business and for which updates are no longer available, FortiWeb can still provide a permanent solution. Fortinet cooperates with IBM for Virtual Patching and uses the insights gained through the use of IBM Security Appscan. This allows security vulnerabilities to be better identified and fixed.

Whether you run FortiWeb as a hardware appliance on-premise, as a VM or even in the cloud is up to you. If you have any questions on this topic, please do not hesitate to contact us.