Web applications are a necessary part of doing business in 2019. Walk into any department in any company — large or small — and employees likely have several web app browsers on their screen that are making their job function easier. We are talking the sites that modern day businesses depend on: Google CloudSlackWordPressDropBoxPayPalShopifySalesforce…and the list goes on for miles.

While these advancements are great for workplace productivity, web apps, SaaS platforms and cloud-based technologies have also become the most common method of compromise against any company with an internet presence. 

Sure, ransomware attacks get a lot of the big headlines, but some of the biggest data breaches over the last couple of years have been against web apps. Why? Because they are the most susceptible to human error and/or negligence. 

Think back to Equifax:

“Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people…” Equifax Has No Excuse

When attackers find a single weakness in a widely adopted web app, like a popular CMS system such as WordPress for example, they will use automated tools to find that web app and target it. The most common attack types being Cross-Site Scripting (XSS), SQL Injection (SQLi), Path Traversal, Local File Inclusion (LFI), and Distributed Denial of Service (DDoS).

All Web Applications Are Vulnerable

Trustwave, a provider of managed security services, recently published their 2019 Global Security Report identifying numerous trends based on breach investigations that the company had conducted in 2018. One of the most alarming findings in the report is that 100% of web apps tested by Trustwave had at least one vulnerability. Additionally:

  • The median number of vulnerabilities in web applications grew to 15, up from 11 in 2017
  • 80% of the vulnerabilities discovered by penetration testers were classified as low risk, with the remaining 20% rated medium to critical.

Why WAFs are Not Enough

A recent study by the Ponemon Institute found that the majority of organizations are dissatisfied with the effectiveness of web application firewalls (WAFs), which protect web applications by analyzing HTTP/HTTPS data. 

Sixty-five percent of respondents said a web application attack bypassed their WAF within the past year with forty-three percent admitting they only use them to generate alerts. 

Other driving factors behind dissatisfaction with WAFs:

  • They are complex and resource-intensive, requiring full-time monitoring
  • They are costly, adding upwards of $100K+ to the security budget 
  • They produce a high volume of false-positive alerts
  • They are set up to detect pre-configured patterns, therefore are unable to protect from zero-day attacks or the rise of automated botnets

“Firewalls, antivirus and other defensive tools are still essential to mitigating risk, but no longer enough to stop today’s increasingly sophisticated, stealthy attackers. To proactively combat endpoint security threats around wireless productivity tools, BYOD, and IoT devices, enterprises must also be proactive in detecting the presence of unknown, unauthorized, rogue and/or misconfigured devices in real-time so security teams can respond quickly and effectively.” Paul Paget, Cybersecurity Expert and SVP at NormShield.

AI-Powered Network Monitoring to Protect Web Apps from Zero-Day Attacks

As Mr. Paget says above, while firewalls are essential tools to secure application environments, it is critical to complement and support them with an AI-powered network monitoring solution for detecting unknown, zero-day web-security threats. 

Just as I mentioned in my blog about the gap in endpoint security a couple weeks ago, attackers don’t just rest when they gain access to a network. They have to move around to find the data. By monitoring wire data — the information that passes over computer and telecommunication networks defining communications between client and server devices — and using context-aware AI technology, you are able to see the how, when, and where of attackers gaining access to your network.

Web apps are an integral piece of business processes today. Supporting your application security program with an AI-powered network monitoring platform that will improve your visibility and complement your WAF and endpoint products is essential. 

In addition, AI has proven to be an effective solution in reducing false positives in cybersecurity software (like WAFs), empowering analysts to spend a lot more of their valuable time threat hunting and looking deeply into the events that actually matter rather than wasting massive amounts of time on false positive alerts.

By Kyle Pullman, Strategic Partnerships at MixMode