Verizon Digital Media Services has announced a cloud-based web application firewall (WAF), as it seeks to help its customers protect their websites and web-based applications from cyber-attacks. Currently in beta, the WAF utilises a set of rules to determine access to websites that have been identified as vulnerable, and Verizon says these rules can be deployed worldwide within minutes.

WAFs work by inspecting http traffic to ensure the requests are not being used to attack a site or application. Users can determine what types of traffic or sources to route through the WAF, to minimise performance overhead losses whilst maximising security.

 “In initial testing we found the Verizon WAF to be extremely intuitive with a level of control not seen in other cloud-based WAFs,” said Charles Hachtmann, CTO of online retailer Novica. “Furthermore, the integration of the WAF into the Verizon EdgeCast Control Center significantly reduced our learning curve.”

Verizon says its WAF has more rule sets deployed to the cloud than other cloud-based alternatives, with a tightly integrated CDN to give customers more controls and tools to block and fend off attackers. It supports a combination of WAF rule sets – the general ModSecurity Core Rule Set from the Open Web Application Security Project (OWASP), plus the advanced commercial rule set from web security firm Trustwave.

“In today's web application-threat landscape, organisations should employ security in layers where it is more cost-effective to block easy-to-spot attacks in the cloud, in combination with deeper analysis at the customer location,” said Andy Bokor, general manager of Threat Intelligence and Research at Trustwave.

WAFs are becoming an increasingly important security option to protect websites and web applications, but they have been traditionally been deployed on customers’ premises and have involved complex customisations to support the applications they protect. Verizon says its cloud-deployed WAF offers customers cost savings, on-demand scalability, always-on capabilities and rapid time-to-market benefits.

When used with its EdgeCast servers, Verizon says its new WAF can push out updates in less than five minutes, which is up to 900 per cent faster than competitive offerings.

Whilst not mentioned by name, one of those competitors is Akamai, which currently enjoys a strong market position with cloud-based WAFs. Another vendor in this space is Cloudflare. However, the emergence of Verizon’s alternative should help to lower costs in what is not a cheap purchase for enterprise customers.

As DDoS attacks increase in frequency, any solution that helps prevent them, or reduces their impact, is welcomed. Utilising the cloud for distribution, and being able to quickly implement a set of new access rules whenever a new type of vulnerability is identified should be a positive move in the war on cyber terrorism and malicious attacks. The US government said earlier this year that the risk of cyber-attacks is likely to increase with the growth of networked health care and emerging technologies.

According to Gartner, the market growth for WAFs was 30 per cent last year with a market value of $337 million.