The Inner Circle

Expand all | Collapse all

Cloud WAF CyberRisk Validation Methodology for Review and Feedback

  • 1.  Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 16, 2021 11:24:00 AM

    With the everchanging threat landscape, now more than ever organizations are racing to protect both their on-prem and cloud-based applications and workloads. These so-called assets have not only become incredibly complex but difficult to secure as a resultant of the vanishing perimeter-based security models.                     

    To help organizations regain the upper hand against current attacks, SecureIQLab has undertaken the validation of popular web application firewalls that have the ability to protect assets in the cloud. The results from this testing will help enterprises differentiate between WAF vendors and justifiably shortlist certain vendors for their own proof of concepts. Our validation will help organizations understand the return on security investment for WAF solutions and evolve their layered defenses to prevent applications and workloads from being exploited. The methodology is available for download here.

    SecureIQLab collaborates with organizations and security vendors to bridge the applied intelligence gap that exists between market and technology research to provide operational security and the metrics to improve Return on Security Investment. To that end, we look forward to comments and feedback on this methodology from the CSA community. Feel free to DM me if the feedback is sensitive.





    ------------------------------
    David Ellis
    VP Sales and Corporate Relations
    SecureIQLab
    ------------------------------


  • 2.  RE: Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 17, 2021 07:26:00 AM
    Good day David,

    I can share this document in my Linkedln?

    Thanks a lot!!!

    ------------------------------
    Jorge Ivan Marmolejo
    Advisor 27001 and GRDP
    QWERTY GRC
    ------------------------------



  • 3.  RE: Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 17, 2021 08:39:00 AM
    Hi Jorge,

    Yes. Please share the methodology with the understanding that there will be future iterations with more use cases, advanced testing, and that we invite feedback.

    Thank you,

    ------------------------------
    David Ellis
    VP Sales and Corporate Relations
    SecureIQLab
    ------------------------------



  • 4.  RE: Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 17, 2021 08:29:00 AM
    Realy nice document David!

    Best regards
    TJ

    ------------------------------
    Tomasz Janczewski
    ------------------------------



  • 5.  RE: Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 17, 2021 08:40:00 AM
    Thank you TJ!

    ------------------------------
    David Ellis
    VP Sales and Corporate Relations
    SecureIQLab
    ------------------------------



  • 6.  RE: Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 17, 2021 10:42:00 PM
    hi David , Good to see this and eager to see some results

    One question,  is deployment model also will be on evaluation criteria ?  For example : if pure SaaS model then typically traffic lands at WAF provider and then sent to intended web application , due to this HTTPS connections to be split , making it sometimes vulnerable for data between WAF and web app.
    Would be interested to learn some pros and cons from security perspective of all the 3 deployment models mentioned.


    ------------------------------
    Sashank Dara, Ph.D
    CTO/CoFounder
    Seconize
    ------------------------------



  • 7.  RE: Cloud WAF CyberRisk Validation Methodology for Review and Feedback

    Posted Jun 21, 2021 08:13:00 AM
    Hi Sashank,

    Thank you for your question. Certain aspects of deployment are evaluated in this test version. However, the specific example you cited is under consideration for the next round of testing. Feedback, such as yours, is important for our testing roadmap conversation.

    Sincerely,

    ------------------------------
    David Ellis
    VP Sales and Corporate Relations
    SecureIQLab
    ------------------------------