All Fortinet Fortinet 2023 Sponsored Tech Field Day Events Tech Note

The Importance of a Web Application Firewall with Fortinet

It’s been over 10 years since the idea of drone delivery was introduced. Since then, many companies have used drones for delivery services, for shooting movies, and even to fly around the stadium during the World Series. 

Adding these devices to enterprises takes a series of web applications. And that comes with the risk of bad guys attempting to hack into the apps and take over the drones. So having a good security WAF is imperative – even if one is not planning to fly drones. 

Why Use a Web Application Firewall

At the Cloud Field Day event, we had an energetic demonstration from Fortinet’s Srija Allam and Julian Petersohn. Through a live demo, they showed how an injection into a web application controlling drone can interrupt production. 

As Srija ran the app, Julian ran an injection script to show how easily he can seize command of the device. In a production environment, this could wreak havoc, or simply re-route the drone to a different destination. This underscores the importance of having a WAF that can identify, inform, and prevent a wide-scale catastrophe. 

FortiWeb Cloud WAF protects data from threats like SQL injection, cross-site scripting (XSS), and remote code execution (RCE) attacks. 

More than Just Drones

In reality, many web apps run on a daily basis without running into consequences like a re-routed copter. These scripts inject periodically, causing small errors in production lines, scheduling systems, and such.

Think of it like the hack in the movie “Office Space”. The algorithm they introduced was supposed to move fractions of pennies over, making it seemingly unnoticeable. If the hacker is in for the long game, they’ll try to avoid detection as best as possible. This is why it’s important to have something that will spot the irregular at the atomic level. 

How WAF Comes into Play

Web applications go from testing to production everyday. There are 10 different types of web applications – static pages, dynamic pages, ecommerce, and more. Companies like Amazon, Facebook, CNET, Google Maps, and PayPal, are publishing and monitoring them every minute of every day. 

A WAF prevents a hacker from changing the Amazon links to a malicious site, for example. It helps make sure they don’t lift people’s personal information, or re-route orders so buyers never receive them.

Solutions like the FortiWeb Cloud is aware that mistakes happen. The Cloud WAF’s job is to identify a problem quickly, send notification, and help close the breach as soon as possible. 

Adding Machine Learning and Analysis

At a high level, the steps entail identifying, prioritizing, and planning a course of action. Having machine learning map out a plan within seconds of the breach can minimize any damage caused. In the case of a drone, it could detect, shut down, and put the device back on track for delivery. 

FortiSOAR and FortiAnalyzer are two applications within FortiWeb that can scan out and plan a reponse to any malicious interference. In the example Srija and Julian showed us, they used a Kubernetes cluster on Azure to demonstrate how these programs take action. 

“We onboard the apps we are testing, and it’s in monitor mode.” Srija states. “This might be a staging application, but somebody is actually looking at your app and is still hacking or attacking these. So that is why it didn’t block it in the first place.”

Once the attack happens, reports of malicious activity show up due to an open API request, and it identifies as a command injection. That is where an administrator can take action right away. As the approval happens, the hacker is instantly blocked. 

“As of today, we can do JSON based schema protection, REST API or Swagger, open API framework, schema protection, and also SOP or XML schema protection,” Srija told.  “And also gRPC. It’s not schema protection, but we already added those to your PC-based protection to our graph. So either way, any API or protocol, you can do schema protection.”

Conclusion

The bottom line is, we need to protect our web apps. A Web Application Firewall is key to doing that. And having a robust set of tools to identify and report problems, and at the same time, predict and prevent them makes any admin’s job easier. Especially the fact that operators can customize the notification system and be able to say “Send it all to me”, or “Let’s delegate tasks” is impressive. 

So the next time a new web app is deployed for anything – drones, deliveries, notifications, payments, and more – it’s nice to know that there is a system that will make sure it’s secure. 

Be sure to check out Fortinet’s presentation from the recent Cloud Field Day event to see it in action. 

About the author

Jeffrey Powers

Jeffrey Powers covers consumer, enterprise, auto, and music technology, along with audio/video podcasting. His web brand – Geekazine.com – keeps you up to date with interviews, reviews, and much more. Geekazine LIVE! is the live stream, which can be seen on Twitch and YouTube, and covers events for many clients. Jeffrey is also one-half of Build Day LIVE! – an event covering Enterprise Day-One installations.

Leave a Comment