Educause Security Discussion mailing list archives

Re: web application firewalls

From: Neil Matatall <nmatatal () UCI EDU>
Date: Tue, 22 Sep 2009 09:14:35 -0700

Gladly.  We started with ModSecurity but recently moved to Imperva's
SecureSphere with Database Monitoring.  It has taken up a bit more time
than we anticipated but overall we absolutely love the product.  I'd be
glad to answer any questions you have and get you in touch with the
right sales people (who discounted generously for higher ed).  Also, I
will be presenting on WAFs at the Educause annual conference if you are
attending and interested.

Breach and F5 are the other big players.  We almost went with F5 because
of it's integration with our application switch.

Also, I'd like to point you to the Educause Effective Practices Group's
case study on WAFs <http://net.educause.edu/ir/library/pdf/EPS305.pdf>
(this was before we deployed SecureSphere).

I also suggest you check out the Web Application Firewall Evaluation
Criteria <http://www.webappsec.org/projects/wafec/> from the Web
Application Security Consortium <http://www.webappsec.org/>.

Neil

Mark Reboli wrote:


Is anyone running a web application firewall that would share which
one and from your prospective how well it is working for you.



Thank you





Mark Reboli

Network/Telcom/IT Security Manager

Misericordia University

(570)674-6753

Current thread:

web application firewalls Mark Reboli (Sep 22)
- <Possible follow-ups>
- Re: web application firewalls Christopher Jones (Sep 22)
- Re: web application firewalls Neil Matatall (Sep 22)
- Re: web application firewalls Pratt, Benjamin E. (Sep 24)