WAF’s Critical Role in the WFH Movement

Many businesses had to adapt quickly to enable workers to work remotely during the pandemic, and cybercriminals adapted their strategies rapidly, too.

The pandemic forced IT administrators at many companies to expose internal-only apps to the public internet so remote workers could access them, opening up new vectors of vulnerability to a growing number of cyberattacks.

Nitzan Miron, vice president of product management and application security services at Barracuda, shares his perspective on how MSPs can adapt their security strategies to protect customers no matter where they’re working.

What’s the current state of the cyberattack landscape?

Miron: We still see elevated attack activity on web applications. Much of the attack activity isn’t “institutional” hacking but somewhat indicative of people with time on their hands and the knowledge to install basic hacking tools.

Has remote work made the need for WAFs (web application firewalls) more vital?

Miron: Remote work has forced IT administrators to expose previously internal apps to the public internet so that remote employees can access them. Even worse, this has been done hurriedly so as not to affect the business. Therefore, a WAF is vital to protect all public-facing applications, especially those that weren’t meant to be public-facing and may not have been audited to that standard.

When businesses are readjusting revenue projections and facing more aggressive cybersecurity attacks, how can they balance the two?

Miron: There is no need to buy the most expensive, most aggressive cybersecurity solution on the market. Attackers, especially those non-professional hackers with too much time on their hands, are looking for easy targets. Installing any WAF—even an open-source or more affordable one—will make you a much more challenging target than those who don’t, and it will help divert attackers elsewhere.

Can MSPs offer their clients solutions that can help them protect their businesses affordably?

Miron: Absolutely – cybersecurity is an area where MSPs can provide value by bringing in expertise that the organization may not have in-house and is extremely hard to find. Our partner MSPs have expanded rapidly to cover the gap the pandemic created.

What advice can you offer MSPs regarding selling WAFs?

Miron: Don’t wait for customers to ask for WAF; they may not know they need it or even what it is. Proactively reach out to your clients and ask them about their web applications and how they may be exposed to attacks.

Partner with a company that provides easy-to-use WAFs that can be deployed in minutes or hours, not days and weeks. This allows you to onboard many customers with the limited staff you have and also will enable you to provide more affordable solutions to match customers’ contracting budgets.