Symantec WAF: Web App Firewall Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of Top Web Application Firewall Vendors

Bottom Line

Symantec?Web Application Firewall (WAF) & Reverse Proxy can be deployed on-premises or in the cloud with AWS to block known attack patterns with signature-based engines. It does well on known attacks. The latest version has added content nature detection engines to detect obfuscation and prevent new attacks. It remains to be seen how it stacks up against the competition. Due to lack of independent evaluation, those considering it are advised to test it in their own environment.

Product Description

Symantec?Web Application Firewall (WAF) & Reverse Proxy is built on the ProxySG platform. It secures and accelerates web applications. Customers can deploy it on-premises or in the cloud with AWS to block known attack patterns with signature-based engines. Symantec Web Application Firewall content nature detection engines to detect obfuscation and prevent new attacks. It can:

  • Analyze and scan inbound executables and files for malware
  • Reduce false positives
  • Increase zero-day protection
  • Offload user authentication and SSL
  • Monitor and apply policy to inbound connections

Symantec WAF Features Rated

Security: Fair. NSS Labs scored its previous Blue Coat offering with a block rate of only 91.07% and a security effectiveness of 92.45%. However, the company has released a promising new WAF offering. Its Content Nature Detection engines address the shortcomings inherent in the signature-based approach. The Symantec WAF is designed to block new unknown attacks by default. For example, both ShellShock and the recent Apache Struts 2 vulnerabilities were automatically detected without requiring a signature update. The Symantec WAF solution is a full multi-tenant solution, which means you can have multiple web applications defined as tenants in the solution and each tenant can have its own specific security policy that applies to the traffic going to that particular web application.

Performance: Fair. NSS Labs tested Blue Coat at only 1,905 connections and 1,600 transaction per second, lowest in its report and almost two orders of magnitude below the top company. The new WAF from Symantec is said to offer models with 50 Mbps up to 5 Gbps in throughput supporting up to 350,000 active connections.

Value: Fair. NSS Labs gave Symantec a three-year TCO of $170,949 which was middle of the pack. However, TCO per connection per sec as $25.01, the priciest in the report.

Implementation and Management: Good. Users say the Symantec WAF appliance is said to be easy to install, configure, and maintain. The Content Nature Detection engines require no continuous updates and few ongoing configuration changes.

“Implementation was relatively straightforward. Have had some issues and had to manually move to different cloud ‘pods’ to restore services, but doesn’t happen often,” said a CSO in the finance industry.

Support: Good. Symantec uses a partner-led approach to consulting.

“Symantec support team made things easier by supplying us with Best Practice information when configuring,” said a senior IT specialist in the finance industry.

Cloud features: Good. Symantec now has a cloud-based offering available on AWS.

Symantec WAF

Security Qualifications

PCI compliance.

Delivery

The WAF product is available as a hardware appliance and virtual appliance for on-premises deployments and is available as a virtual appliance for public cloud deployments in AWS, Azure (near future) or hosted public cloud data center.

Pricing

NSS Labs said the three-year TCO for its previous WAF was $170,949, making its TCO per connection per second was $25,01, the highest in the NSS Labs report by far. The new WAF is expected to improve on this dramatically.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required