Qualys brings IronBee WAF to life

The security vendor is to release the beta of its open source WAF in April this year.

Cloud security

Qualys, one of the original cloud-based security vendors, has come good on last year's promise to release a web application firewall (WAF) based on open source code.

Codenamed IronBee, the WAF will send traffic running to and from an application to Qualys servers, scanning it to check for threats.

When IT Pro spoke to the man leading the IronBee project, Ivan Ristic, in 2011, he said the company was not concerned about competitors taking the code and using it for their own rival products.

If the code for pcAnywhere had been open source these (vulnerabilities) would have been found before.

But in light of the recent Symantec source code leak, which saw pcAnywhere customers placed in danger, was Qualys worried about the potential security threat to its own software if it was sharing the code with the wider community?

Wolfgang Kandek, CTO at Qualys, said using open source code would actually boost the security of the product.

"If the code for pcAnywhere had been open source these [vulnerabilities] would have been found before," Kandek told IT Pro today at the RSA 2012 conference.

"I think the open source model is superior.

"If you were a bad guy, you could [find and exploit vulnerabilities]. The question is would you find more than if you just look at the binary."

The code will be closely guarded and watched over by Qualys, to mitigate any potential nefarious use of it.

Kandek even claimed that going through Qualys' servers would help deliver applications faster in some circumstances.

"We think, from our measurements so far, that this will actually accelerate typical websites," he added.

"For instance, if you took Qualys.com, that's a cluster of two servers, and it's load balanced and all that, it's redundant, but it sits in California. With this protection on it, it would actually gain global presence because if someone from the UK accessed it, our node in the UK would serve the content.

"The content would still come from the US originally, would go through a node in the UK, but it would actually be cached there. So if you requested the page, you would get it from that node with the caching rules and you would gain the additional protection facilities."

He said the WAF, which will enter beta in April, will be more interesting for small and medium sized businesses.

It will be delivered on a per-web application cost model. Kandek promised pricing would be "competitive."

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020