https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

From the Industry


Sponsor Content

Broken window

How WAF-as-a-Service Addresses Critical Customer Vulnerabilities

  • August 20, 2018
Web applications represent a significant security vulnerability for most companies, but very few are adequately addressing the problem.

For MSPs that want to extend their security footprint within their client base, providing web application firewall (WAF) services offers a way to increase revenues while reducing data breaches for customers.

Just how big is the web application security problem? According to WhiteHat Security’s 2017 Application Security Statistics Report, 75 percent of cyberattacks are aimed at applications, while just 25 percent attack the network perimeter. Spending on security, however, is almost the inverse of that. According to the report, 90 percent of security investment is at the network edge, while just 10 percent of those investments go toward application security.

The WhiteHat study also pointed to other data that further outline these vulnerabilities:

  • 30 percent of total breaches reported involved attacks on web applications
  • 77 percent of web app attacks were carried out by botnets
  • 32 percent of attacks exploited SQL injection errors

According to WhiteHat: “Application vulnerabilities continue to be a significant problem; however, there has been marginal improvement across the board. In 2015, web applications analyzed had an average of four vulnerabilities. That number dropped to three vulnerabilities in 2016. While this represents a 25 percent improvement year-over-year, most applications have three or more vulnerabilities, with almost half of them being ‘critical.’ These errors could result in data loss, theft, or denial-of-service attacks if not properly remediated.”

Additionally, various studies show that a website is hit by a critical exploit nearly every half hour, and WhiteHat says there are 51 vulnerabilities per website on average. The 2017 Verizon Data Breach report indicates that 44 percent of attacks come through vulnerable apps. The average web application attack costs $15 million and takes 46 days to resolve.

Why WAF-as-a-Service Is a Perfect Fit for SMBs

Traditional application security solutions are often too complicated and expensive for smaller businesses to implement, often don’t have enough controls, and may not work for apps deployed on the cloud. These companies need help.

WAF-as-a-Service offerings help MSPs address their customers’ web app security, so they reduce risk while also allowing MSPs to grow their businesses and build stronger client relationships.

Outsourcing web application security is going to be increasingly attractive to smaller businesses, particularly as application threats expand in number and complexity. The Open Web Application Security Project’s (OWASP) most recent list of the top 10 threats includes issues like injection flaws, broken authentication, sensitive data exposure, XML external entities, broken access control, and other vulnerabilities that are relatively easy for attackers to detect and exploit.

A WAF-as-a-Service solution can protect those apps while also simplifying setup, management and reporting for the MSP. The solution can also protect against risks identified by OWASP, including DDoS, zero-day exploits and brute-force attacks.

Scanning for vulnerabilities is not only a vital piece of this type of service, but it can also help initiate the conversation about these types of security threats with customers. For example, Barracuda MSP’s WAF-as-a-Service offering includes Barracuda Vulnerability Remediation Service, which scans customer apps on a pre-set schedule. Any vulnerabilities are identified and imported into the WAF to implement remediations automatically.

For customers who aren’t aware of just how big a risk their web apps pose, MSPs can offer to scan their websites and applications using the Barracuda Vulnerability Manager to identify any existing problems. The solution is free, doesn’t require a WAF license and takes just a few minutes to set up.

By sharing scan results with customers, MSPs can illustrate each customer’s needs and talk about the importance of adding a WAF, as well as regular scanning and remediation services.

Many small and midsize (SMB) companies aren’t aware of just how vulnerable they are to an attack via their web applications. Offering a WAF-as-a-Service solution allows MSPs to provide ongoing protection with minimal cost and complexity. It can also complement other managed security offerings with a product that is easy to price and bill.

Poorly designed and unsecured web applications can provide a backdoor for attackers into your customers’ critical business systems. WAF-as-a-Service gives MSPs a way to quickly and easily identify and address threats, as well as adding a new source of recurring revenue.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

This guest blog is part of a Channel Futures sponsorship. 

 

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs From the Industry Networking Security Barracuda MSP Sponsor Content

Related


  • security centric
    The Importance of Being Security-Centric
    Why security-centric MSPs will find success in 2021.
  • 2021 predictions
    Three 2021 Predictions that MSPs Can Bank On
    Among 2021 predictions, this one is almost guaranteed: Cloud, security, and training will remain key strategies for MSP success.
  • Cyberattacks
    A Baker’s Dozen of Cyberattacks
    The most successful cyberattacks are designed to bypass email gateway defenses using social engineering, fraud and other strategies.
  • Security awareness training
    Solve the Cybersecurity People Problem with Security Awareness Training
    Evolving threats highlight the continued importance of security awareness training.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 5 Things MSPs Can Do to Mitigate the Economic Impact of COVID-19
  • Remote Security: It’s Not Just about Devices Anymore
  • Survey Results: Public Cloud Security Is a Top Customer Concern
  • Cyberthreats to Watch out for in 2020

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

Partners Share Their 2021 Goals—and Plans for Achieving Them

January 26, 2021

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

Webinars

View all

Your Network Perimeter Has Changed

February 18, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@CryptoStopper hires @GetChanneled to build partner program, act as virtual channel chief. #ransomware… twitter.com/i/web/status/1…

January 27, 2021
ChannelFutures

MSSPs, check for this ‘novel’ social engineering threat from North Korea. #Google. dlvr.it/RrTS9J https://t.co/2mDcnNvkHz

January 27, 2021
ChannelFutures

.@keepersecurity report shows financial sector heavily targeted by #cybercriminals. dlvr.it/RrTBPz https://t.co/joTBNeb2MT

January 27, 2021
ChannelFutures

.@Trustwave unveils new global referral partner program. #cybersecurity dlvr.it/RrT9Td https://t.co/amXCw33UsF

January 27, 2021
ChannelFutures

Ecosystem security provider Cyberpion launches first #partnerprogram. dlvr.it/RrSnxK https://t.co/g7Po3jq8iw

January 27, 2021
ChannelFutures

Strategic digital investments leaving U.K. channel partners feeling optimistic about 2021. @CiscoPartners @bt_uk… twitter.com/i/web/status/1…

January 27, 2021
ChannelFutures

Partners share 2021 goals and tips to achieve them. @ConnectWise #SMB #cybersecurity #MSP dlvr.it/RrPzKJ https://t.co/gBsXooSnnB

January 27, 2021
ChannelFutures

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue dlvr.it/RrPJWz https://t.co/qFvS3o0XIZ

January 26, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X