Does your WAF Service Have a Low False Positive Rate?

As cybersecurity threats continue to increase, corporations’ cybersecurity budgets continue to grow. In recent years, in order to protect their cyber assets, companies have started investing in strong programming talent, robust cybersecurity internal protocols and even higher physical security in their facilities. However, when companies come to the decision to choose a protection service for their web apps, they often overlook key criteria.

A computer open to a website with a blue window and three smaller ones. On the left is a mug.
Does your web app have a low false positive rate?

Web apps are often a company’s most valuable asset—storing the company’s precious databases of customer and company information. Because of this dependence, for example, a few hours of Amazon’s web app being down would result in both the website shutting down and a revenue loss of millions of dollars. To prevent a web app shutdown, companies look to using web application firewalls (WAF) to act as a first line of defense against malicious web traffic. However, with so many WAF services in the market, companies often do not know how to judge the services and often look at other criteria like web performance and speed. Although those aspects are important in providing a good customer experience, they do not actually fully protect your web app or your users.

There are two criteria that should be considered when choosing a WAF service for your web app.

1. Does the Service Protect Against Web Attacks?

It is imperative that a web protection service detects, filters, and protect against web attacks. In order to better protect a web app against malicious web traffic, the service needs to have sophisticated detection rules to block hackers from trying to access the user’s web app.

When considering a WAF service, users need to assess if the service has comprehensive web protection, and if the service is successful in blocking attacks. Cloudbric provides eight features that ensure complete web protection, and while also providing excellent web app protection. When compared to a leading competitor, Cloudbric’s WAF service detected more web attacks by +20%.

2. Does the Service Have a Low False Positive Rate?

Often times, many forget that they need to ensure that their web protection service does not block legitimate users. The service’s skill in identifying good traffic and giving those users web app access is represented by its false positive rate. The higher the false positive rate, higher the chance a web service will not identify a good user from a bad user. Likewise, the lower the false positive rate, higher the chance that a web service will correctly identifies good users from bad users. Users need to look for web protection services that promise a low false positive rate as just how they want to block harmful traffic from their web app, they also want to ensure that their users can actually access and use their web apps.

Cloudbric boasts one of the lowest false positive rates in the market. According to Tolly Group’s Test Report in 2015, Cloudbric’s false positive rate is 86% lower than the leading competitor’s rate (4% versus 29%, respectively).

It is incredibly important for companies to protect their digital assets in this increasingly aggressive cyber environment. However, currently, companies are not judging web protection services by all appropriate criteria. In order to ensure that both malicious web traffic is blocked and all good users have access to web apps, companies need to look at the WAF’s web attack detection rate and its false positive rate.  Through these two criteria, a company can identify if a WAF service is truly protecting their web apps while also allowing users to freely access their sites. This way, they do not have to worry about web attacks and can continue to focus on growing their businesses.