You may have noticed we try to avoid using the term “WAF,” or refer to our Polyform product as a “WAF replacement,” even though it very clearly provides all of the same (alleged) benefits of a classic WAF. This is primarily due to our teams consisting of longtime hackers, DevOps folks, and sysadmins who have (what seems like) a lifetime experience of dealing with WAF technology.
I recall back in the Dark Age of the Internet (the mid-90s) when WAFs first began to emerge, and I was working in IT during the “Dot Com Boom” of the Early 2000s when E-Commerce exploded and the main deluge of WAFs really began to flood the market. All of the products did pretty much the same thing: block suspicious POST strings, and if an attacker was being particularly obnoxious, block their IP. A devastating response in Ye Olde Days when obtaining a new IP was a relatively arduous task.
Fast-Forward 20 years to our present utopia of 2019. Artificial Intelligence and Machine Learning have helped WAF technology to transcend existence itself, stopping attacks by leveraging Quantum Computing to simply only allow requests through that come from perfect realities where attacks no longer exist!
View from Kasada’s offices in what used to be Chicago, IL, USA. Countries, as we know, now no longer exist. Artwork by Adam Varga
I am, of course, joking. Most WAF attack detection and response technology hasn’t changed much, if at all. IT enterprises are spending incredible amounts of money on appliances and support contracts on ancient methodologies that weren’t even particularly good when they were new. In the meantime, attack techniques and technologies have continued to advance, and these days bypassing a standard WAF is usually trivial.