Why are web application firewalls (WAFs) commonly deployed in monitoring mode?
As we all know, WAFs are designed to protect websites. The problem is that each website has its own code and design, which makes it difficult to protect. In our presentation, we will explain the advantages and disadvantages of the different models offered today.
Even with carefully written code and strict permissions on the website, there is still room for human error and unknown risks. Many organizations therefore deploy web application firewalls (WAF), but configure them to alert rather than block. A real-world presentation showed why this happens and what approach can reduce false alarms and enable safe blocking of attacks. The operating system and the web server are standardized, but application code is always bespoke and hard to protect with a universal solution. Many WAFs rely on learning the structure of the site, attack signatures, and complex regular expressions that require constant updates and often lead to false positives. As a result, companies keep the WAF in monitoring mode and the security team handles incidents manually. The investment thus often delivers only warnings instead of real defense.Why many firewalls only monitor
