Hybrid WAF

Hybrid Web Application Firewall (WAF) is the latest strategy for effectively protecting an enterprise and its IT infrastructure. Part of a blended approach, hybrid WAF combine technologies to protect both cloud-based and on-premises applications.

A hybrid WAF prevents web application attacks that target cloud-based and on-prem applications using the same security policies and management infrastructure. It also combines cloud-based and on-prem WAF to offer protection to the entire application portfolio.

A cloud-based WAF, typically deployed outside the enterprise firewall, can stop an attack closer to the source — before it hits your network perimeter. It is especially equipped to deal with web application and DDoS network attacks.

An on-premises WAF, typically deployed inside the enterprise firewall, sits closer to your assets and applications. It mitigates internal threats from both malicious and compromised insiders.

Why Do You Need a Hybrid WAF?

Moving to the cloud has become an overwhelmingly popular trend even among organizations that were at first reluctant to make the move. Traditional security strategies that only address on-premises vulnerabilities are no longer applicable. It has become vital that cloud-based and on-premises applications are instead considered and managed as one singular entity. This approach encourages a unified protection strategy, eliminating security gaps between on-premises and cloud-based applications.

Hybrid WAF: Phased Implementation

Migrating to the cloud can take time, sometimes years, and often starts with first moving peripheral workloads to the cloud while leaving the core business components (such as databases and the applications serving them) in the physical data center.

Although migration to the cloud has indisputably proven its cost and ease-of-deployment benefits, many companies must move cautiously when migrating to the cloud. A few relevant questions to ask are:

  • Are there assets you want to leave on-prem?
  • How do you plan to manage and orchestrate cloud components with on-prem workloads?
  • Do you need a security strategy that is tightly contained, or can scale out?

The responsibility for keeping an enterprise IT infrastructure up and running while implementing cloud delivery service models is a complex undertaking, requiring a set of security strategies for both on-premises and cloud-based applications.

The same level of security that was implemented for on-premises applications is needed for cloud-based applications. Web application security has spawned an entirely new set of concerns during cloud migration, and those concerns can be addressed by hybrid WAF.


A hybrid WAF solution must address the need to secure applications during the transition period from on-premises to the cloud.

The hybrid WAF solution should allow for the same set of security policies for on-prem and the cloud, while maintaining the integrity of newly-migrated applications. And it should provide a birds-eye view of the entire application infrastructure, enabling responsive counter-measures and remediation.

The advent of cloud-based applications is the clear path to the future. A hybrid WAF solution is an effective security measure that addresses this sea-change in enterprise application architecture deployment.

Learn how Imperva can help you deploy a hybrid WAF.

You might be interested in:

Reputation Intelligence

In an ideal world, every website is safe. No one is trying to steal your access credentials or…

Learn More

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is used by attackers to inject malicious code into vulnerable web applications. Unlike other web…

Learn More