Small business: Help! WAF or Web Application Software.. Which one is better?

Since you mentioned XyberShield . . .

Hi, this is Ben English. I'm on the team that developed the XyberShield service.

The Barracuda product is a good WAF; if you're going the hardware route you probably couldn't do better from a price-for-value standpoint.

Few things to be aware of regarding XyberShield:

Because XyberShield is software-as-a-service, it's very unobtrusive. No hardware, obviously, but no real "agent" in the traditional sense -- all you have to add a single line of code to each web page. Similar to adding Google Analytics to a website. Install the code and go. In contrast, setting up a hardware WAF requires you to use someone with technical expertise to redesign your network architecture.

Ongoing maintenance is just as easy. You never have to worry about installing patches or updates. Improvements we make to the defense modules, called XyberFrames, are delivered instantly to all users.

The XyberShield user interface runs in your browser, and is actually pretty fun. Guy who built it is a big James Bond fan, so the dashboard looks like something an ambitious genius would use to rule the world, but an average movie fan would understand most of its functions.

The "behavior-based" aspect of the service is different than anything else you'll see for some time in the web app protection market. This allows XyberShield to protect against types of attacks that a WAF most likely wouldn’t even see -- business logic attacks, navigational abuse attacks, session fixation, and format string attacks.

Do you have any specific questions? Always willing to help. Let me know if you’d like a free trial of the full version of the service.

Best,

Ben

Ben English
benglish@xybersecure.com