Before 9.3 software release, NetScaler Web Application Firewall (WAF) has been following the positive security model. Positive security model protects against zero day attacks and custom attacks. For those that may need some more details on zero-day attacks, here is a link for reference – zero day attack. For the most basic meaning of positive security model, it is pretty much a white list or approved list that are allowed. Positive model does not require signatures and is RFC compliant.
In the Negative security model, this require signatures and should know the attacks so that protections can be created for those attacks. This integrates very well with 3rd party scanning tools such as Cenzic scanning tool (which I previously blogged and link to tool is here http://community.citrix.com/x/WYfxCQ) to really make it simple to create signatures for protections.
Where does Hybrid model fit in here – you gotta wonder? Well as the name may already indicate, Hybrid Security model is a combination of positive and negative security models. Why is this critical? For some customers that may have scanning tools in place, this model makes it easy to integrate with different scanning tools as well as add positive security model for more flexible and adaptive protections. Having a WAF that can do both really gives it that advantage that customers are looking for that is dynamic based on their network environments, especially with evolving and sophisticated web app attacks happening.
Feel free to check out Here for more info on NS WAF.