Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. Today, threat vectors are being introduced at all layers of the network. For example, the Slowloris and HTTP Flood attacks are Layer 7 attacks...a traditional network firewall would never stop these attacks. But, nonetheless, your application would still go down if/when it gets hit by one of these. It's important to defend your network with more than just a traditional Layer 3-4 firewall. That's where a Web Application Firewall (WAF) comes in. In this video, John outlines what a WAF is and why your web application needs one.