The web application firewall technology goes beyond vulnerability scanning efforts, secure coding initiatives, and network security solutions by providing organizations with continuous, real-time web application-specific security. It offers customized, behavior-based security for each protected application. We use a profiling system and multiple, collaborative detection engines to ensure the flow of mission-critical traffic while supplying complete protection for applications to keep the organization’s confidential information safe from targeted attacks and leaks. This coupled with the monitoring of application health make this technology the next generation in protecting your web applications
Key Features of the Technology:
Dynamic Application Profiling - The system maps all levels of application behavior, so there is no need for detailed knowledge or secure coding. As the application is updated, it automatically detects the changes, learns them, and adjusts the profile. Inbound and Outbound Traffic Analysis - inspects both incoming and outgoing traffic to block hacker-informative error messages and prevent application defacement and data theft. Pre-defined and customizable technmology within the engine represent patterns that identify a specific type of information, such as credit card or Social Security numbers. Organizations can set policies to alert on and prevent the loss of matching data. Application Security Defect Detection - Identifies and reports on application security defects caused by insecure coding techniques. These defects, such as missing images or hyperlinks and improper request handling, negatively impact the user experience by preventing application access or disabling the web server. Each protected application is passively monitored for anomalies in its responses. If necessary, corresponding inbound requests are analyzed to determine underlying causes. By assessing an entire application in its actual environment, the technology can pinpoint defects that would otherwise go undetected during a code review or vulnerability scan. Out-of-the-Box PCI Compliance – Built-In PCI Compliance functionality that is pre-packaged rule sets specifically designed for organizations working to comply with the Payment Card Industry Data Security Standard (PCI DSS). These rules ensure the proper configuration of security mechanisms for attack prevention as well as logging of all payment card usage for compliance. PCI-specific reports provide an immediate view of the system’s overall level of compliance as well as details of sensitive information use for audit purposes. Full Monitoring and Blocking Capabilities
A full suite of monitoring and blocking capabilities allow organizations to customize the response to threats. A simulation mode facilitates deployment by indicating what would be prevented, without requiring full blocking functionality to be enabled. WebDefend’s blocking capabilities include blocking packets in in-line mode, logging out malicious users, integrating with popular web servers for attack blocking and network firewalls for IP blocking, and TCP resets.
SSL Attack Detection:
WebDefend replicates and decrypts SSL traffic streams without terminating the original encrypted session. Immediately after decryption, WebDefend inspects the traffic entering and leaving the web environment, providing full visibility and attack detection capability without compromising performance.
Intuitive Management Console:
The easy-to-use WebDefend Management Console provides a single point of sensor configuration and management. Organizations can immediately use the console, without any initial training, to gain full visibility into their web applications’ architectures and security. The instructive console helps organizations understand the context in which events are generated and remediate problems quickly. For every event detected, a detailed description pinpoints the vulnerability, offers insight into its meaning, and assists with its resolution. The console offers multiple event views, allowing organizations to examine entire transactions and see the error messages presented to users. Events can also be filtered, so only exceptions are shown. Powerful reporting tools help to communicate web application security defects to development, meet compliance requirements, and track the effectiveness of WebDefend policies.
- Provides real-time, continuous web application security.
- Delivers non-intrusive and effective security—WebDefend can be deployed either out-of-line or in-line to block detected attacks.
- Automates web application compliance to regulations and industry standards, such as the PCI DSS.
- Detects security defects that vulnerability scans miss, by passively monitoring web application traffic.
- Bridges the gap between security and development teams with detailed reporting on sources of vulnerabilities for quick remediation.