Презентация продукта Web Application Firewall (WAF) от одного из "пионеров" и нынешнего лидера* отрасли (*по версии квадранта Gartner для WAF от 2014 года)
Russian presentation of WAF solution from the leader of the market (*according to Gartner MG from 2014).
The SecureSphere Web Application Firewall provides the defenses that are needed to stop threats like Anonymous and other hacktivist groups, cybercriminals, and state-sponsored hackers.
First, SecureSphere offers multiple layers of defense to stop technical attacks that exploit application vulnerabilities, like SQL injection and cross-site scripting. SecureSphere provides Dynamic Profiling to learn protected applications and identify unusual activity. Attack signatures stop known attacks. HTTP protocol validation prevents evasion techniques like double encoding and redundant headers. SecureSphere monitors cookies and sessions and can sign or encrypt cookies to stop cookie poisoning and session hijacking attacks. And IP reputation awareness recognizes known malicious users. SecureSphere offers many more defenses like Web worm protection and data leak protection, but these are the most essential to stopping technical attacks.
++++++++++++++
In addition, SecureSphere stop business logic attacks like site scraping, comment spam, parameter tampering and application DDoS. It uses reputation-based security and pre-defined security policies that detect excessive requests and bots. In addition, SecureSphere offers geolocation to detect and block sources from undesirable countries.
+++++++++++++++
Lastly, SecureSphere prevents fraud by detecting devices that are infected with malware, are suspicious or have performed fraudulent transactions in the past.
++++++++++++++++
And we offer pre-defined and custom policies that can combine these defenses for extremely accurate attack detection.
May 21, 2007
May 21, 2007
May 21, 2007
May 21, 2007
A fortune 100 US bank inherited a treasury application as part of the acquisition of another bank. Web application scans found that the application had 57 vulnerabilities which would cost millions of dollars to fix.
The acquiring bank wouldn’t allow vulnerable apps into their own datacenter. So they needed to fix the application quickly or pay to keep the old datacenter open just to host the legacy application. They planned to replace the application and they didn’t want to invest a lot of resources to manually fix the vulnerabilities.
With the SecureSphere WAF, the bank was able to mitigate all of the vulnerabilities found by the scan. Periodic scans performed by the bank confirm that the treasury application is still secure.
If you compare Web Application Firewalls to Intrusion Prevention Systems and Next Generation Firewalls, the differences are clear.
While these products may contain a handful of attack signatures, they are not effective at stopping Web application attacks. They do not have sophisticated security engines that can analyze Web application profile violations, keywords, and protocol violations together to correctly identify Web attacks. Secondly, they can’t stop threats like bots or protect cookies or sessions. They typically do not offer any type of reputation-based protection and if they do, it is focused on email spammers, not Web threats.
Moreover, IPS’s cannot stop business logic attacks like site scraping and application DDoS and they can’t prevent Web fraud. In addition, many IPS products can’t even decrypt SSL traffic.
+++++++++++++++++++++++++
Because of this, IPS’s suffer from a high rate of false positives and false negatives when attempting to stop Web application attacks. In addition, it is easy for hackers to evade them by using encoding or exploiting custom application vulnerabilities. Businesses that wish to avoid the painful consequences of a Web application attack need to deploy a Web application firewall.