1. OVERVIEW
SECURE YOUR WEBSITES AND BUSINESS-CRITICAL
WEB APPLICATIONS
IT security threats are increasingly numerous and varied.
Web application attacks are of particular concern, with 97% of
security breaches caused by web vulnerabilities.1 Organizations
that must comply with PCI-DSS Requirement 6.6 should pay
particular attention to these threats. Yet traditional IT security
solutions, such as firewalls or intrusion detection/prevention
services (IDS/IPS), do not do enough to guard against Internet
attacks or offer comprehensive protection.
Web Application Firewalls (WAF) are designed to deter intruders
from exploiting vulnerabilities in web applications. They monitor
and inspect incoming traffic and intercept attacks before your
applications and data can be compromised. PCI DSS requires
either application code review or a web application firewall
(WAF) with proper positioning, configuration, administration,
and monitoring. However many organizations lack the security
personnel and expertise necessary to implement and tune a WAF
or remediate security incidents.
1 Barclays Card Services—January 2011
FACILITY FACT
SHEET
PRODUCT DATA
SHEET
SUNGARD SECURITY ANALYSTS FULLY
MANAGE YOUR WAF AND RESPOND
TO INCIDENTS 24/7
SunGard’s Managed Web Application
Firewall (WAF) safeguards websites and
business critical applications from Web
application attacks such as SQL injection,
cross-site scripting, OS command
injection as well as emerging threats
and zero-day exploits.
• SunGard’s Managed WAF service
provides 24/7 monitoring and incident
escalation by certified security
analysts, along with ongoing tuning
and management of the WAF.
Because the solution is managed,
SunGard eliminates the need for capital
expenditures, ongoing maintenance and
hardware or software updates. Instead,
customers pay an easily budgeted
monthly fee. The service can be deployed
rapidly and scales to meet immediate
and future needs.
• Implementing Managed WAF provides
support for compliance with PCI DSS
6.6, along with support for other
compliance mandates.
HOW IT WORKS: PROCESS FLOW
KEY BENEFITS
• Proven protection against web
application attacks, including zero
day attacks and emerging threats
• Fully managed service
• Supports PCI DSS 6.6 compliance
• Implement on-premise
or in hosted environments
MANAGED WEB
APPLICATION FIREWALL
LEGITIMATE USERS
ATTACKER
ATTACKER
NETWORK
FIREWALL
WEB
APPLICATION
FIREWALL
WEB
SERVERS