Hi,
*Security Appliance Targeted to the Protection of Web Apps*
WebDefend is, at its core, a security appliance that provides features
targeted specifically to the prevention of exploits in Web applications. The
appliance can be deployed out-of-line, inside the firewall, off of a network
TAP or monitor; or now inline with no reconfiguration of network resources
necessary.
WebDefend profiles individual Web applications specifically for the types of
behaviors that are typically acceptable for that application. The appliance
then monitors Web traffic in regards to the application, analyzing the
traffic in the context of this automatically generated security profile.
When a deviation from the normally acceptable behavior is discovered, the
device hands the traffic off to its multiple, individual detection engines
in an attempt to identify the exact type of threat presented by the
behavior.
Detection features of the appliance include ExitControl, which examines data
entering or leaving the corporate network for specifically recognized data
patterns that may represent sensitive data (such as SSNs or credit card
numbers); and Security Defect Detection, which seeks to identify app defects
based on insecure coding techniques. The vendor states that SSL traffic can
be examined without requiring the termination of the original encryption
session; and the product ships with pre-packaged rule-sets specifically
designed for PCI DSS compliance.
Once an attack has been identified, the device can take several possible
actions in an effort to block the attacker from continuing their actions.
The device can work in concert with existing infrastructure, including
rewriting firewall rules, issuing commands to the Web server (IIS via ISAPI
filters, and Apache with extensions), issuing TCP resets, etc.; and can
additionally log the user out of the Web application in question. The new
inline deployment option, of course, provides the ability to block packets
directly.
Other features include support for the masking of magnetic stripe data
(preventing it from being stored or displayed anywhere within the WebDefend
software, including audit logs), image "leeching" prevention (watching
specifically for images linked to external Web servers), detection of
phishing attacks on Web sites, and an updated signature database
(application signature rules that are used to identify known attacks).
In addition to the aforementioned inline deployment support, the latest
WebDefend release also features support for geographic information in
events, and an updated detection engine to include support for the detection
of lateral SQL injections, email-harvesting robots and file inclusion
attacks; among other enhancements.
Ref:http://www.breach.com/resources/breach-security-labs/index.html
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
