Web Application Firewall

Proactive and Continuous Protection
Smart protection solution based on advanced technologies
Secure your organisation against both known and unknown attacks, including the
OWASP Top 10, automated and client-side attacks, and zero-days
Best of breed Web Application Firewall
Powerful WAF protection for web-based resources
Protection against Web Application Vulnerabilities
Avoid Operational Risks
True machine learning against zero-days
Modern response to the constantly evolving web threat landscape

Web Application Firewall

Enterprises deploy several solutions to run their businesses which may range from interconnected systems such as Enterprise Resource Planning, Customer Relationship Management, Content Management systems etc to websites hosting online services.  Organisations make use of  these systems to deliver value to their customers, ensuring they perform faster and with greater simplicity.  While Web apps provide efficiency as well as  drive down costs, the complexities of threats also scale multifold.  The weakest of links created – providing access through these apps can get to be unsolicited gateway to the entire infrastructure.

Research by our vendor engineers reveal in 2/3 of apps examined, hackers could easily exploit web vulnerabilities and cross the perimeter  into your critical infrastructure without much difficulty. Strikingly, experts find no web application is so tightened as to ward off flaws –  as much as 75% of them possessing critical vulnerabilities.

A combination of Web Application Firewall and Strong BOT mitigation solutions can protect you from these crucial flaws in the systems.
 
Why is this solution relevant and important to an enterprise?
 

Today’s Web portals, Enterprise Resource Planning systems and myriad of mobile applications can cause serious vulnerabilities  and cannot be contained by traditional firewalls. Therefore, enterprises require more sophisticated solutions to cover these risks from cyber criminals.

Web Application Firewalls eliminates attack attempts, groups similar incidents and detects attack chains — from spying to data theft or backdoor entry plans. As such, deployment of a WAF, reduces the number of false alarms, leaving the IT Security team to address only the limited critical issues that they encounter.  WAF solutions can handle all data related protected server technology stack, deeply analyses XML, JSON as well as other protocols used in present day web portals and mobile applications. It ensures protection from the majority of firewall bypass methods including HPC, HPP and Verb Tampering – also providing the provisions to instantaneously blocking insecure codes executing by using WAF’s virtual patching techniques.

Instead of applying the traditional signature method, WAF analyses network traffic, logs and users’ actions, constantly creating and maintaining a real-time statistical model of the application during normal operation. It then uses this model to detect abnormal system behaviour. Together with other protection mechanisms, it ensures 80% of zero-day attacks are blocked without involving any special tweaking within the client. It provides protection against brute-force attacks, fraud, Distributed Denial of Service attacks, uncontrolled indexing and data breaches.  WAF provide developers with information about incorrect code in convenient formats including exploits, thus reducing the costs associated with secure development and testing.

 What benefits will the enterprise derive by implementing the solution?

Web Application Firewall provides you a solid protection system against web vulnerabilities  which otherwise may go unnoticed leading to data breaches. Its ability to integrate with other application and network security technologies, such as application security testing (AST), distributed denial of service (DDoS) protection appliances, Web fraud detection and database security solutions augments its offerings . Many a time, WAF solutions include performance acceleration, including content caching, and might be packaged with Web access management (WAM) modules to include authentication features to provide single sign-on (SSO) for legacy or distributed Web applications. Therefore, overall benefits are several.

Who does Cyberton represent to provision this technology?

Cyberton recommends  Positive Technologies  WAF solutions to address this need.

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.
 

State-of-the-art solutions are developed at Positive Research, the company’s flagship research center and one of the largest in Europe. Positive Research experts have helped to identify and fix over 250 zero-day vulnerabilities in products from Cisco, Google, Honeywell, Huawei, Microsoft, Oracle, SAP, Schneider Electric, Siemens, and others, earning a reputation for world-class expertise in protection of devices and infrastructures at all scales from ATMs to nuclear power stations.

Findings by Positive Research are used for updating the MaxPatrol knowledge base and for development of security solutions including PT Application Firewall, PT Application Inspector, MaxPatrol Vulnerability and Compliance Management Solution, PT ISIM, PT MultiScanner and SS7 Attack Discovery. These products allow securing web applications, evaluating network protection, blocking attacks in real time, ensuring compliance with industry and national standards, and training security specialists. In 2015 and in 2016, the company was rated a Visionary in the Gartner Magic Quadrant for Web Application Firewalls (WAF).

Positive Technologies is the organiser of the annual Positive Hack Days international forum and security competition, in which over 4,000 experts take part every year.

Company specialists actively participate in organizations dedicated to information security (CEH, CIS, ISACA, Web Application Security Consortium), publish their works in various magazines devoted to practical information security, and regularly speak at major IS international conferences, including: Black Hat USA, CanSecWest, FIRST Annual Conference, HackInParis, Hack In The Box, ITSF, Microsoft Security Briefing, Nullcon, POC, Positive Hack Days, SAS, ZeroNights and others.