www.obrela.com Swordfish

Similar documents
Corporate Security Intelligence Services

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Injazat s Managed Services Portfolio

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

QRadar SIEM and Zscaler Nanolog Streaming Service

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

SANS Top 20 Critical Controls for Effective Cyber Defense

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

High End Information Security Services

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Extreme Networks Security Analytics G2 Vulnerability Manager

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

10 Things Every Web Application Firewall Should Provide Share this ebook

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Powerful, customizable protection for web applications and websites running ModSecurity on Apache/Linux based web-servers

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

End-user Security Analytics Strengthens Protection with ArcSight

On-Premises DDoS Mitigation for the Enterprise

Security Operations Metrics Definitions for Management and Operations Teams

From the Bottom to the Top: The Evolution of Application Monitoring

Boosting enterprise security with integrated log management

Data Sheet: Vigilant Web Application Firewall. Where every interaction matters. Security-as-a-Service. Fully Managed Solution

Powered by. Incapsula Cloud WAF

IT Security & Compliance. On Time. On Budget. On Demand.

The Cyber Threat Profiler

Introducing IBM s Advanced Threat Protection Platform

Concierge SIEM Reporting Overview

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Where every interaction matters.

The Evolution of Application Monitoring

Delivers fast, accurate data about security threats:

IBM Security Network Protection

CALNET 3 Category 7 Network Based Management Security. Table of Contents

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Datacenter Transformation

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

How To Buy Nitro Security

The Cisco ASA 5500 as a Superior Firewall Solution

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Cloud and Data Center Security

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Cisco Web Security: Protection, Control, and Value

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

Scalability in Log Management

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Cyberoam Perspective BFSI Security Guidelines. Overview

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

IBM Security Network Protection

IBM Security QRadar Vulnerability Manager

How To Sell Security Products To A Network Security Company

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

CLOUD GUARD UNIFIED ENTERPRISE

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

NSFOCUS Web Application Firewall White Paper

How To Protect Your Cloud From Attack

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Imperva SecureSphere Appliances

Security Information & Event Manager (SIEM)

How to Evaluate DDoS Mitigation Providers:

V1.4. Spambrella Continuity SaaS. August 2

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Customer Service Description Next Generation Network Firewall

Into the cybersecurity breach

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Service Description DDoS Mitigation Service

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Internet Content Provider Safeguards Customer Networks and Services

QRadar SIEM and FireEye MPS Integration

Security Information & Event Manager (SIEM)

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

How To Manage Sourcefire From A Command Console

The New PCI Requirement: Application Firewall vs. Code Review

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Trend Micro. Advanced Security Built for the Cloud

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

SecureSphere Appliances

How To Protect A Web Application From Attack From A Trusted Environment

IBM Security X-Force Threat Intelligence

24/7 Visibility into Advanced Malware on Networks and Endpoints

IAAS REFERENCE ARCHITECTURES: FOR AWS

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

Transcription:

Swordfish Web Application Firewall

Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating a state-of-the-art transparent security layer over their web applications. Web Applications are a direct target for attacks, as they are directly accessible from all parts of the world and form a surface to valuable information and, many times, Personally Identifiable information (PII) such as credit cards, identity numbers, health information, etc. Each year, web-borne attacks are increased by 30%, while successful breaches reach up to a 60% increase, proving that not only new attack vectors are created on a daily basis, but also their effectiveness and complexity is significantly raised. Critical vulnerabilities like HeartBleed and ShellShock are disclosed leaving Web developers unable to implement means of protection or, worst, pro-actively plan these low-level vulnerabilities. Businesses, on the other hand, have a critical demand of information and services to be available in the minimum amount of time to, amongst others, increase profitability or make new business channels available worldwide. Adding to the complexity, regulation standards such as PCI or HIPAA, enforce the design and implementation of security controls to safeguard information. Swordfish Web Application Security was designed, in order to accommodate both business needs and security requirements. By implementing a transparent security layer in front of web applications, security and compliance requirements are no longer a dependency, as all Web requests handled by the Swordfish WAF, cleaned from malicious calls and legitimate traffic is directed to the Web Application for the business logic to be performed. Swordfish Web Application Security is equipped with state-of-the-art rules, optimized to zero-out false positives and false negatives, as well as a set of features that establish a complete security solution for doing business today in the Web.

Why SWORDFISH? The Swordfish Web Application Firewall Technology is engineered to be fully customizable in terms of user and group access privileges, aligned with both Corporate and Information Security policy. In effect, our solution addresses the security need for ongoing operational security not just the technology: Continuous Research Based Rule-Set The carefully designed policies contain a comprehensive set of rules that implement general-purpose hardening, common web application security issues protecting against the latest threats, while taking advantage of the continuous research on new threats appearing on a daily basis on OSI Security Labs. OSI Security Labs investigate the vulnerabilities identified, compiles them with the latest threats reported by Bugtraq, CVE, Snort, and performs primary research to deliver the most up-to-date and comprehensive Web Application Firewall service available. Anomaly Detection The rule-set keeps anomaly scores for each request, IP addresses, application sessions, and user accounts. Attack from sources having reconnaissance history, incomplete HTTP protocol transactions and malicious content within HTTP transport protocol, amongst multiple other factors, raise the abnormality score. Requests with high anomaly scores are rejected altogether. Positive Security Model Swordfish WAF analyzes the full HTTP transaction in order to understand the application structure, elements, and expected user behavior. The positive security model is implemented through the profiling of protected applications, including an enumeration of application URLs, parameters, cookies, and methods. By the end of the Learning phase, the WAF engine will have created a baseline of rules including all "whitelist" rules, ready to protect the Client's valuable web applications HTTPS/SSL Inspection The Engine analyzes the full HTTP transaction - even over HTTPS/SSL- allowing complete requests and responses to be inspected for malicious input. With the high technology inspection, fine-grained decisions can take place, ensuring that only malicious containing transactions are logged and intercepted. Evolution in parallel with Web Applications responses, the WAF learning engine understands the application structure and elements that have changed since the last rule-set upgrade. Swordfish WAF evolves with the web application in parallel recognizing application changes, while simultaneously protecting against deviations in known users behavior. Reputational Intelligence (Swordfish ReputationMonitor ) Obrela Security Industries Reputational Intelligence enhances Swordfish WAF, by adding reputational context to all the actors associated with the communications between the customer infrastructure and the Internet. This is performed by integrating and de-duplicating multiple proprietary and open reputational feeds. OSI Domestic Intelligence Network uses SIEM and Honeypot intelligence to extract and local attack formations & attackers targeting multi-region telecommunication providers, amongst other industries. Sources based on OSI proprietary intelligence (SIEM based reputation, Malware Analysis, Regional Honeynets), Commercial Feeds (eg DVLabs) and Open Source feeds allow OSI to have total visibility of communication with TOR/Anonymity, C&C Servers, Compromised Hosts, Malware Repositories, Phishing Sites, etc. Web Resource Surveillance (Swordfish SocialMonitor ) The customer's key web resources and their approved activities are extensively tested until a Gold Standard behavior mapping is developed. This Gold Standard mapping is then applied to OSI's Security Operations Center (SOC) and monitored round-the-clock. Any deviation from this mapping will trigger flags within OSI's SOC and strict rules of engagement are followed, allowing the customer to act quickly and decisively. Features include, but are not limited to, screenshot rendering changes, HTML source changes, key string monitoring, monitoring against sensitive information disclosure. Virtual Patching Through Vulnerability Scanner Integration Swordfish WAF acts as an external patching tool for systems with known weaknesses and vulnerabilities. OSI engineers create custom rules in order to reduce the window of opportunity. Provided the time needed to patch application vulnerabilities, OSImWAF allows applications to be patched from the outside, without touching the application source code, making the protected systems secure, until a proper patch is produced and deployed. Swordfish WAF combines negative and positive security model in order to identify the evolution of a web application. Analyzing the full HTTP transaction and inspecting the complete requests and

Web Fraud Prevention Phishing criminals are getting smarter, whilst their techniques are constantly evolving. Their enhanced efforts continue to generate results from phishing, with the criminals focusing their effort where they can get results. Through the optional integration with FraudWatch, organizations are able to identify and stop fraudulent transactions damaging client's reputation. Monitor Mode Option A full bandwidth of services not just a web application firewall With the high technology inspection, fine-grained decisions can take place, ensuring that only malicious containing transactions are logged without being blocked. In case the positive model is selected, the ruleset created during Learning mode, is used to identify deviations from normal behavior and instantly produce alerts. In case negative security model is selected, the carefully designed ruleset contains a comprehensive set of rules that identify common web application security issues protecting against the latest threats, while taking advantage of the continuous research on OSI Security Labs. In monitor mode, the WAF monitors traffic without blocking malicious activity. Operators are instantly alerted in case of malicious activity in order to manually mitigate the incident. Zero Impact Deployment and Ultra High Performance Swordfish WAF deployment only takes a few minutes to add web sites no matter what technology is used or even no matter the web server platform is used. It is practically deployed by just changing the DNS record of the site to point to the Swordfish WAF farm. In-house setups are also designed with speed-of-deployment in mind. Security Updates and Enhancements The Swordfish WAF Policies are continuously evolving, by taking advantage of the continuous research on new threats appearing on a daily basis on OSI Security Labs. Rules and definitions are getting updated monthly in order to protect Client's valuable Web Applications against the latest threats. In-House Deployment Options Swordfish WAF appliances provide superior performance, scalability, and resiliency for demanding web application environments. To maximize uptime, the Swordfish WAF hardware appliances optionally feature redundant, redundant power supplies, multiple network interfaces and hard drives. Swordfish WAF hardware appliances provide the flexibility, reliability and performance required to support multiple Swordfish WAF instances protecting multiple client's web applications. Swordfish WAF Virtual s take advantage of existing virtualization by integrating with all modern virtualization technologies. Virtual s offer adaptable, reliable and manageable security for organizations of all sizes.

SWORDFISH as a Service (SaaS) helps you leverage SWORDFISH Technology without requiring capital expenditures in technology infrastructure or staff training. SWORDFISH as a Service (SaaS) helps you leverage SWORDFISH solutions without requiring capital expenditures in technology infrastructure or staff training. SWORDFISH services can be tailored to your information security model and integrated to your existing security organization and procedures. The look and feel can also be adjusted to address corporate branding and internal marketing requirements. SWORDFISH is also integrated with the Obrela Security Industries Corporate Security Intelligence Services and can be monitored on a real time basis, by leveraging existing Security Operations Centers and Infrastructure. SWORDFISH services can be tailored to your information security model and integrated to your existing security organization and procedures. Swordfish Web Application Firewall is accompanied with a web console providing an instant view on all operations undertaken by the WAF to protect the applications. Traffic statistics are provided to track bandwidth utilization, countries and user agents. Security statistics illustrate an overview of the web firewalling process grouped by threat category, as well as their association with compliance sections such as PCI and SOX. Events that constitute malicious behavior being cleaned are available, along with the endpoint details, headers and rules that were triggered. Administration sections that allows for easy management of various WAF features, dashboards per sites protected, user management and mapping of users to protected applications Multiple Swordfish WAF instances can be managed from within a single Web Console.

One-click integration with Corporate Security Intelligence All services provided by Obrela Security Industries are tightly integrated with each other in order to benefit from a multi-dimension protection platform, under a single contract, tailored to each individual requirement or use case. The Swordfish Web Application Security, either deployed As-A-Service (SecSAAS) or in-house (physical or virtual appliance) can be integrated with the Corporate Security Intelligence services providing real-time monitoring of all security aspects utilizing state-of-the-art SIEM deployments. Security event information generated by the Swordfish WAF is being consolidated and reported to our Security Operations Centers (SOC), where it is being correlated & monitored and manually validated on a 24X7 basis. Incidents requiring attention are escalated based on mutually agreed SLA and are monitored until closure via an integrated ticketing system. The integration allows Obrela Security Industries engineers to identify patterns in traffic and correlate behaviors based on statistical models that would be otherwise left unattended. Such cases include identification of business logic vulnerabilities, identification of changes in the underlying web application and evaluation against the behavioral model, live identification of distributed denial of service attacks being formatted or taking place.

Specifications As A Service (SecSaaS) V2100 V4100 V8100 A4100 A8100 A12100 Managed Virtual Virtual Virtual Physical Physical Type Service Physical CPU Unlimited 2 Vcores 4 Vcores 8 Vcores 1 x Xeon Quad 2 x Xeon Quad 2 x Xeon Eight Ram (GB) Unlimited 2 2 4 4 8 16 Disk (GB) Unlimited 50 100 200 250 250 500 Hypervisor Hypervisor Hypervisor Interface N/A depended depended depended 4 x Copper 4 x Copper 4 x Copper Disk redundancy Included N/A N/A N/A Yes Yes Yes PSU redundancy Included N/A N/A N/A Yes Yes Yes Geographic High Availability Relocation Form Factor N/A N/A N/A N/A 1u 1u 1u AC Power - 100-240V, 50-100-240V, 50-100-240V, 50-60 Consumption - Heat 60 Hz, 130W, 60 Hz, 225W, Hz, 250W, Output N/A N/A N/A N/A 450BTU/h 750BTU/h 800BTU/h Hardware Support N/A N/A N/A N/A 3 y NBD 3y 4h Response 3y 4h Response Peak Throughput (mbps) Unlimited 40 80 160 150 300 600 Web Security Network security Web Console / UI User Interface Deployment Modes Positive Security Model, Negative Security Model, Automatic WebApp learning, Web server & application signatures, HTTP Protocol Abnormalities, Encoding normalization Stateful firewall, DoS prevention Provided Live monitoring, Dashboard Monitoring, Alerting Through ArcSight Web Console Block Mode / Learning Mode / Monitor Mode Session Awareness Yes Yes Yes Yes Yes Yes Yes Reputational Intelligence Yes Yes Yes Yes Yes Yes Yes SSL Inspection Yes Yes Yes Yes Yes Yes Yes Web Resource Surveillance Yes Yes Yes Yes Yes Yes Yes Fraud Protection Optional

Virtual Patching Yes Yes Yes Yes Yes Yes Yes DDoS Protection Optional Depending on infrastructure DDoS mitigation capabilities SIEM Integration / 24x7x365 Monitoring Updates Optional Monthly Rules and definitions Major version upgrades every 12 to 18 months. Minor releases (service packs) every 4 to 6 months. Patches are released as needed.

Learn More http://www.obrela.com/waf

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information