NSFOCUS Web Application Firewall



Similar documents
NSFOCUS Web Application Firewall White Paper

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

FortiWeb 5.0, Web Application Firewall Course #251

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

NSFOCUS Web Vulnerability Scanning System

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Networking and High Availability

USG6600 Next-Generation Firewall

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

USG6300 Next-Generation Firewall

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

Information Technology Policy

Networking and High Availability

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

FortiDDos Size isn t everything

IBM Security Network Protection

Huawei Eudemon200E-N Next-Generation Firewall

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

NSFOCUS Remote Security Assessment System. Overview

McAfee Network Security Platform A uniquely intelligent approach to network security

Web Application Firewall

How To Protect Your Web Applications From Attack From A Malicious Web Application From A Web Attack

Load Balancing Security Gateways WHITE PAPER

SECURITY REIMAGINED. FireEye Network Threat Prevention Platform. Threat Prevention Platform that Combats Web-based Cyber Attacks

F5 and Microsoft Exchange Security Solutions

How To Protect A Web Application From Attack From A Trusted Environment

Importance of Web Application Firewall Technology for Protecting Web-based Resources

On-Premises DDoS Mitigation for the Enterprise

10 Things Every Web Application Firewall Should Provide Share this ebook

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Introducing FortiDDoS. Mar, 2013

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

IBM. Vulnerability scanning and best practices

IBM Advanced Threat Protection Solution

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

DPtech ADX Application Delivery Platform Series

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

DDoS Protection on the Security Gateway

Fail-Safe IPS Integration with Bypass Technology

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Basic & Advanced Administration for Citrix NetScaler 9.2

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

FortiWeb TM. Web Application Firewall. Unmatched Protection for Web Applications. Emerging Threats Create New Challenges

McAfee Network Security Platform A uniquely intelligent approach to network security

Flexible Routing and Load Control on Back-End Servers. Controlling the Request Load and Quality of Service

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

McAfee Network Security Platform A uniquely intelligent approach to network security

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

How Web Application Security Can Prevent Malicious Attacks

How To Block A Ddos Attack On A Network With A Firewall

McAfee Network Security Platform Administration Course

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

HUAWEI Secospace USG6600 Next-Generation Firewall Datasheet

Networking for Caribbean Development

Architecture of a new DDoS and Web attack Mitigation System for Data Center

IBM Security Network Intrusion Prevention System

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Simple security is better security Or: How complexity became the biggest security threat

Complete Protection against Evolving DDoS Threats

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Where every interaction matters.

IT Security Conference Romandie - Barracuda Securely Publishing Web Application a field dedicated to expert only?

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Attack Vector Detail Report Atlassian

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

End-to-End Application Security from the Cloud

ForeScout CounterACT Edge

Barracuda Web Application Firewall

Protecting Your Organisation from Targeted Cyber Intrusion

Reducing Application Vulnerabilities by Security Engineering

Unified Threat Management + Anti-DDoS WAF +

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Cyberoam Perspective BFSI Security Guidelines. Overview

SecureSphere Appliances

PCI DSS 3.0 Compliance

PROFESSIONAL SECURITY SYSTEMS

IJMIE Volume 2, Issue 9 ISSN:

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

SVN5800 Secure Access Gateway

Post-TMG: Securely Delivering Microsoft Applications

Client logo placeholder XXX REPORT. Page 1 of 37

Web Application Vulnerability Testing with Nessus

Powered by. Incapsula Cloud WAF

Protect Your Business and Customers from Online Fraud

SANS Top 20 Critical Controls for Effective Cyber Defense

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Transcription:

NSFOCUS Web Application Firewall 1 / 9

Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS Web Application Firewall () protects your business-critical web applications and information against web attacks, data breaches, and downtime by shielding your business with a singular, overarching cover of security prevention. Among its many features, mitigates the OWASP Top 10 risks, combines a negative security model with a positive security model, employs application profile learning, and offers ironclad protection against application layer distributed denial-of-service (DDoS) attacks. is also designed to help customers with full Payment Card Industry Data Security Standard (PCI DSS) compliance. shares knowledge with NSFOCUS application scanners, creating custom protection policies so as to reduce the potential attack surface and minimize the time-to-fix exposures. collaborates with the NSFOCUS Anti-DDoS System (ADS) for automated, real-time responses to volumetric attacks. Customer Benefits Mitigate Data Leakage Risk Data breaches are both complex and surprisingly frequent. offers powerful protection against most prevalent web attacks based on a complete set of signatures for web vulnerabilities and web attacks, as well as the capability to detect illegal file uploads. enforces access control policy in Layer 4 and 7 to prevent attackers from accessing data without proper authorization. In the later phases of an attack, provides outbound data leakage detection, including illegal file download detection, webshell prevention, and filtering of sensitive information (such as credit card numbers and social security numbers). Ensure Availability and QoS of Websites offers a built-in anti-ddos module, which protects against TCP flood attacks below 1 Gbps, as well as HTTP/S GET/POST flood attacks and slow rate attacks, the fastest-growing DDoS attack vector. employs access rate thresholding and IP reputation and algorithm-based protection mechanisms. 2 / 9

Close the Gap for PCI DSS Compliance PCI DSS 3.0 Compliance Requirements Ad-hoc compliance report for PCI audit Offers cookie security in compliance with new req. 6.5.10 Broken authentication and session management Collaborative Security NSFOCUS NSFOCUS Websafe or WVSS NSFOCUS ADS MSS for provides compliance reports for PCI audits, with suggestions for policy tuning and configuration improvement in order to comply more completely with PCI DSS. The cookie security feature within protects against cookie tampering and cookie poisoning in compliance with section 6.5.10 in the new PCI 3.0 standard. Collaborative Security can import vulnerability assessment reports, delivered to from NSFOCUS Cloud Security Service (Websafe) or Web Vulnerability Scanning System (WVSS), and then produce corresponding security policies. In the case of a known vulnerability, can become more aggressive with blocking options to prevent attacks identified around a vulnerable location. collaborates with ADS to mitigate downtime risk of customers websites. Once TCP flooding traffic reaches the preset threshold in, will automatically notify ADS from upstream to divert and scrub the attack traffic in real time so as to lessen latency issues. NSFOCUS also offers a cloud-based managed security service (MSS) for operation and maintenance to supplement the customer s Security Operations (SecOps) team. 3 / 9

Key Features As web attacks escalate in complexity, their detection and mitigation must be designed for web security, which works beyond signatures. NSFOCUS safeguards your business-critical web applications and data against the evolving web threats with holistic detection and mitigation capabilities. Layered Defense NSFOCUS mitigates the OWASP Top 10 risks by combining a negative security model with a positive security model as well as application profile learning, equipped with multiple comprehensive detection and protection techniques. protects web applications and the underlying infrastructure by detecting applications, plug-ins, web servers and networks. In addition, with the multiple rule-based inspections, it can trace automated attacks by interactively validating user behaviors. The whitelist mechanism is the most effective method to stop zero-day attacks. automates the process of generating whitelists based on statistical analysis of HTTP request parameters, including the number, type, name and value of specified URLs. Emergency Response Through Cloud Security Service Powered by the NSFOCUS Cloud Security Service and supported by our R&D teams with rich experience spanning more than a decade, NSFOCUS consistently offers real-time protection against the latest known threats. Utilizing its virtual patch through updating application signatures and adjusting policies, can avert severe issues caused by newly identified vulnerabilities in applications, known vulnerabilities in legacy applications or 4 / 9

third-party applications, or newly discovered exploits. Ease of Use and Transparent, Drop-in Deployment NSFOCUS offers a friendly wizard for initial configuration, which guides the user to tune the security policies step by step through configuration of necessary website information including IP addresses, ports, OSs, web servers, and programming language. Default policy templates are also available to facilitate initial configuration. The exception policy is also supported to mitigate false positives. provides flexible deployment options with low overhead. One of the most common options is the drop-in transparent deployment without changes to existing applications or networks. Reverse proxy and out-of-path (traffic diversion and injection) options, which provide protection on demand, are available as well. 5 / 9

Web Application Firewall Specification Specification Security Model Application Attacks Prevention Content Modification Web Server Security Protocol Support HTTPS/SSL Inspection Anti-DDoS Network Security Collaborative Security PCI DSS Compliance Deployment Modes Description Negative security model (signature-based) Behavior-based protection Positive security model (whitelist security and dynamic profile learning) OWASP Top 10 Cross-Site Scripting (XSS) Injection Cross-site Request Forgery (CSRF) Remote File Inclusion (RFI) Path Traversal Illegal file upload/download restriction Malicious scanning Webshell Anti-Crawlers Anti-Leech Brute force Sensitive data exposure Content filtering Cookie signing/encryption Sensitive information filtering Web server/plug-in vulnerabilities signatures HTTP protocol validation HTTP access control HTTP 0.9/1.0/1.1 Passive decryption SSL offloading TCP floods (inspected throughput up to 1 Gbps) HTTP/S GET/POST floods Slow rate attacks Layer 4 ACL ARP spoofing protection Collaboration with NSFOCUS ADS Collaboration with NSFOCUS Websafe or WVSS Compliance reporting Inline transparent proxy Reverse proxy 6 / 9

Policy Management Management Logging/Monitoring High Availability TCP/IP Support Certification(s) Out-of-path (route diversion and injection) Image deployment Default policy templates Exception policy Custom policy Risk-level policy Web user interface (HTTP/S) Command line interface (SSH/console) SNMP Syslog Active/active; active/passive VRRP Internal software bypass to pass traffic without inspection Fail-open interfaces or integrated hardware bypass IPv4, IPv6 Veracode VL4 Certification from ICSA Labs Product Family Model NX3-P300A NX3-P600A NX3-P1000B NX3-P1600B NX3-P2000A Performance Application Layer Throughput Transactions per Second HTTP 200 Mbps 400 Mbps 1 Gbps 3 Gbps 6 Gbps HTTP 6,000 tps 10,000 tps 30,000 tps 55,000 tps 110,000 tps Hardware Chassis 1U 1U 2U 2U 2U 7 / 9

Protection Interface Options 4 x 4 x 6 x One optional slot (4 x BaseT; 4 x GE SX; or 4 x LX Fiber) 4 optional slots (4 x BaseT; 4 x GE SX; or 4 x LX Fiber) 4 optional slots (4 x BaseT; 4 x GE SX; or 4 x LX Fiber) Traffic Bypass Options Fail-open interfaces or integrated hardware bypass Internal software bypass to pass traffic without inspection Management Interface 1 x 1 x 1 x 2 x 2 x Serial Port 1 x RJ45 1 x RJ45 1 x RJ45 1 x RJ45 1 x RJ45 Hard Disk 1 TB, SATA 1 TB, SATA 1 TB, SATA 1 TB, SATA 1 TB, SATA Power Supply Single AC Single AC Dual AC Dual AC Dual AC Power Consumption 60 W 60 W 350 W 400 W 400 W Operating Temperature 0~40 0~40 0~40 0~ 40 0~40 Storage Temperature Weight 5 kg 5 kg 12.6 kg 11 kg 11 kg MTBF > 50,000 hrs > 50,000 hrs > 50,000 hrs > 50,000 hrs > 50,000 hrs Compliance CE, FCC, UL, CB, KCC, ROHS 8 / 9

For more information: For more information visit NSFOCUS Website: www.nsfocus.com NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect to all textual narrations, document formats, illustrations, photographs, methods, processes and other contents, unless otherwise specified, which shall be governed by relevant property rights and copyright laws. Without written permission of NSFOCUS, any individual or institution shall be prohibited to copy or quote any section herein in any way. About NSFOCUS www.nsfocus.com NSFOCUS is a proven global leader in active perimeter security, focusing on industry-leading security research, products and services. With extensive knowledge and experience, NSFOCUS offers its customers and partners a full range of appliances including anti-ddos systems, Web application firewalls and intrusion prevention systems to help companies secure their networks and corporate-critical information. 9 / 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information