Web App Security Whitepaper 2
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Web App Security Whitepaper 2 as PDF for free.
More details
- Words: 1,398
- Pages: 5
Report on Web Application Firewall Product Selection Criteria
RSIGNIA, INC. 2009 Authored by: Darrell Covell, President & CTO
Report on Web Application Firewall Product Selection Criteria Rsignia’s charter is to protect, secure, and manage your IT applications, infrastructure and digital assets. Today’s federal Intelligence and law enforcement agencies need to locate, filter, capture and analyze sensitive information from large volumes of internet traffic, while at all times complying with the appropriate laws and regulations, such as Lawful Intercept. Much as in the federal space, the commercial arena such as finance, medical, and telecom has the same sensitive requirements not only to ensure protection of their own digital assets, but also to ensure privacy of their clients’ vital records and information. Rsignia provides security and IT infrastructure solutions to these federal and commercial entities, in the scope of hardware and software systems design, data center architecture, systems integration, application lock downs, OS shrinkage as well as various support services.
Competitive Analysis More recently, because of our long history and success in federal IT security infrastructure needs, federal agencies have requested our further and deeper involvement in their current as well as developing security issues, while always paying close attention to the balance of high-end security with minimal bandwidth impacts.
Report on Web Application Firewall | 1/23/2009
Our history has gained us much experience with lower-level security technologies in layers 1 thru 4 supporting such events as Lawful Intercept, event analysis, multiple giga byte data intercepts, and secure and remote management of assets.
1
As is the case with many things, ever-changing dynamics in cyber security have always placed our company in having to be one-step ahead of the game.
Recent Issues Rsignia has been doing IT security for a number of years supporting federal intelligence agencies. What we are fining is more and more of our clients have expressed serious concerns about sophisticated attacks and probes that are hidden in Layer 7 traffic (the Application Layer). Extensive probes from foreign locations are attempting espionage and efforts to compromise US security. For example, many of us continually read or watch the news, where we hear about incidents of Chinese and other state sponsored organizations gaining access to sensitive information. This seems to be all too frequent an event.
Customers are reporting new emerging threats at the Application Layer (Layer 7), with which are partially visible at Layers 2, 3 and 4 but are nowhere near being understandable. Thus creating an extreme need for full session analysis, with deep session inspection.
A Closer Look •
Application and penetration tests reveal serious Layer 7 flaws
• • •
IDS logs provide overwhelming data but no information Clear attempts at cyber espionage are occurring frequently Sensitive data at risk of theft
• • •
Defacements Compliance with new laws and regulations Mission critical application availability demands
C&A and Penn testing have revealed flawed applications with a need for an immediate “virtual patch” while waiting for budgets and staff to fix the software. We are seeing too much Layer 3 & 4 data from IDS but no intelligence, thus the need to “see” into the data for meaningful/useful information at Layer 7. We understand that defacements have a high political cost. Data destruction has high security implications and embarrassment factors even if the data is not sensitive. We often find that budgets are too small but the needs are seriously growing. Limited staff require and demand very advanced intelligent solutions.
It is simply impossible to keep up with day zero events without advanced solutions.
Market Analysis Now, two generations of Layer 7 security products: • •
Products evolved as proxy add-ons into full reverse proxy’s Open source freeware Apache plug-in dominates current use
•
A number of stand-alone appliances act as reverse proxy and use a “negative” model approach of policy and rules
• •
Second generation products can operate out-of-line avoiding many problems of disruption to traffic Second generation products use a complimentary “positive” model to understand “usual” application behavior to complement rule sets
•
Second generation products can use “positive” model to monitor and support application health and availability
Report on Web Application Firewall | 1/23/2009
One approach to solve these problems is software remediation. Costs associated with application vulnerabilities can be substantial and the technical resources available to deal with these vulnerabilities are limited. This very well could leave the organization and their digital assets exposed for an extended period of time.
2
Market analyses have shown transition in technology for layer 7 security. Just recently, freeware and open source modsecurity have been highly recommended by a top security agency to secure web servers. Further analysis has shown first generation solutions were “good” but often very labor intensive. Second generation solutions have been shown to reduce labor and complexity dramatically. The actual statistics and math models used to facilitate this are available by contacting us. The idea of “one size doesn’t fit all” applies here as well. We find that some customers need zero cost or very low cost solutions. These can be scaled to hundreds of installations but are very much labor intensive. Other customers need a low cost point solution to affect “virtual” patches of the known problems. Some need simple open solutions that are supported and require less labor efforts. Others want a “plug and play” solution, which are essentially “self teaching” and require minimum labor investments for maximum results. Accordingly, this brings us to the end resultant of our research for a solution that addresses all of the conditions and requirements in this discussion. Our conclusion after much investigation, testing and benchmarking actual equipment has lead us to Breach Security Corporation. Breach Security offers 2 generations of Layer 7 security products: ModSecurity ModSecurity is available as a No Cost or very low cost solution. These can be scaled to hundreds of installations but understand that they are labor intensive. Modsecurity is also available as a low cost appliance to affect “virtual” patches for known problems and for use as a basic Web Application Firewall.
Report on Web Application Firewall | 1/23/2009
All Mod Security products have a support program available, including PCI rule sets.
3
WebDefend WebDefend provides a plug and play solution, which is essentially self-teaching and requires minimum labor for maximum results. It can be deployed non-disruptively out-of-line. WebDefend also provides application health monitoring details as well as providing notification in real-time of any current events that are occurring within your web applications. There are also reports, both canned, and customizable that allows you to monitor events that are occurring within your web applications. In essence, Breach Security’s products and forward-looking vision cover the entire range of requirements that we found necessary to solve our end customers’ needs. Ranging from freeware simple solutions, including “virtual” patching, to advanced second generation “intelligent” Layer 7 solutions, which also monitor health and availability. This proved especially helpful to “life and limb” application owners who need ultra application availability. Choosing the right products to solve difficult problems is key, as well as choosing a partner that can stand behind such.
Background Competitive Analysis Recently, because of our long history and success in meeting federal IT security infrastructure needs, federal agencies have requested our further and deeper involvement in their current and new developing security issues, while always paying close attention to the balance of high-end security with minimal bandwidth latencies. Our past history has gained us substantial experience with lower-level security technologies in Layers 1 thru 4 supporting such services as lawful Intercept, events analysis, multiple giga byte data intercepts, and secure and remote management assets. As is the case with many things, ever-changing dynamics in cyber security and the sophistication of the criminals have always driven us to be one-step ahead of the game.
We Address Three Key IT Issues Security: which involves data/event monitoring and capture, IDS/IPS, network firewall and recently web application vulnerabilities. Infrastructure: which involves network architecture, power considerations (clean and green), and environmental factors such as cooling. Deployment: providing ruggedization demands for mobile tactical operations center addressing net centric needs, storage, and communications. Doing more with less and making the most use of your time and resources is a common thread that is shared among our clients.
Report on Web Application Firewall | 1/23/2009
In short, recap, Rsignia’s charter is to protect, secure, and manage our customer’s IT applications, infrastructure, and digital assets.
4
RSIGNIA, INC. 2009 Authored by: Darrell Covell, President & CTO
Report on Web Application Firewall Product Selection Criteria Rsignia’s charter is to protect, secure, and manage your IT applications, infrastructure and digital assets. Today’s federal Intelligence and law enforcement agencies need to locate, filter, capture and analyze sensitive information from large volumes of internet traffic, while at all times complying with the appropriate laws and regulations, such as Lawful Intercept. Much as in the federal space, the commercial arena such as finance, medical, and telecom has the same sensitive requirements not only to ensure protection of their own digital assets, but also to ensure privacy of their clients’ vital records and information. Rsignia provides security and IT infrastructure solutions to these federal and commercial entities, in the scope of hardware and software systems design, data center architecture, systems integration, application lock downs, OS shrinkage as well as various support services.
Competitive Analysis More recently, because of our long history and success in federal IT security infrastructure needs, federal agencies have requested our further and deeper involvement in their current as well as developing security issues, while always paying close attention to the balance of high-end security with minimal bandwidth impacts.
Report on Web Application Firewall | 1/23/2009
Our history has gained us much experience with lower-level security technologies in layers 1 thru 4 supporting such events as Lawful Intercept, event analysis, multiple giga byte data intercepts, and secure and remote management of assets.
1
As is the case with many things, ever-changing dynamics in cyber security have always placed our company in having to be one-step ahead of the game.
Recent Issues Rsignia has been doing IT security for a number of years supporting federal intelligence agencies. What we are fining is more and more of our clients have expressed serious concerns about sophisticated attacks and probes that are hidden in Layer 7 traffic (the Application Layer). Extensive probes from foreign locations are attempting espionage and efforts to compromise US security. For example, many of us continually read or watch the news, where we hear about incidents of Chinese and other state sponsored organizations gaining access to sensitive information. This seems to be all too frequent an event.
Customers are reporting new emerging threats at the Application Layer (Layer 7), with which are partially visible at Layers 2, 3 and 4 but are nowhere near being understandable. Thus creating an extreme need for full session analysis, with deep session inspection.
A Closer Look •
Application and penetration tests reveal serious Layer 7 flaws
• • •
IDS logs provide overwhelming data but no information Clear attempts at cyber espionage are occurring frequently Sensitive data at risk of theft
• • •
Defacements Compliance with new laws and regulations Mission critical application availability demands
C&A and Penn testing have revealed flawed applications with a need for an immediate “virtual patch” while waiting for budgets and staff to fix the software. We are seeing too much Layer 3 & 4 data from IDS but no intelligence, thus the need to “see” into the data for meaningful/useful information at Layer 7. We understand that defacements have a high political cost. Data destruction has high security implications and embarrassment factors even if the data is not sensitive. We often find that budgets are too small but the needs are seriously growing. Limited staff require and demand very advanced intelligent solutions.
It is simply impossible to keep up with day zero events without advanced solutions.
Market Analysis Now, two generations of Layer 7 security products: • •
Products evolved as proxy add-ons into full reverse proxy’s Open source freeware Apache plug-in dominates current use
•
A number of stand-alone appliances act as reverse proxy and use a “negative” model approach of policy and rules
• •
Second generation products can operate out-of-line avoiding many problems of disruption to traffic Second generation products use a complimentary “positive” model to understand “usual” application behavior to complement rule sets
•
Second generation products can use “positive” model to monitor and support application health and availability
Report on Web Application Firewall | 1/23/2009
One approach to solve these problems is software remediation. Costs associated with application vulnerabilities can be substantial and the technical resources available to deal with these vulnerabilities are limited. This very well could leave the organization and their digital assets exposed for an extended period of time.
2
Market analyses have shown transition in technology for layer 7 security. Just recently, freeware and open source modsecurity have been highly recommended by a top security agency to secure web servers. Further analysis has shown first generation solutions were “good” but often very labor intensive. Second generation solutions have been shown to reduce labor and complexity dramatically. The actual statistics and math models used to facilitate this are available by contacting us. The idea of “one size doesn’t fit all” applies here as well. We find that some customers need zero cost or very low cost solutions. These can be scaled to hundreds of installations but are very much labor intensive. Other customers need a low cost point solution to affect “virtual” patches of the known problems. Some need simple open solutions that are supported and require less labor efforts. Others want a “plug and play” solution, which are essentially “self teaching” and require minimum labor investments for maximum results. Accordingly, this brings us to the end resultant of our research for a solution that addresses all of the conditions and requirements in this discussion. Our conclusion after much investigation, testing and benchmarking actual equipment has lead us to Breach Security Corporation. Breach Security offers 2 generations of Layer 7 security products: ModSecurity ModSecurity is available as a No Cost or very low cost solution. These can be scaled to hundreds of installations but understand that they are labor intensive. Modsecurity is also available as a low cost appliance to affect “virtual” patches for known problems and for use as a basic Web Application Firewall.
Report on Web Application Firewall | 1/23/2009
All Mod Security products have a support program available, including PCI rule sets.
3
WebDefend WebDefend provides a plug and play solution, which is essentially self-teaching and requires minimum labor for maximum results. It can be deployed non-disruptively out-of-line. WebDefend also provides application health monitoring details as well as providing notification in real-time of any current events that are occurring within your web applications. There are also reports, both canned, and customizable that allows you to monitor events that are occurring within your web applications. In essence, Breach Security’s products and forward-looking vision cover the entire range of requirements that we found necessary to solve our end customers’ needs. Ranging from freeware simple solutions, including “virtual” patching, to advanced second generation “intelligent” Layer 7 solutions, which also monitor health and availability. This proved especially helpful to “life and limb” application owners who need ultra application availability. Choosing the right products to solve difficult problems is key, as well as choosing a partner that can stand behind such.
Background Competitive Analysis Recently, because of our long history and success in meeting federal IT security infrastructure needs, federal agencies have requested our further and deeper involvement in their current and new developing security issues, while always paying close attention to the balance of high-end security with minimal bandwidth latencies. Our past history has gained us substantial experience with lower-level security technologies in Layers 1 thru 4 supporting such services as lawful Intercept, events analysis, multiple giga byte data intercepts, and secure and remote management assets. As is the case with many things, ever-changing dynamics in cyber security and the sophistication of the criminals have always driven us to be one-step ahead of the game.
We Address Three Key IT Issues Security: which involves data/event monitoring and capture, IDS/IPS, network firewall and recently web application vulnerabilities. Infrastructure: which involves network architecture, power considerations (clean and green), and environmental factors such as cooling. Deployment: providing ruggedization demands for mobile tactical operations center addressing net centric needs, storage, and communications. Doing more with less and making the most use of your time and resources is a common thread that is shared among our clients.
Report on Web Application Firewall | 1/23/2009
In short, recap, Rsignia’s charter is to protect, secure, and manage our customer’s IT applications, infrastructure, and digital assets.
4
Related Documents
Web App Security Whitepaper 2
May 2020 7
Wp Web 2 Security
October 2019 16
Cyber Web App Security Roadmap V0 9
October 2019 7
Web Security
May 2020 25
Web Security
November 2019 33