Вы находитесь на странице: 1из 5

Report on Web Application Firewall

Product Selection Criteria

RSIGNIA, INC.

2009
Authored by: Darrell Covell, President & CTO
Report on Web Application Firewall
Product Selection Criteria

Rsignia’s charter is to protect, secure, and manage your IT applications, infrastructure and digital assets.
Today’s federal Intelligence and law enforcement agencies need to locate, filter, capture and analyze
sensitive information from large volumes of internet traffic, while at all times complying with the
appropriate laws and regulations, such as Lawful Intercept. Much as in the federal space, the commercial
arena such as finance, medical, and telecom has the same sensitive requirements not only to ensure
protection of their own digital assets, but also to ensure privacy of their clients’ vital records and
information.
Rsignia provides security and IT infrastructure solutions to these federal and commercial entities, in the
scope of hardware and software systems design, data center architecture, systems integration, application
lock downs, OS shrinkage as well as various support services.

Competitive Analysis
More recently, because of our long history and success in federal IT security infrastructure needs, federal
agencies have requested our further and deeper involvement in their current as well as developing security
issues, while always paying close attention to the balance of high-end security with minimal bandwidth
impacts.
Our history has gained us much experience with lower-level security technologies in layers 1 thru 4
supporting such events as Lawful Intercept, event analysis, multiple giga byte data intercepts, and secure
and remote management of assets.
As is the case with many things, ever-changing dynamics in cyber security have always placed our company
in having to be one-step ahead of the game.
Report on Web Application Firewall | 1/23/2009

Recent Issues
Rsignia has been doing IT security for a number of years supporting federal intelligence agencies. What we
are fining is more and more of our clients have expressed serious concerns about sophisticated attacks and
probes that are hidden in Layer 7 traffic (the Application Layer).
Extensive probes from foreign locations are attempting espionage and efforts to compromise US security.
For example, many of us continually read or watch the news, where we hear about incidents of Chinese and
other state sponsored organizations gaining access to sensitive information. This seems to be all too
frequent an event.

1
Customers are reporting new emerging threats at the Application Layer (Layer 7), with which are partially
visible at Layers 2, 3 and 4 but are nowhere near being understandable. Thus creating an extreme need for
full session analysis, with deep session inspection.

A Closer Look
• Application and penetration tests reveal serious Layer 7 flaws
• IDS logs provide overwhelming data but no information
• Clear attempts at cyber espionage are occurring frequently
• Sensitive data at risk of theft
• Defacements
• Compliance with new laws and regulations
• Mission critical application availability demands
C&A and Penn testing have revealed flawed applications with a need for an immediate “virtual patch” while
waiting for budgets and staff to fix the software. We are seeing too much Layer 3 & 4 data from IDS but no
intelligence, thus the need to “see” into the data for meaningful/useful information at Layer 7.
We understand that defacements have a high political cost. Data destruction has high security implications
and embarrassment factors even if the data is not sensitive.
We often find that budgets are too small but the needs are seriously growing. Limited staff require and
demand very advanced intelligent solutions.
One approach to solve these problems is software remediation. Costs associated with application
vulnerabilities can be substantial and the technical resources available to deal with these vulnerabilities are
limited. This very well could leave the organization and their digital assets exposed for an extended period
of time.
It is simply impossible to keep up with day zero events without advanced solutions.

Report on Web Application Firewall | 1/23/2009


Market Analysis
Now, two generations of Layer 7 security products:

• Products evolved as proxy add-ons into full reverse proxy’s


• Open source freeware Apache plug-in dominates current use
• A number of stand-alone appliances act as reverse proxy and use a “negative” model approach of
policy and rules
• Second generation products can operate out-of-line avoiding many problems of disruption to traffic
• Second generation products use a complimentary “positive” model to understand “usual” application
behavior to complement rule sets
• Second generation products can use “positive” model to monitor and support application health and
availability

2
Market analyses have shown transition in technology for layer 7 security. Just recently, freeware and open
source modsecurity have been highly recommended by a top security agency to secure web servers.
Further analysis has shown first generation solutions were “good” but often very labor intensive. Second
generation solutions have been shown to reduce labor and complexity dramatically. The actual statistics
and math models used to facilitate this are available by contacting us.
The idea of “one size doesn’t fit all” applies here as well. We find that some customers need zero cost or
very low cost solutions. These can be scaled to hundreds of installations but are very much labor intensive.
Other customers need a low cost point solution to affect “virtual” patches of the known problems.
Some need simple open solutions that are supported and require less labor efforts. Others want a “plug and
play” solution, which are essentially “self teaching” and require minimum labor investments for maximum
results.
Accordingly, this brings us to the end resultant of our research for a solution that addresses all of the
conditions and requirements in this discussion. Our conclusion after much investigation, testing and
benchmarking actual equipment has lead us to Breach Security Corporation.
Breach Security offers 2 generations of Layer 7 security products:

ModSecurity
ModSecurity is available as a No Cost or very low cost solution. These can be scaled to hundreds of
installations but understand that they are labor intensive. Modsecurity is also available as a low cost
appliance to affect “virtual” patches for known problems and for use as a basic Web Application Firewall.
All Mod Security products have a support program available, including PCI rule sets.

WebDefend
WebDefend provides a plug and play solution, which is essentially self-teaching and requires minimum
labor for maximum results. It can be deployed non-disruptively out-of-line. WebDefend also provides
application health monitoring details as well as providing notification in real-time of any current events that
Report on Web Application Firewall | 1/23/2009

are occurring within your web applications. There are also reports, both canned, and customizable that
allows you to monitor events that are occurring within your web applications.
In essence, Breach Security’s products and forward-looking vision cover the entire range of requirements
that we found necessary to solve our end customers’ needs. Ranging from freeware simple solutions,
including “virtual” patching, to advanced second generation “intelligent” Layer 7 solutions, which also
monitor health and availability. This proved especially helpful to “life and limb” application owners who
need ultra application availability.
Choosing the right products to solve difficult problems is key, as well as choosing a partner that can stand
behind such.

3
Background Competitive Analysis
Recently, because of our long history and success in meeting federal IT security infrastructure needs,
federal agencies have requested our further and deeper involvement in their current and new developing
security issues, while always paying close attention to the balance of high-end security with minimal
bandwidth latencies.
Our past history has gained us substantial experience with lower-level security technologies in Layers 1 thru
4 supporting such services as lawful Intercept, events analysis, multiple giga byte data intercepts, and secure
and remote management assets.
As is the case with many things, ever-changing dynamics in cyber security and the sophistication of the
criminals have always driven us to be one-step ahead of the game.

We Address Three Key IT Issues


Security: which involves data/event monitoring and capture, IDS/IPS, network firewall and recently web
application vulnerabilities.
Infrastructure: which involves network architecture, power considerations (clean and green), and
environmental factors such as cooling.
Deployment: providing ruggedization demands for mobile tactical operations center addressing net centric
needs, storage, and communications.
Doing more with less and making the most use of your time and resources is a common thread that is shared
among our clients.
In short, recap, Rsignia’s charter is to protect, secure, and manage our customer’s IT applications,
infrastructure, and digital assets.

Report on Web Application Firewall | 1/23/2009

Вам также может понравиться