Академический Документы
Профессиональный Документы
Культура Документы
RSIGNIA, INC.
2009
Authored by: Darrell Covell, President & CTO
Report on Web Application Firewall
Product Selection Criteria
Rsignia’s charter is to protect, secure, and manage your IT applications, infrastructure and digital assets.
Today’s federal Intelligence and law enforcement agencies need to locate, filter, capture and analyze
sensitive information from large volumes of internet traffic, while at all times complying with the
appropriate laws and regulations, such as Lawful Intercept. Much as in the federal space, the commercial
arena such as finance, medical, and telecom has the same sensitive requirements not only to ensure
protection of their own digital assets, but also to ensure privacy of their clients’ vital records and
information.
Rsignia provides security and IT infrastructure solutions to these federal and commercial entities, in the
scope of hardware and software systems design, data center architecture, systems integration, application
lock downs, OS shrinkage as well as various support services.
Competitive Analysis
More recently, because of our long history and success in federal IT security infrastructure needs, federal
agencies have requested our further and deeper involvement in their current as well as developing security
issues, while always paying close attention to the balance of high-end security with minimal bandwidth
impacts.
Our history has gained us much experience with lower-level security technologies in layers 1 thru 4
supporting such events as Lawful Intercept, event analysis, multiple giga byte data intercepts, and secure
and remote management of assets.
As is the case with many things, ever-changing dynamics in cyber security have always placed our company
in having to be one-step ahead of the game.
Report on Web Application Firewall | 1/23/2009
Recent Issues
Rsignia has been doing IT security for a number of years supporting federal intelligence agencies. What we
are fining is more and more of our clients have expressed serious concerns about sophisticated attacks and
probes that are hidden in Layer 7 traffic (the Application Layer).
Extensive probes from foreign locations are attempting espionage and efforts to compromise US security.
For example, many of us continually read or watch the news, where we hear about incidents of Chinese and
other state sponsored organizations gaining access to sensitive information. This seems to be all too
frequent an event.
1
Customers are reporting new emerging threats at the Application Layer (Layer 7), with which are partially
visible at Layers 2, 3 and 4 but are nowhere near being understandable. Thus creating an extreme need for
full session analysis, with deep session inspection.
A Closer Look
• Application and penetration tests reveal serious Layer 7 flaws
• IDS logs provide overwhelming data but no information
• Clear attempts at cyber espionage are occurring frequently
• Sensitive data at risk of theft
• Defacements
• Compliance with new laws and regulations
• Mission critical application availability demands
C&A and Penn testing have revealed flawed applications with a need for an immediate “virtual patch” while
waiting for budgets and staff to fix the software. We are seeing too much Layer 3 & 4 data from IDS but no
intelligence, thus the need to “see” into the data for meaningful/useful information at Layer 7.
We understand that defacements have a high political cost. Data destruction has high security implications
and embarrassment factors even if the data is not sensitive.
We often find that budgets are too small but the needs are seriously growing. Limited staff require and
demand very advanced intelligent solutions.
One approach to solve these problems is software remediation. Costs associated with application
vulnerabilities can be substantial and the technical resources available to deal with these vulnerabilities are
limited. This very well could leave the organization and their digital assets exposed for an extended period
of time.
It is simply impossible to keep up with day zero events without advanced solutions.
2
Market analyses have shown transition in technology for layer 7 security. Just recently, freeware and open
source modsecurity have been highly recommended by a top security agency to secure web servers.
Further analysis has shown first generation solutions were “good” but often very labor intensive. Second
generation solutions have been shown to reduce labor and complexity dramatically. The actual statistics
and math models used to facilitate this are available by contacting us.
The idea of “one size doesn’t fit all” applies here as well. We find that some customers need zero cost or
very low cost solutions. These can be scaled to hundreds of installations but are very much labor intensive.
Other customers need a low cost point solution to affect “virtual” patches of the known problems.
Some need simple open solutions that are supported and require less labor efforts. Others want a “plug and
play” solution, which are essentially “self teaching” and require minimum labor investments for maximum
results.
Accordingly, this brings us to the end resultant of our research for a solution that addresses all of the
conditions and requirements in this discussion. Our conclusion after much investigation, testing and
benchmarking actual equipment has lead us to Breach Security Corporation.
Breach Security offers 2 generations of Layer 7 security products:
ModSecurity
ModSecurity is available as a No Cost or very low cost solution. These can be scaled to hundreds of
installations but understand that they are labor intensive. Modsecurity is also available as a low cost
appliance to affect “virtual” patches for known problems and for use as a basic Web Application Firewall.
All Mod Security products have a support program available, including PCI rule sets.
WebDefend
WebDefend provides a plug and play solution, which is essentially self-teaching and requires minimum
labor for maximum results. It can be deployed non-disruptively out-of-line. WebDefend also provides
application health monitoring details as well as providing notification in real-time of any current events that
Report on Web Application Firewall | 1/23/2009
are occurring within your web applications. There are also reports, both canned, and customizable that
allows you to monitor events that are occurring within your web applications.
In essence, Breach Security’s products and forward-looking vision cover the entire range of requirements
that we found necessary to solve our end customers’ needs. Ranging from freeware simple solutions,
including “virtual” patching, to advanced second generation “intelligent” Layer 7 solutions, which also
monitor health and availability. This proved especially helpful to “life and limb” application owners who
need ultra application availability.
Choosing the right products to solve difficult problems is key, as well as choosing a partner that can stand
behind such.
3
Background Competitive Analysis
Recently, because of our long history and success in meeting federal IT security infrastructure needs,
federal agencies have requested our further and deeper involvement in their current and new developing
security issues, while always paying close attention to the balance of high-end security with minimal
bandwidth latencies.
Our past history has gained us substantial experience with lower-level security technologies in Layers 1 thru
4 supporting such services as lawful Intercept, events analysis, multiple giga byte data intercepts, and secure
and remote management assets.
As is the case with many things, ever-changing dynamics in cyber security and the sophistication of the
criminals have always driven us to be one-step ahead of the game.