Fix Critical Application Vulnerabilities
Whether your organisation is a one-person start-up, a global enterprise, or anything in between, you depend on applications and websites to operate effectively. Unfortunately, those applications can also act as a significant vector for today’s advanced threats. A single unpatched vulnerability can let an attacker penetrate your entire network (exactly what happened in the Equifax Scandal), compromising both your data, and the data of your customers, leading to a huge impact on your organisation and its operations.
Did You Know?
67% of cyber attacks happen at the application layer. And 76% of websites have at least one critical vulnerability. – Forrester Research.
WAF Deployment Options
As an independent IT provider, we strive to offer our customers as much choice and flexibility as possible, working with a range of vendor partners, associates, and solutions that we’ve carefully selected over the past 12 years. Although we offer a range of solutions in most other IT solution areas, Barracuda is quite simply the best Web Application Firewall we’ve found and is therefore the WAF that we recommend above all others at present.
A physical appliance that secures your apps, defends against bots and DDoS attacks, and accelerates application delivery.
A virtual appliance that secures your apps, defends against bots and DDoS attacks, and accelerates application delivery.
Hosted in the cloud to help you avoid the management overheads which come with on-premise equipment.
Whether you need some advice on a niggling web application issue, or you’re looking into a WAF for the first time, our free DiagnoseIT service can help.
Key Features & Benefits
Robust security against targeted and automated attacks. Administrators have the ability to set granular controls on response, allowing them to block, throttle, redirect, or perform a number of other actions.
OWASP TOP 10 PROTECTION
OWASP (Open Web Application Security Project) list the Top 10 critical attacks like SQL Injections and Cross-Site Scripting (XSS). These vulnerabilities are automatically identified, logged, and protected against.
FIX THREATS AUTOMATICALLY
Utilises popular application scanners like IBM AppScan and Cenzic Hailstorm and then automatically configures your security template to protect against the identified issues without administrator intervention. Ensures you remain protected at all time during development work, or the implementation of new applications.
ADVANCED DDoS MITIGATION
Advanced DDoS protection capabilities allow administrators to distinguish real users from botnets through the use of advanced risk assessment techniques, heuristic fingerprinting and IP reputation, thereby allowing them to block, throttle, or challenge suspicious traffic.
MOBILE APP PROTECTION
Secures the entire attack surface of mobile applications and REST APIs, filters malicious inputs in requests with JSON payloads, helps ensure API SLAs to partners, and provides anti-pharming protection from rogue consumers. Interactive web applications using JSON with AJAX are similarly protected.
DATA LOSS PREVENTION
Inspects all inbound traffic for attacks, and outbound traffic for sensitive data. Sensitive information such as credit card numbers, or any other custom patterns can be identified and either blocked or masked without administrator intervention. Information is logged and can be used by administrators to find potential leaks.
Comply with major application-specific requirements like PCI-DSS, HIPAA, FISMA, and SOX. Directly satisfy section 6.6 of PCI-DSS and assists compliance with built-in PCI compliance reports. A FIPS 140-2 HSM model ensures that applications it protects meet the highest cryptographic standards.
ADVANCED THREAT PROTECTION
Comprehensive security against advanced zero-hour threats. By analysing files in a CPU-emulation based sandbox, detect and block malware embedded deep inside files uploaded to your web site or web application.
APPLICATION LOAD BALANCING
Load balancing of all types of applications included with the Web Application Firewall. Load balancing ensures that subsequent requests from the same IP address will be routed to the same back-end server as the initial request. This guarantee of persistence requires an awareness of server health so subsequent requests are not routed to a server which is no longer responding. Monitor server health by tracking server responses to actual requests and marking the server as out-of-service when errors exceed a user configured threshold.
Powerful graphical reporting provides immediate insight into compliance, threat activity, web traffic and regulatory compliance. All client requests, administrator modifications, and firewall actions are logged. This provides a comprehensive audit log for compliance and security policy tuning. Data from the logs are used to build graphical reports on attacks, web traffic, compliance or a number of other analytical reports. Logs can also be exported to 3rd party analytics suite via Syslog or FTP.
Like What You See?
If so, the best thing you can do next is get in touch! The steps below give us a clear path to help ensure you get all the information you need, but feel free to select whichever suits you the most…
SCOPING CALLGET STARTED
Book a Scoping Call with one of our TechGurus and it will give you the chance to find out more about some of the best options for your WAF needs. There’s no obligation to go any further and no sales people on the call, just a techie who will qualify your needs and provide relevant guidance, recommendation, and consultation.
ONLINE DEMOGET STARTED
If you’d like to see a more in-depth delve into Web Application Firewalls right from the off, why not book an online demonstration – all you need is an internet browser. A dedicated WAF engineer will walk you through the solution for a personalised tour of the relevant features and benefits. It lasts 30-45 minutes depending on how many questions you ask.
We can provide a free 30 day no-obligation evaluation for many of our solutions. These can be software downloads or a trial unit we can ship to you. We always encourage fully testing any solution in your own environment and can provide free help throughout an evaluation with installation and configuration assistance.
Our clients can tell you more than we ever could. Here’s what a few them have to say about E-ZU…