Swordfish WAF Brochure

9
www.obrela.com Swordfish Web Application Firewall

description

Swordfish WAF Brochure

Transcript of Swordfish WAF Brochure

  • www.obrela.com

    Swordfish Web Application Firewall

  • www.obrela.com

    Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating a state-of-the-art transparent security layer over their web applications.

    Web Application Security as a Service

    Web Applications are a direct target for attacks, as they are directly accessible from all parts of the world and form a surface to valuable

    information and, many times, Personally Identifiable information (PII) such as credit cards, identity numbers, health information, etc. Each year,

    web-borne attacks are increased by 30%, while successful breaches reach up to a 60% increase, proving that not only new attack vectors are

    created on a daily basis, but also their effectiveness and complexity is significantly raised. Critical vulnerabilities like HeartBleed and ShellShock

    are disclosed leaving Web developers unable to implement means of protection or, worst, pro-actively plan these low-level vulnerabilities.

    Businesses, on the other hand, have a critical demand of information and services to be available in the minimum amount of time to, amongst

    others, increase profitability or make new business channels available worldwide. Adding to the complexity, regulation standards such as PCI or

    HIPAA, enforce the design and implementation of security controls to safeguard information.

    Swordfish Web Application Security was designed, in order to accommodate both business needs and security requirements. By implementing a

    transparent security layer in front of web applications, security and compliance requirements are no longer a dependency, as all Web requests

    handled by the Swordfish WAF, cleaned from malicious calls and legitimate traffic is directed to the Web Application for the business logic to be

    performed.

    Swordfish Web Application Security is equipped with state-of-the-art rules, optimized to zero-out false positives and false negatives, as well as a

    set of features that establish a complete security solution for doing business today in the Web.

  • www.obrela.com

    The Swordfish Web Application Firewall Technology is engineered

    to be fully customizable in terms of user and group access

    privileges, aligned with both Corporate and Information Security

    policy. In effect, our solution addresses the security need for

    ongoing operational security not just the technology:

    Continuous Research Based Rule-Set

    The carefully designed policies contain a comprehensive set of

    rules that implement general-purpose hardening, common web

    application security issues protecting against the latest threats,

    while taking advantage of the continuous research on new threats

    appearing on a daily basis on OSI Security Labs. OSI Security Labs

    investigate the vulnerabilities identified, compiles them with the

    latest threats reported by Bugtraq, CVE, Snort, and performs

    primary research to deliver the most up-to-date and

    comprehensive Web Application Firewall service available.

    Anomaly Detection

    The rule-set keeps anomaly scores for each request, IP addresses,

    application sessions, and user accounts. Attack from sources having

    reconnaissance history, incomplete HTTP protocol transactions and

    malicious content within HTTP transport protocol, amongst

    multiple other factors, raise the abnormality score. Requests with

    high anomaly scores are rejected altogether.

    Positive Security Model

    Swordfish WAF analyzes the full HTTP transaction in order to

    understand the application structure, elements, and expected user

    behavior. The positive security model is implemented through the

    profiling of protected applications, including an enumeration of

    application URLs, parameters, cookies, and methods. By the end of

    the Learning phase, the WAF engine will have created a baseline of

    rules including all "whitelist" rules, ready to protect the Client's

    valuable web applications

    HTTPS/SSL Inspection

    The Engine analyzes the full HTTP transaction - even over

    HTTPS/SSL- allowing complete requests and responses to be

    inspected for malicious input. With the high technology inspection,

    fine-grained decisions can take place, ensuring that only malicious

    containing transactions are logged and intercepted.

    Evolution in parallel with Web Applications

    Swordfish WAF combines negative and positive security model in

    order to identify the evolution of a web application. Analyzing the

    full HTTP transaction and inspecting the complete requests and

    Why SWORDFISH?

    responses, the WAF learning engine understands the application

    structure and elements that have changed since the last rule-set

    upgrade. Swordfish WAF evolves with the web application in

    parallel recognizing application changes, while simultaneously

    protecting against deviations in known users behavior.

    Reputational Intelligence (Swordfish ReputationMonitor)

    Obrela Security Industries Reputational Intelligence enhances

    Swordfish WAF, by adding reputational context to all the actors

    associated with the communications between the customer

    infrastructure and the Internet. This is performed by integrating

    and de-duplicating multiple proprietary and open reputational

    feeds. OSI Domestic Intelligence Network uses SIEM and Honeypot

    intelligence to extract and local attack formations & attackers

    targeting multi-region telecommunication providers, amongst

    other industries. Sources based on OSI proprietary intelligence

    (SIEM based reputation, Malware Analysis, Regional Honeynets),

    Commercial Feeds (eg DVLabs) and Open Source feeds allow OSI to

    have total visibility of communication with TOR/Anonymity, C&C

    Servers, Compromised Hosts, Malware Repositories, Phishing

    Sites, etc.

    Web Resource Surveillance (Swordfish SocialMonitor)

    The customer's key web resources and their approved activities

    are extensively tested until a Gold Standard behavior mapping is

    developed. This Gold Standard mapping is then applied to OSI's

    Security Operations Center (SOC) and monitored round-the-clock.

    Any deviation from this mapping will trigger flags within OSI's SOC

    and strict rules of engagement are followed, allowing the

    customer to act quickly and decisively. Features include, but are

    not limited to, screenshot rendering changes, HTML source

    changes, key string monitoring, monitoring against sensitive

    information disclosure.

    Virtual Patching Through Vulnerability Scanner Integration

    Swordfish WAF acts as an external patching tool for systems with

    known weaknesses and vulnerabilities. OSI engineers create

    custom rules in order to reduce the window of opportunity.

    Provided the time needed to patch application vulnerabilities,

    OSImWAF allows applications to be patched from the outside,

    without touching the application source code, making the

    protected systems secure, until a proper patch is produced and

    deployed.

  • www.obrela.com

    Web Fraud Prevention

    Phishing criminals are getting smarter, whilst their techniques are

    constantly evolving. Their enhanced efforts continue to generate

    results from phishing, with the criminals focusing their effort where

    they can get results. Through the optional integration with

    FraudWatch, organizations are able to identify and stop fraudulent

    transactions damaging client's reputation.

    Monitor Mode Option

    With the high technology inspection, fine-grained decisions can take

    place, ensuring that only malicious containing transactions are logged

    without being blocked. In case the positive model is selected, the

    ruleset created during Learning mode, is used to identify deviations

    from normal behavior and instantly produce alerts. In case negative

    security model is selected, the carefully designed ruleset contains a

    comprehensive set of rules that identify common web application

    security issues protecting against the latest threats, while taking

    advantage of the continuous research on OSI Security Labs. In monitor

    mode, the WAF monitors traffic without blocking malicious activity.

    Operators are instantly alerted in case of malicious activity in order to

    manually mitigate the incident.

    Zero Impact Deployment and Ultra High Performance

    Swordfish WAF deployment only takes a few minutes to add web sites

    no matter what technology is used or even no matter the web server

    platform is used. It is practically deployed by just changing the DNS

    record of the site to point to the Swordfish WAF farm. In-house

    setups are also designed with speed-of-deployment in mind.

    Security Updates and Enhancements

    The Swordfish WAF Policies are continuously evolving, by taking

    advantage of the continuous research on new threats appearing on a

    daily basis on OSI Security Labs. Rules and definitions are getting

    updated monthly in order to protect Client's valuable Web

    Applications against the latest threats.

    In-House Deployment Options

    Swordfish WAF appliances provide superior performance, scalability,

    and resiliency for demanding web application environments. To

    maximize uptime, the Swordfish WAF hardware appliances optionally

    feature redundant, redundant power supplies, multiple network

    interfaces and hard drives. Swordfish WAF hardware appliances

    provide the flexibility, reliability and performance required to support

    multiple Swordfish WAF instances protecting multiple client's web

    applications. Swordfish WAF Virtual Appliances take advantage of

    existing virtualization by integrating with all modern virtualization

    technologies. Virtual Appliances offer adaptable, reliable and

    manageable security for organizations of all sizes.

    A full bandwidth of services not just a web application firewall

  • www.obrela.com

    Swordfish Web Application Firewall is accompanied with a web

    console providing an instant view on all operations undertaken by

    the WAF to protect the applications.

    Traffic statistics are provided to track bandwidth

    utilization, countries and user agents.

    Security statistics illustrate an overview of the web

    firewalling process grouped by threat category, as well

    as their association with compliance sections such as PCI

    and SOX.

    Events that constitute malicious behavior being cleaned

    are available, along with the endpoint details, headers

    and rules that were triggered.

    Administration sections that allows for easy

    management of various WAF features, dashboards per

    sites protected, user management and mapping of users

    to protected applications

    Multiple Swordfish WAF instances can be managed from within a

    single Web Console.

    SWORDFISH as a Service (SaaS) helps you leverage SWORDFISH Technology without requiring capital expenditures in technology infrastructure or staff training.

    SWORDFISH as a Service (SaaS) helps you leverage SWORDFISH

    solutions without requiring capital expenditures in technology

    infrastructure or staff training. SWORDFISH services can be

    tailored to your information security model and integrated to your

    existing security organization and procedures.

    The look and feel can also be adjusted to address corporate

    branding and internal marketing requirements. SWORDFISH is also

    integrated with the Obrela Security Industries Corporate Security

    Intelligence Services and can be monitored on a real time basis, by

    leveraging existing Security Operations Centers and Infrastructure.

    SWORDFISH services can be tailored to your information security

    model and integrated to your existing security organization and

    procedures.

  • www.obrela.com

    All services provided by Obrela Security Industries are tightly integrated with

    each other in order to benefit from a multi-dimension protection platform,

    under a single contract, tailored to each individual requirement or use case.

    The Swordfish Web Application Security, either deployed As-A-Service

    (SecSAAS) or in-house (physical or virtual appliance) can be integrated with the

    Corporate Security Intelligence services providing real-time monitoring of all

    security aspects utilizing state-of-the-art SIEM deployments.

    Security event information generated by the Swordfish WAF is being

    consolidated and reported to our Security Operations Centers (SOC), where it is

    being correlated & monitored and manually validated on a 24X7 basis. Incidents

    requiring attention are escalated based on mutually agreed SLA and are

    monitored until closure via an integrated ticketing system.

    The integration allows Obrela Security Industries engineers to identify patterns

    in traffic and correlate behaviors based on statistical models that would be

    otherwise left unattended.

    Such cases include identification of business logic vulnerabilities, identification

    of changes in the underlying web application and evaluation against the

    behavioral model, live identification of distributed denial of service attacks

    being formatted or taking place.

    One-click integration with Corporate Security Intelligence

  • www.obrela.com

    As A Service

    (SecSaaS)

    V2100 V4100 V8100 A4100 A8100 A12100

    Type

    Managed

    Service

    Virtual

    Appliance

    Virtual

    Appliance

    Virtual

    Appliance

    Physical

    Appliance

    Physical

    Appliance Physical Appliance

    CPU Unlimited 2 Vcores 4 Vcores 8 Vcores 1 x Xeon Quad 2 x Xeon Quad 2 x Xeon Eight

    Ram (GB) Unlimited 2 2 4 4 8 16

    Disk (GB) Unlimited 50 100 200 250 250 500

    Interface N/A

    Hypervisor

    depended

    Hypervisor

    depended

    Hypervisor

    depended 4 x Copper 4 x Copper 4 x Copper

    Disk redundancy Included N/A N/A N/A Yes Yes Yes

    PSU redundancy Included N/A N/A N/A Yes Yes Yes

    High Availability

    Geographic

    Relocation

    A/A

    A/P

    A/A

    A/P

    A/A

    A/P

    A/A

    A/P

    A/A

    A/P

    A/A

    A/P

    Form Factor N/A N/A N/A N/A 1u 1u 1u

    AC Power -

    Consumption - Heat

    Output N/A N/A N/A N/A

    100-240V, 50-

    60 Hz, 130W,

    450BTU/h

    100-240V, 50-

    60 Hz, 225W,

    750BTU/h

    100-240V, 50-60

    Hz, 250W,

    800BTU/h

    Hardware Support N/A N/A N/A N/A 3 y NBD

    3y 4h

    Response 3y 4h Response

    Peak Throughput

    (mbps) Unlimited 40 80 160 150 300 600

    Web Security

    Positive Security Model, Negative Security Model, Automatic WebApp learning, Web server & application signatures, HTTP

    Protocol Abnormalities, Encoding normalization

    Network security Stateful firewall, DoS prevention

    Web Console / UI Provided

    User Interface Live monitoring, Dashboard Monitoring, Alerting Through ArcSight Web Console

    Deployment Modes Block Mode / Learning Mode / Monitor Mode

    Session Awareness Yes Yes Yes Yes Yes Yes Yes

    Reputational

    Intelligence Yes Yes Yes Yes Yes Yes Yes

    SSL Inspection Yes Yes Yes Yes Yes Yes Yes

    Web Resource

    Surveillance Yes Yes Yes Yes Yes Yes Yes

    Fraud Protection Optional

    Specifications

  • www.obrela.com

    Virtual Patching Yes Yes Yes Yes Yes Yes Yes

    DDoS Protection Optional Depending on infrastructure DDoS mitigation capabilities

    SIEM Integration /

    24x7x365

    Monitoring Optional

    Updates

    Monthly Rules and definitions

    Major version upgrades every 12 to 18 months.

    Minor releases (service packs) every 4 to 6 months.

    Patches are released as needed.

  • www.obrela.com

    Learn More http://www.obrela.com/WAF