Breach Security Tightens Up Web SecurityBy Frank Ohlhorst | Posted 2009-01-28 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
With the launch of WebDefend 3.5, Breach Security brings advanced data-loss prevention capabilities and enhanced compliance support to the application firewall market that may give solution providers a powerful new tool and put some big vendors on notice.
WebDefend 3.5 is the latest in Breach Security’s line up of security appliances and brings new capabilities to the security market that should have solution providers nicknaming the company "No-Breach" security.
WebDefend 3.5 is a very good product that combines several elements that make it very channel friendly and an appropriate device for companies looking to protect their applications from intrusion, data loss and meet the burdens of PCI, HIPAA, SOX and other compliance requirements.
The name of the big game is data loss protection (DLP), a broad concept that focuses on preventing data from falling into the hands of unauthorized individuals. Thanks to Web-based applications, protecting data and the integrity of associated applications has become more complex than ever.
Some DLP vendors focus on encryption and end point control, while others will look to the firewall to protect data. A select few will offer DLP solutions based on hosted security services. While one can argue which way is best, the end goal remains the same: protecting the data without limiting access to valid users.
Breach Security follows a path that leads to an appliance-based solution, WebDefend 3.5 is a security appliance that is designed to sit at the edge of the network and actively protect applications and the associated data from unauthorized access.
Solution providers may prefer Breach Security’s appliance approach; after all it’s something tangible and can deliver an acceptable margin on just that alone. Solution providers can also derive revenue from implementation, monitoring, support and management--all service-related elements that can add up to significant income, while providing valuable service to customers with security concerns.
WebDefend 3.5 comes as a 1U appliance, which starts at a retail price of $19,995. The device incorporates a multitude of security features, including:
- SSL management
- Dynamic profiling
- Collaborative detection
- Behavioral analysis
- Rules and signature analysis
- Protocol violation
- Session protection
- Usage analysis
- Bi-directional exit control
- Application defect detection
- Correlation and analysis reporting
- Distributed detect/prevent architecture
While many of those are fancy terms for some rather pedestrian security technologies, it’s still important to understand how each contributes to the overall effectiveness of WebDefend 3.5. For example, SSL decryption allows the device to look inside normally encrypted traffic to check for intrusions or data leakage, an important consideration since most Web applications use SSL by default. If you can’t see what the traffic is, then how can you check to see if it is legitimate?
The various security engines work together to validate traffic and data by applying defined rules. Administrators can set rules to detect various forms of data, ranging from something as esoteric as a social security number to credit card information. Those rule definitions are not only important for DLP, but also make the device an excellent tool for meeting regulatory compliance.
In reality, a whole book could be written on the product's features (and Breach Security supplies one, it’s called the manual). The feature mix is what determines where the product fits in the market and how well it will meet the needs of the customer, and solution providers should look at this feature set as an indicator of overall capability and as a checklist for comparing the device to the other DLP players in the market.
While the product offers many of the same features as competitors, it’s the unique features that help to set it apart.
WebDefend 3.5 offers multiple deployment options, one of which is unique to the market segment--the device can be deployed out-of-line in a networked Web environment and still block all detected attacks. Why is that important? Simply because if the unit fails, it does not take the network down with it and the unit will not introduce any latency into the network with the out-of-line deployment scenario. Of course, the unit can be deployed as an inline device and some administrators will prefer that setup, knowing that all traffic will be sure to pass through the unit. Either way, WebDefend 3.5 doesn’t require a reconfiguration of the network.
When it comes to detection and remediation, WebDefend offers a workflow style presentation of the information. That offers several advantages to both security analysts and application developers by allowing them to work together to further secure an application. The way it works is by presenting the information from the initial detection of a security event, through the investigation and analysis in a simple to export report, all in a single step.
Most products on the market rely on a browser-based management console for administrative chores, while WebDefend 3.5 uses a client application installed on the administrator’s Windows PC. That approach can complicate deployment and management, yet it will prove to be more secure. What’s more, the client application offers a better interface, performance and feature set than any Web-based client. That proves to be important, when one considers the complexity of DLP and regulatory compliance. Here, WebDefend’s management client offers fully integrated help, a tabbed graphical interface, all with drill-down-able information. That proves to be intuitive and will reduce training, setup and maintenance hours.
Another element that simplifies deployment is the products ability to "model" transactions. In other words, the device can learn what an acceptable activity is and then use that to build access policies. For many, that will prove to be a more efficient way to create access policies. Most competitors on the market, take the "block everything" approach where all access is shut down and then gradually opened based upon predefined rules. That method can impact operations and delay users’ access to critical applications. Without modeling, defining those initial access rules can be a shot in the dark.
There’s a lot more than just validating user access when it comes to protecting Web applications, the Web is full of individuals launching scripted attacks, bots and other malicious software into an application with the goal of gaining additional access, denying service or phishing for proprietary data.
WebDefend 3.5 takes on that challenge by identifying attacks, such as e-mail harvesting robots, comment evasion, file inclusion attacks, insecure cookies and SQL injection variants. Those attacks are identified using both signature files and by identifying abnormal behavior.
While WebDefend 3.5 proves to be packaged well, offers excellent capabilities and is easy to deploy, there are still several questions solution providers will need to ask before settling on what Web application firewall to deploy. Questions such as:
- How will the solution be integrated?
- Who will use it (security administrators, app developers, end users, etc.)?
- What complimentary solutions will be incorporated (end point protection, SSL, etc.)?
- Hosted, premise or a combination of solutions?
- Number of applications, users and locations supported?
- Which compliance requirements (PCI, HIPAA, SOX, etc.)?
- Depth of reporting and analysis needed?
- Transparency to the network infrastructure?
Solution providers can apply these questions to Breach Security’s WebDefend 3.5, as well as the company’s primary competitors, Imperva, F5, Citrix, Barracuda and a few others. Most solution providers will find that the true catalyst behind selling a Web application firewall will come down to PCI compliance, which has fueled major interest in the market. Beyond the Web application firewall deployment, there’s some additional opportunity for the solution provider, especially those with app development chops.
The real truth is that a Web application firewall's primary function is to protect poorly secured application code, which is often the root cause of an application breach to begin with. Solution providers managing those products can quickly delve into the remediation chores of tightening up custom application code and further securing the customer, while improving the ability to meet compliance requirements.
Web application firewalls still prove to be an excellent starting
point for delivering advanced security and it’s hard to beat what
Breach Security has accomplished with Web Defend 3.5.