Breach Security Tightens Up Web Security

By Frank Ohlhorst  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

With the launch of WebDefend 3.5, Breach Security brings advanced data-loss prevention capabilities and enhanced compliance support to the application firewall market that may give solution providers a powerful new tool and put some big vendors on notice.

WebDefend 3.5 is the latest in Breach Security’s line up of security appliances and brings new capabilities to the security market that should have solution providers nicknaming the company "No-Breach" security.

WebDefend 3.5 is a very good product that combines several elements that make it very channel friendly and an appropriate device for companies looking to protect their applications from intrusion, data loss and meet the burdens of PCI, HIPAA, SOX and other compliance requirements.

The name of the big game is data loss protection (DLP), a broad concept that focuses on preventing data from falling into the hands of unauthorized individuals. Thanks to Web-based applications, protecting data and the integrity of associated applications has become more complex than ever.

Some DLP vendors focus on encryption and end point control, while others will look to the firewall to protect data. A select few will offer DLP solutions based on hosted security services. While one can argue which way is best, the end goal remains the same: protecting the data without limiting access to valid users.

Breach Security follows a path that leads to an appliance-based solution, WebDefend 3.5 is a security appliance that is designed to sit at the edge of the network and actively protect applications and the associated data from unauthorized access.

Solution providers may prefer Breach Security’s appliance approach; after all it’s something tangible and can deliver an acceptable margin on just that alone. Solution providers can also derive revenue from implementation, monitoring, support and management--all service-related elements that can add up to significant income, while providing valuable service to customers with security concerns.

WebDefend 3.5 comes as a 1U appliance, which starts at a retail price of $19,995. The device incorporates a multitude of security features, including:

  • SSL management
  • Dynamic profiling
  • Collaborative detection
  • Behavioral analysis
  • Rules and signature analysis
  • Protocol violation
  • Session protection
  • Usage analysis
  • Bi-directional exit control
  • Application defect detection
  • Correlation and analysis reporting
  • Distributed detect/prevent architecture

While many of those are fancy terms for some rather pedestrian security technologies, it’s still important to understand how each contributes to the overall effectiveness of WebDefend 3.5. For example, SSL decryption allows the device to look inside normally encrypted traffic to check for intrusions or data leakage, an important consideration since most Web applications use SSL by default. If you can’t see what the traffic is, then how can you check to see if it is legitimate?

The various security engines work together to validate traffic and data by applying defined rules. Administrators can set rules to detect various forms of data, ranging from something as esoteric as a social security number to credit card information. Those rule definitions are not only important for DLP, but also make the device an excellent tool for meeting regulatory compliance.

In reality, a whole book could be written on the product's features (and Breach Security supplies one, it’s called the manual). The feature mix is what determines where the product fits in the market and how well it will meet the needs of the customer, and solution providers should look at this feature set as an indicator of overall capability and as a checklist for comparing the device to the other DLP players in the market.

While the product offers many of the same features as competitors, it’s the unique features that help to set it apart.

WebDefend 3.5 offers multiple deployment options, one of which is unique to the market segment--the device can be deployed out-of-line in a networked Web environment and still block all detected attacks. Why is that important? Simply because if the unit fails, it does not take the network down with it and the unit will not introduce any latency into the network with the out-of-line deployment scenario. Of course, the unit can be deployed as an inline device and some administrators will prefer that setup, knowing that all traffic will be sure to pass through the unit. Either way, WebDefend 3.5 doesn’t require a reconfiguration of the network.

When it comes to detection and remediation, WebDefend offers a workflow style presentation of the information. That offers several advantages to both security analysts and application developers by allowing them to work together to further secure an application. The way it works is by presenting the information from the initial detection of a security event, through the investigation and analysis in a simple to export report, all in a single step.

Most products on the market rely on a browser-based management console for administrative chores, while WebDefend 3.5 uses a client application installed on the administrator’s Windows PC. That approach can complicate deployment and management, yet it will prove to be more secure. What’s more, the client application offers a better interface, performance and feature set than any Web-based client. That proves to be important, when one considers the complexity of DLP and regulatory compliance. Here, WebDefend’s management client offers fully integrated help, a tabbed graphical interface, all with drill-down-able information. That proves to be intuitive and will reduce training, setup and maintenance hours.

Another element that simplifies deployment is the products ability to "model" transactions. In other words, the device can learn what an acceptable activity is and then use that to build access policies. For many, that will prove to be a more efficient way to create access policies. Most competitors on the market, take the "block everything" approach where all access is shut down and then gradually opened based upon predefined rules. That method can impact operations and delay users’ access to critical applications. Without modeling, defining those initial access rules can be a shot in the dark.

There’s a lot more than just validating user access when it comes to protecting Web applications, the Web is full of individuals launching scripted attacks, bots and other malicious software into an application with the goal of gaining additional access, denying service or phishing for proprietary data.

WebDefend 3.5 takes on that challenge by identifying attacks, such as e-mail harvesting robots, comment evasion, file inclusion attacks, insecure cookies and SQL injection variants. Those attacks are identified using both signature files and by identifying abnormal behavior.

While WebDefend 3.5 proves to be packaged well, offers excellent capabilities and is easy to deploy, there are still several questions solution providers will need to ask before settling on what Web application firewall to deploy. Questions such as:

  • How will the solution be integrated?
  • Who will use it (security administrators, app developers, end users, etc.)?
  • What complimentary solutions will be incorporated (end point protection, SSL, etc.)?
  • Hosted, premise or a combination of solutions?
  • Number of applications, users and locations supported?
  • Which compliance requirements (PCI, HIPAA, SOX, etc.)?
  • Scalability?
  • Depth of reporting and analysis needed?
  • Transparency to the network infrastructure?

Solution providers can apply these questions to Breach Security’s WebDefend 3.5, as well as the company’s primary competitors, Imperva, F5, Citrix, Barracuda and a few others. Most solution providers will find that the true catalyst behind selling a Web application firewall will come down to PCI compliance, which has fueled major interest in the market. Beyond the Web application firewall deployment, there’s some additional opportunity for the solution provider, especially those with app development chops.

The real truth is that a Web application firewall's primary function is to protect poorly secured application code, which is often the root cause of an application breach to begin with. Solution providers managing those products can quickly delve into the remediation chores of tightening up custom application code and further securing the customer, while improving the ability to meet compliance requirements.

Web application firewalls still prove to be an excellent starting point for delivering advanced security and it’s hard to beat what Breach Security has accomplished with Web Defend 3.5.

Frank Ohlhorst Frank J. Ohlhorst is the Executive Technology Editor for eWeek Channel Insider and brings with him over 20 years of experience in the Information Technology field.He began his career as a network administrator and applications program in the private sector for two years before joining a computer consulting firm as a programmer analyst. In 1988 Frank founded a computer consulting company, which specialized in network design, implementation, and support, along with custom accounting applications developed in a variety of programming languages.In 1991, Frank took a position with the United States Department of Energy as a Network Manager for multiple DOE Area Offices with locations at Brookhaven National Laboratory (BNL), Princeton Plasma Physics Laboratory (PPL), Argonne National Laboratory (ANL), FermiLAB and the Ames Area Office (AMESAO). Frank's duties included managing the site networks, associated staff and the inter-network links between the area offices. He also served at the Computer Security Officer (CSO) for multiple DOE sites. Frank joined CMP Technology's Channel group in 1999 as a Technical Editor assigned to the CRN Test Center, within a year, Frank became the Senior Technical Editor, and was responsible for designing product testing methodologies, assigning product reviews, roundups and bakeoffs to the CRN Test Center staff.In 2003, Frank was named Technology Editor of CRN. In that capacity, he ensured that CRN maintained a clearer focus on technology and increased the integration of the Test Center's review content into both CRN's print and web properties. He also contributed to Netseminar's, hosted sessions at CMP's Xchange Channel trade shows and helped to develop new methods of content delivery, Such as CRN-TV.In September of 2004, Frank became the Director of the CRN Test Center and was charged with increasing the Test Center's contributions to CMP's Channel Web online presence and CMP's latest monthly publication, Digital Connect, a magazine geared towards the home integrator. He also continued to contribute to CMP's Netseminar series, Xchange events, industry conferences and CRN-TV.In January of 2007, CMP Launched CRNtech, a monthly publication focused on technology for the channel, with a mailed audience of 70,000 qualified readers. Frank was instrumental in the development and design of CRNTech and was the editorial director of the publication as well as its primary contributor. He also maintained the edit calendar, and hosted quarterly CRNTech Live events.In June 2007, Frank was named Senior Technology Analyst and became responsible for the technical focus and edit calendars of all the Channel Group's publications, including CRN, CRNTech, and VARBusiness, along with the Channel Group's specialized publications Solutions Inc., Government VAR, TechBuilder and various custom publications. Frank joined Ziff Davis Enterprise in September of 2007 and focuses on creating editorial content geared towards the purveyors of Information Technology products and services. Frank writes comparative reviews, channel analysis pieces and participates in many of Ziff Davis Enterprise's tradeshows and webinars. He has received several awards for his writing and editing, including back to back best review of the year awards, and a president's award for CRN-TV. Frank speaks at many industry conferences, is a contributor to several IT Books, holds several records for online hits and has several industry certifications, including Novell's CNE, Microsoft's MCP.Frank can be reached at frank.ohlhorst@ziffdavisenterprise.com

Submit a Comment

Loading Comments...