Network security provider and unified threat management (UTM) solutions specialist Fortinet announced a firmware release for its FortiWeb Web application firewall family. FortiWeb appliances provide enterprises, application service providers, Security-as-a-Service (SaaS) and Managed Security Service Provider (MSSP) customers with expanded security capabilities designed to improve and simplify protection of Web-based applications containing regulated and confidential data.
The FortiWeb 4.0 MR2 firmware features a range of enhancements that include expanded attack protection schemes to help businesses more easily achieve and maintain compliance with Payment Card Industry Data Security Standards (PCI DSS 6.6) and help prevent identity theft, financial fraud and corporate espionage associated with strategic Web applications.
FortiWeb appliances now have additional security and usability capabilities that include protection against remote file inclusion attacks, file upload restrictions that now control which file types (jpg, exe, zip, etc) can be uploaded to Web applications, data loss prevention enhancements that enable customers to mask credit card numbers in server replies to prevent sensitive data leakage, authentication of users via Radius servers, scheduled and automatic FTP backups and a new import/export tool for specific security policies and the ability to automatically clone those policies.
The FortiWeb family of integrated web application and XML firewall appliances consolidate Web application firewall, XML filtering, web traffic acceleration and application traffic balancing into a single device. Equipped with the 4.0 MR2 firmware, FortiWeb appliances leverage techniques to provide bi-directional protection against threats like SQL injection and cross-site scripting.
"Web applications are an essential foundation for conducting business today which is why organizations now place a premium on protecting highly sensitive and regulated Web application data," said Michael Xie, founder, CTO and vice president of engineering at Fortinet. "The consequences of compromised web application data can be devastating. Identity theft, corporate espionage, financial fraud, negative impact on brand equity and the potential for a backlash in customer loyalty are just a few examples.”
A new Web Vulnerability Scanner (WVS) is also provided as another layer of visibility to help detect existing vulnerabilities targeting specific Web applications. Xie said this capability is critical to help achieve and maintain compliance with the most current PCI DSS 6.5 and 6.6 specifications designed to secure web applications that process, store or transmit payment card data. These specifications require Web application firewalls and vulnerability assessment capabilities, both of which are provided by Fortinet in a single device.
“That’s why we are relentless in bringing innovative web application security measures to market,” he said. “This latest release of our FortiWeb firmware is yet another example of our commitment to help secure our customers’ web application infrastructures."