Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

WebDefend 3.5 is the latest in Breach Security’s line up of security
appliances and brings new capabilities to the security market that
should have solution providers nicknaming the company “No-Breach”
security.

WebDefend 3.5 is a very good product that combines several elements
that make it very channel friendly and an appropriate device for
companies looking to protect their applications from intrusion, data
loss and meet the burdens of PCI, HIPAA, SOX and other compliance
requirements.

The name of the big game is data loss protection (DLP), a broad
concept that focuses on preventing data from falling into the hands of
unauthorized individuals. Thanks to Web-based applications, protecting
data and the integrity of associated applications has become more
complex than ever.

Some DLP vendors focus on encryption and end point control, while
others will look to the firewall to protect data. A select few will
offer DLP solutions based on hosted security services. While one can
argue which way is best, the end goal remains the same: protecting the
data without limiting access to valid users.

Breach Security follows a path that leads to an appliance-based
solution, WebDefend 3.5 is a security appliance that is designed to sit
at the edge of the network and actively protect applications and the
associated data from unauthorized access.

Solution providers may prefer Breach Security’s appliance approach;
after all it’s something tangible and can deliver an acceptable margin
on just that alone. Solution providers can also derive revenue from
implementation, monitoring, support and management–all service-related
elements that can add up to significant income, while providing
valuable service to customers with security concerns.

WebDefend 3.5 comes as a 1U appliance, which starts at a retail
price of $19,995. The device incorporates a multitude of security
features, including:

  • SSL management
  • Dynamic profiling
  • Collaborative detection
  • Behavioral analysis
  • Rules and signature analysis
  • Protocol violation
  • Session protection
  • Usage analysis
  • Bi-directional exit control
  • Application defect detection
  • Correlation and analysis reporting
  • Distributed detect/prevent architecture

While many of those are fancy terms for some rather pedestrian
security technologies, it’s still important to understand how each
contributes to the overall effectiveness of WebDefend 3.5. For example,
SSL decryption allows the device to look inside normally encrypted
traffic to check for intrusions or data leakage, an important
consideration since most Web applications use SSL by default. If you
can’t see what the traffic is, then how can you check to see if it is
legitimate?

The various security engines work together to validate traffic and
data by applying defined rules. Administrators can set rules to detect
various forms of data, ranging from something as esoteric as a social
security number to credit card information. Those rule definitions are
not only important for DLP, but also make the device an excellent tool
for meeting regulatory compliance.

In reality, a whole book could be written on the product’s features
(and Breach Security supplies one, it’s called the manual). The feature
mix is what determines where the product fits in the market and how
well it will meet the needs of the customer, and solution providers
should look at this feature set as an indicator of overall capability
and as a checklist for comparing the device to the other DLP players in
the market.

While the product offers many of the same features as competitors, it’s the unique features that help to set it apart.

WebDefend 3.5 offers multiple deployment options, one of which is
unique to the market segment–the device can be deployed out-of-line in
a networked Web environment and still block all detected attacks. Why
is that important? Simply because if the unit fails, it does not take
the network down with it and the unit will not introduce any latency
into the network with the out-of-line deployment scenario. Of course,
the unit can be deployed as an inline device and some administrators
will prefer that setup, knowing that all traffic will be sure to pass
through the unit. Either way, WebDefend 3.5 doesn’t require a
reconfiguration of the network.

When it comes to detection and remediation, WebDefend offers a
workflow style presentation of the information. That offers several
advantages to both security analysts and application developers by
allowing them to work together to further secure an application. The
way it works is by presenting the information from the initial
detection of a security event, through the investigation and analysis
in a simple to export report, all in a single step.

Most products on the market rely on a browser-based management
console for administrative chores, while WebDefend 3.5 uses a client
application installed on the administrator’s Windows PC. That approach
can complicate deployment and management, yet it will prove to be more
secure. What’s more, the client application offers a better interface,
performance and feature set than any Web-based client. That proves to
be important, when one considers the complexity of DLP and regulatory
compliance. Here, WebDefend’s management client offers fully integrated
help, a tabbed graphical interface, all with drill-down-able
information. That proves to be intuitive and will reduce training,
setup and maintenance hours.

Another element that simplifies deployment is the products ability
to “model” transactions. In other words, the device can learn what an
acceptable activity is and then use that to build access policies. For
many, that will prove to be a more efficient way to create access
policies. Most competitors on the market, take the “block everything”
approach where all access is shut down and then gradually opened based
upon predefined rules. That method can impact operations and delay
users’ access to critical applications. Without modeling, defining
those initial access rules can be a shot in the dark.

There’s a lot more than just validating user access when it comes to
protecting Web applications, the Web is full of individuals launching
scripted attacks, bots and other malicious software into an application
with the goal of gaining additional access, denying service or phishing
for proprietary data.

WebDefend 3.5 takes on that challenge by identifying attacks, such
as e-mail harvesting robots, comment evasion, file inclusion attacks,
insecure cookies and SQL injection variants. Those attacks are
identified using both signature files and by identifying abnormal
behavior.

While WebDefend 3.5 proves to be packaged well, offers excellent
capabilities and is easy to deploy, there are still several questions
solution providers will need to ask before settling on what Web
application firewall to deploy. Questions such as:

  • How will the solution be integrated?
  • Who will use it (security administrators, app developers, end users, etc.)?
  • What complimentary solutions will be incorporated (end point protection, SSL, etc.)?
  • Hosted, premise or a combination of solutions?
  • Number of applications, users and locations supported?
  • Which compliance requirements (PCI, HIPAA, SOX, etc.)?
  • Scalability?
  • Depth of reporting and analysis needed?
  • Transparency to the network infrastructure?

Solution providers can apply these questions to Breach Security’s
WebDefend 3.5, as well as the company’s primary competitors, Imperva,
F5, Citrix, Barracuda and a few others. Most solution providers will
find that the true catalyst behind selling a Web application firewall
will come down to PCI compliance, which has fueled major interest in
the market. Beyond the Web application firewall deployment, there’s
some additional opportunity for the solution provider, especially those
with app development chops.

The real truth is that a Web application firewall’s primary function
is to protect poorly secured application code, which is often the root
cause of an application breach to begin with. Solution providers
managing those products can quickly delve into the remediation chores
of tightening up custom application code and further securing the
customer, while improving the ability to meet compliance requirements.

Web application firewalls still prove to be an excellent starting
point for delivering advanced security and it’s hard to beat what
Breach Security has accomplished with Web Defend 3.5.