Web Application Firewall (WAF)

Securing organizational websites and the critical services that depend on them: Web Application Firewall (WAF)

The Challenge

Do you use web applications to sell products or services? Does your website feature online trading? Do you recruit employees through your website? Is the activity of your organization based on web-apps? You probably answered ’yes’ to most of these questions. After all, most organizations (over 80%) with computing network feature various types of web-apps for all sorts of purposes using technologies such as JavaScript and SQL Scripting – thereby providing an apt response to current business requirements.

 Even ’Custom Made’ websites, which are written in private and secret code, are not always safe and secure: in most cases, most development resources are allocated to functionality and graphics, and in fact, the least degree of attention is paid to sealing security breaches off. Thus, many organizations which heavily rely on web-apps go unprotected, and in fact put their own corporate assets at risk.

Cross Site Scripting cyberattacks and SQL Injection attacks on websites’ web-apps usually result in the sites’ content being compromised and garbled; the company website ends up being defaced and its vandalized content is added external content – this, in addition to database theft and abuse, not to mention deletion or disruption.

Here’s a highly brief and relevant fact:

Nearly 40% (!) of all active websites worldwide are based on Content Management Systems (CMS) such as Joomla or WordPress are based on open code.

Back in the day (the early 1990’s), they were originally designed to be used as blogs, so very little attention was given to data security. The combination of these web platforms being very common and their open, known code, resulted in a flourishing industry of malware and unique cyber-hacking tools, which have grown increasingly sophisticated, to the point they can currently penetrate any unsecured app or website and damage them. CMS-based websites are hackers’ favorite targets!

The Solution

Dedicated tools by the world’s leading vendors. These tools can be used to define access for specific corporate websites, or set (or ’allowed) surfing streams for apps, as well as identify malicious surfers, or ones whose use patterns go against the norm. All this can be used to block cyberattacks in real-time. The Web Application Firewall ’studies’ the service structure (such as drop-down menus or fields app users have to fill in), thereby enabling it to stave off deadly cyberattacks in real-time and protect the corporate website.

Primary Features

  • “White List” to prevent ’false positives’ which falsely block legitimate users
  • Relevant, up-to-date intelligence concerning signature as latest patterns of viruses and malware
  • ’IP address reputation’ mechanism for recommending or blocking suspected addresses
  • Removing both imposters and stolen-identity-based trolling
  • Monitoring and exposing apps’ vulnerabilities and virtually shutting them down until the developer fixes them
  • Client-tailored graphic performance-reports
  • Rapid installation which does not undermine the IT arrays’ performance

Best of Breed: choosing the best product:

After carefully exploring software vendors and existing on the shelf technologies, we at Spider Solutions have chosen as our business partners for Web Application Firewall manufactured by: Imperva, F5.

imperva f5

Spider Solutions’ service concept:

We place the highest emphasis on prompt, professional, courteous and efficient service, so we dedicate a great deal of time and resources in training our employees and certifying them by the leading software and hardware companies, our business partners.

Call center

Spider Solutions’ call center, which is on call 24/7, is fully staffed with data security engineers at our clients’ disposal.