Application Security for Every Scale
my.defence
Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are making great strides in helping the industry solve the myriad security problems confronting cloud computing. The benchmark guidelines established by the CSA in the document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This white paper is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document.
Products hyperguard Security features
| Security Features | License | ||||
| Basic | Premium | Proxy | Enterprise | ||
| Web-based user interface |
 |
|
|
|
|
| Basic mode and Expert mode for simple and advanced configuration tasks |
|
|
|
|
|
| Ready-made rulesets for baseline protection and common security measures |
|
|
|
|
|
| Configuration is assisted by intelligent learning algorithms that analyse log files and propose automatically generated application-specific rules |
|
|
|
||
| Automatic configuration for protecting Microsoft Outlook Web Access (OWA) |
|
|
|
||
| Direct import of ModSecurity rulesets |
|
|
|
||
| Central administration of clustered installations |
|
|
|
||
| Role based management of multiple Web applications |
|
|
|
||
| Complete configuration history and audit log |
|
|
|
|
|
| LDAP, Active Directory Admin Authorisation |
|
|
|
||
| Prefixes for separately handling special file types and directories |
|
|
|
|
|
| Preconditions to simplify configuring the rules for individual prefixes |
|
|
|
||
| Object-orientated inheritance mechanisms to quickly create sophisticated rule configurations |
|
|
|
|
|
| Integrated version management: earlier versions can be re-edited and activated at any time |
|
|
|
|
|
| Export and import functions for easy migration of rules from test to live systems |
|
|
|
|
|
| Bi-directional HTTP request analysis |
|
|
|
||
| Protection level can be customised to the risk level of the Web applications being protected |
|
|
|
||
| Protection against all common attack patterns |
|
|
|
|
|
| Regular updates mean that the protection is continually and automatically updated |
|
|
|
|
|
| Web Services Security Gateway (XML/SOAP) |
|
|
|
||
| White/Black-listing in Realtime |
|
|
|
|
|
| Grey-listing in Realtime |
|
|
|
||
Proactive protection including
|
|
|
|
||
| Checks run on syntactic validity of HTTP requests |
|
|
|
|
|
| Validity of XML data against specified given DTD |
|
|
|
||
Additional measures:
|
|
|
|
||
| Separate rulesets for enforcement and monitoring can be used simultaneously (protection ruleset / detection ruleset) |
|
|
|
||
Clusterfunctionality
|
|
|
|
||
| Configurable alarm systems when certain events occur |
|
|
|
|
|
| Notification e.g. by email, post request, snmp trap or as an entry in a separate log file |
|
|
|
|
|
| Log files with host specific logs of all internal system events and error messages |
|
|
|
|
|
| Default error log with events that affect no specific application and thus affect no specific host (e.g. invalid requests) |
|
|
|
|
|
| Audit log recording all administrators' individual actions |
|
|
|
|
|
| Licensed per CPU core |
|
||||
| Licensed per machine instance |
|
|
|||
| Licensed per application |
|
||||
| Reverse/Forward proxy operation |
|
||||