Microsoft ISA Server / TMG

hyperguard is a web application firewall that protects the business logic of the web application transported by HTTP against known and unknown attacks (www.owasp.org).

hyperguard runs on all Microsoft server platforms, offers a flexible deployment, high scalability, is configurable flexibly and can be integrated as a plugin solution into existing security structures without large additional costs. The solution helps to fulfill compliance and industry standards (PCI DSS v1.2).

hyperguard is suitable for

• vendors and operators of web portals
• partner portals,
• intranets and extranets,
• eCommerce, e.g. online shops (B2C and B2B) or trading platforms,
• Online banking platforms and financial portals
• Social Networks.

hyperguard is a web application firewall (WAF) that can be installed as separate appliance, plugin on Microsoft web servers or Microsoft ISA/TMG gateways. It is designed to protect webbased services of customers as well as ensure compliance for web applications (PCI). Additionally it protects against abuse and fraud to guarantee future sales.

The flexible deployment as software plugin and virtual hardware appliance fits into all customer infrastructures. This means that a deployment scenario complies with the customer situation – not vice versa.

hyperguard provides black-, white- and greylisting and supports proactive security functions, like URL encryption, authentication framework, etc. The easy menu driven administration is done via wizards. This provides an effective way for creating new rulesets. The seperation between detection and protection and the possibility to run two rulesets in parallel (one active, one in monitoring mode) allows very granular rulesets and error prone testing. This avoids interruptions in the business process, because false positives are already encountered in detection mode.

hyperguard does not need special encryption between the user and the web server. So it is not necessary to change existing security policies on the network layer. This means a better performance due to the deployment scenario and no additional point of failure.

hyperguard offers centralized web authentication service for increased security and savings in development and administration efforts. The authentication is forced upstream and the control itself is delegated to the particular authentication service. The administrator of the WAF can decide the type of authentication for each application without having the need to adapt all applications.

For centralized management and administration hyperguard offers centralized security monitoring, reporting and alerting across all web applications. The hierarchical - Active Directory supported multi administrator model - hyperguard allows an ideal incidence management for effective processes to fulfill compliance requirements.

The integrated cluster technology of hyperguard fits all demands of data centers and web application security. Easy and fast scaling across worldwide distributed cluster installations guarantees no Single-Point-of-Failure with a high reliability and availability of the WAF. hyperguard is also available for cloud scenarios as a dWAF (distributed web application firewall).

In a Microsoft server environment hyperguard is the best available solution for securing your web applications in the intranet and internet. hyperguard supports IIS 5 to 7.5 and is available as a certified solution for MS ISA 2006 and MS TMG.

The benefits of the flexibile deployment scenarios are incorporated in flexible licensing conditions.

Typical deployment of hyperguard basic

hyperguard basic is the solution for small installations and an ideal completion for retailers of the PCI category level 2-4, which can be secured against the common attacks (Blacklist) from the internet with small costs via basic protection. The plugin licence offers Baseline-Protection for a physical/virtual webserver (Single CPU / Single Core ) for 1 IP max. 50 vHosts and up to 10 applications. There is the opportunity to configure multiple web servers via hyperguard basic over an optional available administration console. Against some application specific vulnerabilities, like Joomla, Typo3 or others, art of defence developed rulesets, ready to install. (Due to the lack of enhanced protection functions like Cookie-Handling, hyperguard basic does not comply with the standards of the PCI DSS level 1.)

Typical deployment of hyperguard Premium

hyperguard Premium is the standard solution for companies with 1-5 web servers and higher security standards for their web applications. The plugin will be installed on the web servers and scales with the capability of web servers. The basic licence covers web application attack detection and protection for one physical/virtual server with max. 8 Processor-Cores, max. 500 vHosts and max. 100 applications. A cost-effective upgrading licence is available for additional web servers. (The licence condition for hyperguard Premium provides the operation for the plugin on an active web server)

Typical deployment of hyperguard Proxy

hyperguard proxy is the appliance solution of an installation on a dedicated hardware with installed MS ISA 2006 / TMG server (e.g. SecureGuard appliance) or VMware Image. hyperguard proxy is licensed per core. The basic licence covers web application attack detection and protection for one CPU/Core and can be extended per core through the hyperguard proxy upgradeing licence.

Typical deployment of hyperguard Enterprise

hyperguard enterprise is the solution for big installations with many web servers and many web applications. The basic licence covers web application attack detection (IDS) for all web servers/web applications in a cluster (unlimited web servers and unlimited web applications) of the company. The web application protection (IPS) is licensed per application specific ruleset. (Several applications can be protected by one ruleset.)