Shortcut guide to Web application firewall deployment

Similar documents
SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SIEMLESS THREAT MANAGEMENT

Web Application Firewall Subscription on Cyberoam UTM appliances

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

Overview. Application security - the never-ending story

Network Security Protection Alternatives for the Cloud

A Comprehensive Guide to Remote Managed IT Security for Higher Education

Building a Smart Segmentation Strategy

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Imperva Incapsula Website Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Security Stress Test SUMMARY REPORT

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SIEMLESS THREAT DETECTION FOR AWS

Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk

to Enhance Your Cyber Security Needs

TRUE SECURITY-AS-A-SERVICE

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Security

Application Security Using Runtime Protection

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Choosing the Right Security Assessment

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

How to Use Micro-Segmentation to Secure Government Organizations

YOUR WEAKEST IT SECURITY LINK?

Delivering Cyber Security Confidence for the Modern Enterprise

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

ANATOMY OF AN ATTACK!

Complying with PCI DSS 3.0

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Comprehensive Database Security

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

The Oracle Trust Fabric Securing the Cloud Journey

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

SECURING DEVICES IN THE INTERNET OF THINGS

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

DIGITAL TRUST AT THE CORE

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SECURING DEVICES IN THE INTERNET OF THINGS

Questions to Add to Your Network Access Control Request for Proposal

Secure Access & SWIFT Customer Security Controls Framework

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

SDLC Maturity Models

Vulnerability Assessment with Application Security

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

McAfee Public Cloud Server Security Suite

An ICS Whitepaper Choosing the Right Security Assessment

Simple and Powerful Security for PCI DSS

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

The Value of Automated Penetration Testing White Paper

Five Essential Capabilities for Airtight Cloud Security

Securing Your Most Sensitive Data

The Honest Advantage

W H IT E P A P E R. Salesforce Security for the IT Executive

Network Security Whitepaper. Good Security Policy Ensures Payoff from Your Security Technology Investment

Protect Your End-of-Life Windows Server 2003 Operating System

RSA INCIDENT RESPONSE SERVICES

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

SECURITY PRACTICES OVERVIEW

Vulnerability Management

Protect Your End-of-Life Windows Server 2003 Operating System

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

The Need for Confluence

Simplify PCI Compliance

RSA INCIDENT RESPONSE SERVICES

WHITE PAPER. Best Practices for Web Application Firewall Management

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

Title: Planning AWS Platform Security Assessment?

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Traditional Security Solutions Have Reached Their Limit

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

An Introduction to the Waratek Application Security Platform

Total Security Management PCI DSS Compliance Guide

Protect Your Organization from Cyber Attacks

Securing Devices in the Internet of Things

CloudSOC and Security.cloud for Microsoft Office 365

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Symantec Small Business Solutions

Ten Security and Reliability Questions to Address Before Implementing ECM

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

What is Penetration Testing?

Transcription:

E-Guide Shortcut guide to Web application firewall deployment Before purchasing a Web application firewall (WAF), there are several factors all organizations must consider. This expert tip offers advice on how to pick a WAF that best fits your organization and lays out the steps for successful deployment. Sponsored By:

E-Guide Shortcut guide to Web application firewall deployment Table of Contents Understanding your web application firewall (WAF) product options How to deploy a Web application firewall (WAF) Resources from Imperva Sponsored By: Page 2 of 7

Understanding your Web application firewall (WAF) product options The PCI Data Security Standard, particularly the code review section of Requirement 6, has made many companies consider purchasing a Web application firewall. But if you're rushing to find a WAF for your compliance needs, how do you know which features are critical? Companies need to consider multiple factors before making a purchase or they will risk making an expensive error. In this series of tips, we'll show you how to pick an application firewall that best suits your organization. A Web application firewall or application-layer firewall, placed between a Web client and a Web server, analyzes application-layer communications and looks for actions that violate a pre-set security policy. By doing so, the device defends Web apps from attacks and prevents potential data leaks. The functions of WAFs should not be confused with network firewalls and intrusion detection and prevention systems, which protect the network perimeter. But before purchasing a Web application firewall, remember that compliance requires more than just throwing a WAF product in front of your Web servers. And, besides, you actually want to improve your investment to enhance corporate security, right? To help you make the right decision for your organization, we'll guide you through the key points in evaluating products. Since buying the right product is just the start, you'll also learn something about properly deploying and managing your WAF so that your company is actually compliant and (somewhat) secure. What to know about Web application firewall projects Whenever new security requirements or legislation are introduced, those tasked with ensuring compliance often tend to rush the decision-making process. Many system administrators base their decision on which product to deploy based solely on a single vendor's sales pitch or a particular requirement or feature they've picked up on. Sponsored By: Page 3 of 7

The result will more than likely be the inappropriate or less than optimal security measures. Even a tight deadline doesn't absolve you of due diligence. To choose a security device like a Web application firewall (WAF), you need to answer the following questions: What does it need to do based on your security policy objectives and legislative requirements? What additional services would be valuable? How will it fit into your existing network do you have the in-house skills to use it correctly and affectively? How will it affect existing services and users and at what cost? New compliance requirements such as PCI DSS require you to update or at least review your security policy before you can answer the first question. A good security policy defines your objectives and requirements for securing data. That foundation allows you to define what security devices are appropriate to meet your requirements. Since each Web application is unique, security must be custom-tailored to protect against the potential threats identified during the threat modeling of your secure lifecycle development program. Review which of these threats the WAFs under consideration safeguard against, such as analyzing parameters passed via cookies or URLs and providing defenses against all of the OWASP Top Ten application vulnerabilities, as well as any additional requirements mandated for compliance. Sponsored By: Page 4 of 7

Web Apps Attacked Every 2 Minutes Protect your Web site from automated attacks Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. Imperva SecureSphere identifies and secures data across file systems, Web applications, and databases. Is your company s Web site safe? You may have heard of the hacking attacks against Sony and Citigroup but have you heard of the attacks on City Newsstand Inc or Burger Me LLC? According to a recent article in The Wall Street Journal, hackers are actively targeting small to midsize organizations. Why? In the time it takes to break into a major company, a hacker could steal data from dozens of small businesses and not get detected. Download Imperva s Web Application Attack Report to learn more about these automated attacks and how to protect your business.» Key findings» Technical reccomendations» Non-technical CEO checklist Whitepaper: Imperva s Web Application Attack Report Learn more about these automated attacks and how to protect your business Download the whitepaper here. Protecting the Data That Drives Business Toll Free (U.S. only): +1-866-926-4678 www.imperva.com Copyright 2011, Imperva All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva.

How to deploy a Web application firewall (WAF) Congratulations. You've selected and installed a Web application firewall that features all of the must-have compliance capabilities. That, however, doesn't mean that you're compliant yet. Proper positioning, configuration, administration and monitoring are essential. The four-step security lifecycle is critical during firewall installation: secure, monitor, test and improve. This is a continuous process that loops back on itself in a persistent cycle of protection. Before any device is connected to your network, make sure that you have documented the network infrastructure and hardened the device or the box it will run on. This means applying patches as well as taking the time to configure the device for increased security. The business rules that you've set in your security policy, such as allowed character sets, will determine how the firewall is configured. If you approach WAF configuration this way, the rules and filters will define themselves. Web application firewalls can expose technical problems within a network or application, such as false positive alerts or a traffic bottleneck. Careful testing is essential, particularly if your site makes use of unusual headers, URLs or cookies, or specific content that does not conform to Web standards. Additional testing time should be allowed for if you are running multi-language versions of an application, since it may have to handle different character sets. The testing should match the "live" application environment as closely as possible. This approach will help expose any system integration issues the Web application firewall may cause prior to deployment. Stress testing the WAF using tools such as Microsoft's Web Application Stress and Capacity Analysis Tools or AppPerfect Load Tester will also help reveal any bottlenecks caused by the positioning of the WAF. Sponsored By: Page 6 of 7

Resources from Imperva The Importance of Web Application Security Monitor and Protect Critical Web Applications Cloud Based Web Application Security About Imperva Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,300 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. Sponsored By: Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback