WebDefend is, at its core, a security appliance that provides features targeted specifically to the prevention of exploits in Web applications. The appliance can be deployed out-of-line, inside the firewall, off of a network TAP or monitor; or now inline with no reconfiguration of network resources necessary.

WebDefend profiles individual Web applications specifically for the types of behaviors that are typically acceptable for that application. The appliance then monitors Web traffic in regards to the application, analyzing the traffic in the context of this automatically generated security profile. When a deviation from the normally acceptable behavior is discovered, the device hands the traffic off to its multiple, individual detection engines in an attempt to identify the exact type of threat presented by the behavior.

Detection features of the appliance include ExitControl, which examines data entering or leaving the corporate network for specifically recognized data patterns that may represent sensitive data (such as SSNs or credit card numbers); and Security Defect Detection, which seeks to identify app defects based on insecure coding techniques. The vendor states that SSL traffic can be examined without requiring the termination of the original encryption session; and the product ships with pre-packaged rule-sets specifically designed for PCI DSS compliance.

Once an attack has been identified, the device can take several possible actions in an effort to block the attacker from continuing their actions. The device can work in concert with existing infrastructure, including rewriting firewall rules, issuing commands to the Web server (IIS via ISAPI filters, and Apache with extensions), issuing TCP resets, etc.; and can additionally log the user out of the Web application in question. The new inline deployment option, of course, provides the ability to block packets directly.

Other features include support for the masking of magnetic stripe data (preventing it from being stored or displayed anywhere within the WebDefend software, including audit logs), image "leeching" prevention (watching specifically for images linked to external Web servers), detection of phishing attacks on Web sites, and an updated signature database (application signature rules that are used to identify known attacks).

In addition to the aforementioned inline deployment support, the latest WebDefend release also features support for geographic information in events, and an updated detection engine to include support for the detection of lateral SQL injections, email-harvesting robots and file inclusion attacks; among other enhancements.

WebDefend is available now. A "right-sized" appliance for SMBs (GX60) is priced starting at $19,995 (with support for five Web sites). Contact Breach Security for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about WebDefend

Suggest a link
for the WebDefend fact sheet