6Scan is a full service security solution for you website. Patent-pending technology combines a full suite of features that scan and automatically fix critical issues that - if left unresolved - could damage your business and customers, your reputation and destroy your web presence.        

What Does 6Scan Do?

1. Find. The 6Scan six independent scanners work to detect vulnerabilities, scan for malware and inspect your website's files to determine any security issues or risks.
2. Fix. Patent-pending technology automatically fixes any security issues as soon as they are detected. We deploy a WAF (Web Application Firewall) and custom vulnerability patches to make sure any attack vectors are blocked. The entire process of detecting and fixing vulnerabilities is fully automated, managed through a unified dashboard.
3. Protect. 6Scan will continue to monitor your site for new vulnerabilities and security risks. The scanning is scheduled automatically or can be triggered manually and you will be notified of any issues. As with all our services, this process can be monitored from your dashboard where you have the opportunity to roll back any changes.

Malware Scan. A complex scan that runs a number of different tests to detect any signs of malware on your website. The 6Scan malware scan deploys a much larger set of tests than most of the simple or embedded scanners to make sure that even the latest emerging threats are detected.                         Malware Removal. A service to restore your website after a malware attack. 6Scan's security experts will access your website and remove any malicious code or backdoors.             Server-Side Scan. A scan and examination of the files on your hosting account for any signs of backdoors or hidden malware code which could be used to compromise your website.             Website Scan. Detects vulnerabilities that could make your site a target for attacks. The proactive service works seamlessly in the background to maintain website security.                                     Auto Vulnerability Repair. Patent-pending patching technology acts immediately to resolve problems with vulnerable website code. Left unchecked these issues become entry points for hackers to gain access to your website.                                         CMS Scan/Repair. Automatically repairs problems created by outdated and vulnerable plug-ins and content management systems such as WordPress, Drupal, and Joomla, used by millions of websites.

nevisProxy is a secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats.

Features and Tasks:

• Protection against denial-of-service attacks
• SSL termination (encryption and acceleration)
• Session and timeout handling (single session)
• SSO (single signon)
• Initialization of multi-step authentication
• Authentication in cooperation with nevisAuth
• Propagation of user identities incl. additional information (roles) in secure token (SAML, JWT, Nevis SecToken, HTTP Header etc.)
• Role-based authorization
• Cookie caching
• Renegotiation of client session association
• Caching and data compression
• Content inspection and validation (HTML, XML, JSON etc.)
• Input validation (black- and whitelists with self-learning)
• Virtual patching enables rapid reaction in case of serious security threats
• URL signing and encryption

The Airlock Web Application Firewall offers a unique combination of protective mechanisms for web applications. Whether your objective is PCI DSS compliance, security for online banking or protection for eCommerce: Airlock WAF will upgrade security for your internet applications – a permanent solution with a host of well thought-out functionalities. Thanks to Airlock WAF, businesses can exploit the potential of the internet without jeopardizing the security and availability of their web applications and services. Each access is systematically monitored and filtered at every level. Used in conjunction with an authentication solution such as Airlock Login or IAM, Airlock WAF can force upstream user authentication and authorization. This allows a uniform, central single sign-on infrastructure. All important information is also made available via monitoring and reporting functions. Airlock WAF is the only web application security solution on the market that provides superlative end-to-end protection for complex web environments. Airlock WAF - The main features

• Secure Reverse Proxy
• Central Checkpoint
• Filtering
• API Security
• Dynamic Whitelisting
• Central Security Hub
• High Availability and Performance

Airlock WAF is also available as a hardware appliance With the Airlock WAF hardware appliance, setup and going live will be even easier than today. Of course, hardware appliances can be connected to build a failover cluster with active session synchronization.

Ensure web application performance with Akamai’s WAF. Kona Web Application Firewall from Akamai offers effective protection against web application attacks. Globally-distributed across the Akamai Intelligent Platform™, Kona WAF can easily scale to defend against massive application attacks. Deployed at the edge of your network rather than in a data center, Kona WAF can identify and mitigate suspicious traffic without affecting performance or availability of the origin server. Security rules for Kona WAF are continuously refined by Akamai’s Threat Intelligence Team to protect against known attacks and respond to emerging threats.
With Kona WAF you can: 

• Reduce the risk of downtime, data theft and security breaches with a WAF that can scale to protect against the largest DoS and DDoS attacks.
• Ensure high performance even during attacks thanks to Akamai’s globally architecture.
• Defending against new and emerging threats with help from Akamai’s Threat Intelligence Team.
• Minimize costs of cloud security by avoiding the need for expensive dedicated hardware.

Key capabilities of Kona WAF

• Kona WAF provides comprehensive capabilities to protect against application-layer attacks. 
• Adaptive rate controls automatically protect against application-layer DDoS and other volumetric attacks by monitoring and controlling the rate of requests against applications.
• Application-layer controls offer pre-defined, configurable WAF rules that govern Request Limit Violations, Protocol Violations, HTTP Policy Violations and more.
• Network-layer controls automatically deflect network-layer DDoS attacks at the network edge and define and enforce IP whitelists and blacklists to restrict requests from certain IP addresses or geographical regions.
• Security monitor provides real-time visibility into security events and enables administrators to drill down into attack alerts.
• Logging features enable you to integrate WAF and event logs with security information and event management to increase your threat posture awareness.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules. BENEFITS INCREASED PROTECTION AGAINST WEB ATTACKS AWS WAF protects web applications from attacks by filtering traffic based on rules that you create. For example, you can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows you to block common attack patterns, such as SQL injection or cross-site scripting. SECURITY INTEGRATED WITH HOW YOU DEVELOP APPLICATIONS Every feature in AWS WAF can be configured using either the AWS WAF API or the AWS Management Console. This allows you to define application-specific rules that increase web security as you develop your application. This lets you put web security at multiple points in the development chain, from the hands of the developer initially writing code, to the DevOps engineer deploying software, to the security experts conducting an audit. EASE OF DEPLOYMENT & MAINTENANCE AWS WAF is easy to deploy and protect application(s) deployed on either Amazon CloudFront as part of your CDN solution, the Application Load Balancer that fronts all your origin servers, or Amazon API Gateway for your APIs. There is no additional software to deploy except to enable AWS WAF on the right resource. You can centrally define your rules, and reuse them across all the web applications that you need to protect. IMPROVED WEB TRAFFIC VISIBILITY You can set up AWS WAF to just monitor requests that match your filter criteria. AWS WAF gives near real-time visibility into your web traffic, which you can use to create new rules or alerts in Amazon CloudWatch. COST EFFECTIVE WEB APPLICATION PROTECTION With AWS WAF you pay only for what you use. AWS WAF provides a customizable, self-service offering, and pricing is based on how many rules you deploy and how many web requests your web application receives. There are no minimum fees and no upfront commitments. ENHANCED SECURITY WITH MANAGED RULES With Managed Rules for AWS WAF, you can quickly get started and protect your web application or APIs against common threats such as OWASP Top 10 security risks, threats specific to Content Management Systems (CMS), or emerging Common Vulnerabilities and Exposures (CVE). AWS security sellers will automatically update the managed rules for you as new exploits and bad actors emerge, so that you can spend more time building rather than managing security rules.


 

Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps. These attacks can be prevented, but organizations often struggle to implement a robust web application security posture due to several challenges:

• Application security is complicated to deploy and manage without specialized resources.
• Continuous updates to applications can lead to new vulnerabilities.
• Legacy applications were developed without secure coding practices.

Why Barracuda WAF-as-a-Service?

• Built on a proven security platform. Enterprise-proven technology that provides comprehensive protection from all OWASP recognized security risks, DDoS attacks, and even the most advanced zero-day threats. Proactive bot defense ensures always-on protection from automated attacks, web scraping, and brute force attacks.
• Simplified application security for everyone. Remove the complexity of setting up and configuring your application security solution. Barracuda WAF-as-a-Service delivers protection for your web apps in minutes thanks to a simple 5-step setup wizard, and numerous pre-built security policy templates.
• Complete control. Unlimited rulesets. For more advanced users, Barracuda WAF-as-a-Service offers a level of control traditionally reserved only for on-premises and public cloud solutions. Fine-tune specific policies for each component of every application's security profile.
• Automated vulnerability discovery and remediation. Barracuda Vulnerability Remediation Service is built-in and provides automatic vulnerability detection and remediation which can be scheduled, ensuring ongoing protection without any administrative overhead.
• Granular visibility with detailed logs and reports. Gain rich insight into all web traffic events and users. Detailed compliance reports help you easily understand your security status at any given time by having complete visibility into all HTTP/S traffic.
• Unmetered DDoS protection included. DDoS attacks disrupt the service availability of your web apps which can have a significant impact on your business. Barracuda WAF-as-a-Service defends against the full spectrum of L3-L7 DDoS attacks ensuring the availability of your web apps.

The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection from Evolving Threats The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known applicationlayer attack modalities. Automatic updates provide defense against new threats as they apear. As new types of threats emerge, it will acquire new capabilities to block them. Identity and Access Management The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users. Affordable and Easy to Use Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process

Highly targeted assets demand perfect security, but can’t afford loss in performance. Critical systems are increasingly targeted because they contain the most valuable information. These systems cannot afford a moment of unscheduled downtime or performance degradation as they are the lifeblood of the organization. They often run on out-of-date or unsupported operating systems, which are costly to secure and support. The most common approach to defending these systems typically relies on layering multiple, ineffective security products, which is costly, creates risk and jeopardizes performance. CB Protection is an industry-leading application control product, used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. Leveraging cloud reputation services, IT-based trust policies and multiple sources of threat intelligence from the CB Predictive Security Cloud, CB Protection ensures that only trusted and approved software is allowed to execute on an organization’s critical systems and endpoints.
CB Protection combines application whitelisting, file integrity monitoring, full-featured device control and memory/tamper protection into a single agent. CB Protection watches for behavioral indicators of malicious activity and conducts continuous recording of attack details to provide rich visibility into everything suspicious that attackers attempt to do. With the addition of the File Delete feature, CB Protection is now a direct control for requirement 5 of PCI DSS, enabling customers to remove traditional antivirus without the need for undergoing the compensating control process.
Security teams can harden their new and legacy systems against all unwanted change, simplify the compliance process, and provide the best possible protection for corporate systems at enterprise scale. CB Protection is available through MSSPs or directly through on-premise.
Key Capabilities
CB Protection is a powerful positive security solution for data centers and critical systems that allows server admins to control change while consolidating agents. Using a ‘Default Deny’ approach, CB Protection reduces your attack surface and downtime by automating approval of trusted software and eliminating the burden of whitelist management.
Lock Down Critical Systems
Stop malware and non-malware attacks by preventing unwanted changes to your applications and files, providing you with the control over your environment that you need.
Ensure Continuous Compliance
Accelerate compliance by meeting many of the requirements in regulatory standards and frameworks, such as PCI-DSS, HIPAA/HITECH, SOX, NERC CIP, GDPR and NIST 800-53.
High Performance and Low Touch Application Control
Be confident that your solution is blocking the “bad” and allowing the “good” without interrupting daily operations.

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Application delivery controllers are purpose-built networking appliances whose function is to improve the performance, security and resiliency of applications delivered over the web.

Citrix ADC is an application delivery and load balancing solution that provides a high-quality user experience for your web, traditional, and cloud-native applications regardless of where they are hosted. It comes in a wide variety of form factors and deployment options without locking you into a single cloud. Pooled capacity licensing enables the movement of capacity among cloud deployments.

 

The main features of Citrix ADC:

• Provides industry-leading app delivery and load balancing

• Fully integrates with Cisco ACI; endorsed as a Cisco ACE replacement

• Offers the most comprehensive set of ADC features in the ACI ecosystem

• Enables automation and orchestration of network-critical services to boost agility

 NetScaler, an advanced software-defined application delivery controller, is your networking power player. It provides outstanding delivery of business applications—to any device and any location—with unmatched security, superior L4-7 load balancing, reliable GSLB, and 100 percent uptime. In fact, NetScaler offers up to five times the performance of our closest competitor. Plus our TriScale technology saves you money by allowing your network to scale up or down without additional hardware costs.

Cloudflare security engineers constantly monitor the Internet for new vulnerabilities. Cloudflare’s WAF helps you stay ahead of threats by automatically updating when new security vulnerabilities are released. Rules created by Cloudflare in response to new threats are responsible for mitigating the vast majority of threats on our network. While traditional OWASP rules and customer specific rules are important, they are not enough without Cloudflare's automatic WAF updates. Cloudflare sees roughly 2.9 million requests every second, and our WAF is continually identifying and blocking new potential threats. If you’re using a web application firewall that doesn’t leverage the collective intelligence of other web properties, you need to supply all your own WAF rules from scratch, which means you need to monitor the entire Internet security landscape on your own. Multi-Cloud Holistic Security Framework Cloudflare offers a single source of control for the security of websites, applications, and APIs, hosted across multiple cloud environments. Multi-cloud security provides visibility into security events, while allowing for consistent security controls, across all clouds in which Internet assets are deployed. Any attack traffic seen by Cloudflare is recorded and analyzed. Cloudflare’s network then shields Internet assets across all cloud providers. PCI Compliance Utilizing Cloudflare’s WAF helps you cost effectively fulfill PCI compliance. If you’re a merchant who handles consumer credit card information, PCI DSS 2.0 and 3.0 Requirement 6.6 allows for two options to meet this requirement: Deploy a WAF in front of your website Or, conduct application vulnerability security reviews of all of your in-scope web applications OWASP, Application-Specific, and Custom Rules Cloudflare’s WAF protects your web properties from the OWASP top 10 vulnerabilities by default. These OWASP rules are supplemented by 148 built-in WAF rules that you can apply with the click of a button. Business and Enterprise customers can also request custom WAF rules to filter out specific attack traffic. OWASP Top 10 Vulnerabilities

• Injection
• Broken Authentication and Session Management
• Sensitive Data Exposure
• XML External Entities (XXE)
• Broken Access Control
• Security Misconfiguration
• Cross-Site Scripting (XSS)
• Insecure Deserialization
• Using Components with Known Vulnerabilities
• Insufficient Logging & Monitoring

Protecting Against Zero-Day Vulnerabilities Cloudflare security engineers have dealt with a lot of zero-day vulnerabilities over the years. Read our developer blog to learn how every website on our network benefits from their virtual patches. A Look at the New WP Brute Force Amplification Attack A vulnerability in the XML remote procedure protocol allowed potentially thousands of brute force password attempts in a single HTTP request. The Joomla Unserialize Vulnerability The Joomla Unserialize Vulnerability allowed remote code execution via a poorly sanitized User-Agent and X-Forwarded-For headers. Protection Against Critical Windows Vulnerability (CVE-2015-1635) Cloudflare WAF protected users from a critical bug that allowed unpriviledeged users to hang a Windows web server. Threat Blocking & Privacy Features

• Collective intelligence to identify new threats
• Reputation-based threat protection
• Comment spam protection
• Block or challenge visitors by IP address
• Block or challenge visitors by AS number
• Block or challenge visitors by country code
• User agent blocking
• Zone lockdown
• Security level configuration

Introducing CORE Security

When it comes to securing your cloud, you need to peace of mind that security’s at the core of your hosted infrastructure. That’s why we’ve put together three ServerChoice CORE Security™ packages, with varying levels of protection, so you can get best-fit cyber security for your organisation.

CORE Base

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Quarterly
• System hardening
• Next-generation firewall
• Advanced DDoS mitigation: Standard (20 Gbps)

CORE Enterprise

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation: Enhanced (250 Gbps)
• 24/7 SIEM services

CORE Platinum

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Managed Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation
• Pro (Terabit+)
• 24/7 SIEM services
• Intrusion Prevention System (IPS)

Bolt-on CORE Security™ Services

In addition to the above security packages, we offer a range of additional security enhancements to deliver maximum protection from cyber threats:

• Data loss prevention (DLP)
• Web application firewalls (WAF)
• Penetration testing
• URL filtering (Virtual Desktops only)
• Email spam filtering and antivirus (Exchange only)
• Compliance consultancy

DBAPPSecurity Web Application Firewall (DAS-WAF), which is the innovative product with our intellectual property, protects Web Application from cyber attacks and control the critical data. It is designed to easily fit into any existing data center environment, rapidly secure and accelerate new and existing Web Applications out of the box. Deployment options include inline as well as offline modes.

DAS-WAF is placed between Web server and internet-facing firewall. All client connection requests received are accepted.

On the Incoming Path

1. Terminates application layer protocols for maximum visibility, security and control
2. Decrypts SSL traffic
3. Normalizes the data to handle multiple encoding format and to detect malicious attacks
4. Applies Website user access control check
5. In-depth inspects the application layer traffic for any vulnerabilities
6. Denies malicious traffic

Data Protection

1. Outbound data is inspected for data leak prevention, such as sensitive information, social security number, bank account numbers, and credit card number, etc.
2. The data is cloaked to hide server specific information to prevent hackers exploring Web server resources
3. Data can be optionally compressed to accelerate the application delivery
4. The data is encrypted and sent to the clients of the Web Application

System

1. Logs all the data and actions were taken
2. Provides a rich set of real-time reporting and alerting features based on the logs, actions and system status.
3. Online update can be downloaded automatically from DBAPPSecurity update server.

Features

• Protection against more than 30 common attacks in Web application: After deploying DAS-WAF, the system enables automatic protection against all SQL injections, command injections, configuration injections, LDAP injection, cross-site scripting.
• PCI Compliance: DAS-WAF protect Web application from the OWASP Top 10 threats
• HTTP, HTTPS and FTP protocol compliance: DAS-WAF ensures that all inbound requests comply with the HTTP, HTTPS and FTP specifications respectively
• Outbound data theft protection: DAS-WAF in-depth inspects all server responses for sensitive information leakage. Users can configure custom patterns for data leak prevention.
• Protection against CC (Challenge Collapsar) attack and brute force attack: DAS-WAF can detect where to launch malicious attacks by learning user behavior of URL-based access, and intelligently block such CC attack, Brute Force attack.
• Protection against intellectual property theft: DAS-WAF can detect the intellectual property theft based on the signatures, and available for single theft mode and distributed theft mode.
• Virtual Patches: DAS-WAS enables WEB Application Vulnerability Scanner integration as virtual patches, to remediate the system in more timely fashion.
• Whitelist: It is a positive security model for neutralizing “Zero Day Attacks” which is not anticipated in advance. By Automated Learning, the system generates a positive profile for your application over time. Multiple configurable heuristics determine that anomalous traffic is not used for generation the profile.
• Failed Info Tracking: DAS-WAF can automatically identify failed server responses and classify the information whether it is WEB application error, or a database error, and makes the system remediation easier.
• Anti-tamper: It allows user to detect tampered webpage and prevent attack to publish tampered Webpage on client's server. Anti-tamper function uses G2 digital watermarking technology to detect and deny any tampering in real time.
• Web Application Acceleration: The system can accelerate the application delivery by caching static outgoing content, or compressing outgoing content which can significantly reduce the transmission times.
• Load Balancing (Only in Gateway): DAS-WAF provides the load balancing function to allow adding or removing servers for a protected website, without interrupting the existing traffic.
• Audit Logs: For audit purpose, you can use Audit Logs function to capture all administration and configuration activities of administrator.

DenyAll Web Application Firewall provides a multilayered approach to security services to dynamically detect and block malicious content while efficiently passing benign traffic through. This all-in-one solution protects and manages multiple security solutions - Web Application Firewall, Web Services Firewall and Web Access Management - in a single management console (centralized administration station, monitoring, reverse proxy, etc.). The platform also provides cache, acceleration and optimization of your web traffic. Highlights

• Web Application Firewall (WAF): to protect the web applications vital to every business against external threats and to assure continuous service.
• Web Services Firewall (WSF): to protect the infrastructure, information networks and application servers against attacks while preventing denial of service and anticipating traffic overload.
• Web Access Management (WAM): to simplify Web access authentication while maintaining a high level of security, without agent deployment on the application server.

Protect your organization and its reputation by maintaining the confidentiality, availability, and performance of the applications that are critical to your business with F5 Web Application Firewall (WAF) solutions. F5 WAF solutions are deployed in more data centers than any enterprise WAF on the market. The comprehensive suite of F5 WAF solutions includes managed rulesets for Amazon Web Services (AWS); cloud-based, self-service, and managed service in the F5 Silverline cloud-based service delivery platform; application delivery controller (ADC) integration with F5 BIG-IP Application Security Manager (ASM); and F5 Advanced Web Application Firewall (Advanced WAF). Advanced WAF redefines application security to address the most prevalent threats organizations face today:

• Automated attacks and bots that overwhelm existing security solutions.
• Web attacks that steal credentials and gain unauthorized access across user accounts.
• Application layer attacks that evade static security based on reputation and manual signatures.
• New attack surfaces and threats due to the rapid adoption of APIs.

Advanced WAF is built on proven F5 technology and goes beyond reactive security such as static signatures and reputation to proactively detect and mitigate bots, secure credentials and sensitive data, and defend against application denial-of-service (DoS). Advanced WAF delivers flexible and comprehensive protections wherever apps reside and without compromising performance. Advanced WAF is offered as an appliance, virtual edition, and as a managed service—providing automated WAF services that meet complex deployment and management requirements while protecting your apps with great precision. It is the most effective solution for guarding modern applications and data from existing and emerging threats while maintaining compliance with key regulatory mandates. Key benefits:

• Protect web and mobile applications from malicious bots;
• Safeguard credentials and sensitive data from theft and abuse;
• Defend against sophisticated application denial-of-service (DoS);
• Mitigate sophisticated threat campaigns;
• Protect APIs;
• Ensure application security and compliance;
• Turn on protection immediately;
• Patch vulnerabilities fast;
• Deploy flexibly;
• Defend with proven advanced protections;
• Magnify threat knowledge.

F5 Silverline Web Application Firewall is a cloud based service with 24x7x365 support from highly specialized security experts. It helps organizations protect web applications and data, and enable compliance with industry security standards, such as PCI DSS. Silverline Web Application Firewall is available as a fully managed service for comprehensive and customized app protection, or as an express self-service for rapid deployment of expertly maintained policies. Managed service key benefits

• Ensure application security and compliance
• Get comprehensive protection from advanced layer 7 attacks, OWASP Top Ten application security risks, and zero-day attacks—and enable compliance with key regulatory mandates.
• Get 24x7x365 expert service
• Receive 24x7x365 access to web application firewall (WAF) experts who build, proactively monitor, and fine-tune WAF policies against known and emerging threats.
• Deploy flexibly across hybrid environments
• Ensure consistent web application security, availability, and user experiences across traditional and cloud data centers.
• Defend with proven security effectiveness
• Leverage security efficacy with technology built on the NSS Labs–recommended F5 BIG-IP® Application Security Manager™ (ASM), based on tests that demonstrate 99.89 percent overall security effectiveness.
• Drive operational and cost efficiencies
• Remove the complexity of WAF management,
• increase the speed to deploy new policies, and
• decrease operational expenses.
• Gain attack insights and intelligence
• Access reports through the cloud-based customer portal and incorporate external intelligence for securing apps against identified threats. 

What’s Inside

• Drive Efficiencies with a Comprehensive Web Application Firewall Service
• Receive Expert Policy Building and Monitoring
• Hybrid Policy Management and Deployment
• Defend with Proven Security Effectiveness
• Comprehensive Attack Protection
• Built-In Compliance and Reporting Capabilities
• Gain Attack Insights and Intelligence
• Comprehensive Managed Service App Protection
• Streamlined Self-Service App Protection
• The Silverline Cloud-Based Platform
• Flexible Licensing
• Add-On Threat Intelligence Services
• F5 Security Operations Center

FortiWeb Product Details Whether to simply meet compliance standards or to protect mission-critical hosted applications, FortiWeb's web application firewalls provide advanced features that defend web applications from known and zero-day threats. Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your external and internal web-based applications from the OWASP Top 10 and many other threats. At the heart of FortiWeb are its dual-layer AI-based detection engines that intelligently detect threats with nearly no false positive detections. Features and Benefits

• Proven Web Application Protection. FortiWeb protects against all the OWASP Top-10 threats, DDoS attacks and many others to defend your mission critical web-based applications
• AI-based Threat Detection. In addition to regular signature updates and many other layers of defenses, FortiWeb’s AI-based, dual-layer machine learning engines protect against zero-day attacks
• Security Fabric Integration. Integration with FortiGate firewalls and FortiSandbox deliver protection from advanced persistent threats
• Advanced Visual Analytics. FortiWeb’s visual reporting tools provide detailed analyses of attack sources, types and other elements that provide insights not available with other WAF solutions 
• False Positive Mitigation Tools. Advanced tools that minimize the day-to-day management of policies and exception lists to ensure only unwanted traffic is blocked
• Hardware-based Acceleration. FortiWeb delivers industry-leading protected WAF throughputs and blazing fast secure traffic encryption/decryption

Incapsula can protect your organization against any DDoS threat. WEBSITE PROTECTION Always-on DDoS protection that automatically detects and mitigates attacks targeting websites and web applications. Website Protection is an optional DDoS mitigation service that can be added to any Website Security subscription. INFRASTRUCTURE PROTECTION On-demand or always-on protection against DDoS attacks that directly target your network infrastructure. Infrastructure Protection can be used to defend entire subnets. NAME SERVER PROTECTION Always-on DDoS protection for your Name Server (NS) that protects DNS servers against network and application layer assaults. Name Server Protection also accelerates DNS responses. ALL-INCLUSIVE DDOS PROTECTION Incapsula DDoS protection supports Unicast and Anycast technologies to power a many-to-many defense methodology. This automatically detects and mitigates attacks exploiting application and server vulnerabilities, hit-and-run events and large botnets. 10-SECOND MITIGATION SLA When DDoS strikes, it takes target services moments to go down and hours to recover. Incapsula is the only service to offer a SLA-backed guarantee to detect and block all attacks in under 10 seconds. HIGH-CAPACITY NETWORK Our high-capacity global network holds over  (Terabits per second) of on-demand scrubbing capacity and can process 30 billion attack packets per second. Incapsula network has successfully defended clients against some of the largest attacks on record. ATTACK VISIBILITY Incapsula shows you attacks as they are happening and gives you actionable insight into Layer 7 attacks. Incapsula security dashboard lets you quickly analyze attacks and lets you adjust security policies on-the-fly to stop web application attacks. BLOCK ANY TYPE OF DDOS ATTACK Incapsula proxies all web requests to block DDoS attacks from being relayed to client origin servers. Incapsula detects and mitigates any type of attack, including:

• TCP SYN+ACK
• TCP FIN
• TCP RESET
• TCP ACK
• TCP ACK+PSH
• TCP Fragment
• UDP
• Slowloris
• Spoofing
• ICMP
• IGMP
• HTTP Flood
• Brute Force
• Connection Flood
• DNS Flood
• NXDomain
• Mixed SYN + UDP or ICMP + UDP Flood
• Ping of Death
• Smurf
• Reflected ICMP & UDP
• As well as other attacks

Imperva Web Application Firewall (WAF) analyzes all user access to your business-critical web applications and protects your applications and data from cyber attacks. WAF dynamically learns your applications’ “normal” behavior and correlates this with the threat intelligence crowd-sourced from around the world and updated in real time to deliver superior protection. The industry leading WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic; traffic that slips right through traditional defenses. This includes blocking technical attacks such as SQL injection, cross-site scripting and remote file inclusion that exploit vulnerabilities in web applications; business logic attacks such as site scraping and comment spam; botnets and DDoS attacks; and preventing account takeover attempts in real-time, before fraudulent transactions can be performed. WAF uses patented Dynamic Application Profiling to learn all aspects of web applications, including the directories, URLs, parameters, and acceptable user inputs to detect attacks with exceptional accuracy and block only bad parties, while eliminating impact to legitimate customers. WAF mitigates both technical attacks such as DDoS and SQL injection, as well as non-technical attacks such as comment spamming and site scraping. OVERVIEW SPECIFICATIONS Protect Your Critical Web Applications and Data Imperva Web Application Firewall (WAF) analyzes all user access to your business-critical web applications and protects your applications and data from cyber attacks. WAF dynamically learns your applications’ “normal” behavior and correlates this with the threat intelligence crowd-sourced from around the world and updated in real time to deliver superior protection. The industry leading WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic; traffic that slips right through traditional defenses. This includes blocking technical attacks such as SQL injection, cross-site scripting and remote file inclusion that exploit vulnerabilities in web applications; business logic attacks such as site scraping and comment spam; botnets and DDoS attacks; and preventing account takeover attempts in real-time, before fraudulent transactions can be performed. DYNAMIC APPLICATION PROFILING WAF uses patented Dynamic Application Profiling to learn all aspects of web applications, including the directories, URLs, parameters, and acceptable user inputs to detect attacks with exceptional accuracy and block only bad parties, while eliminating impact to legitimate customers. WAF mitigates both technical attacks such as DDoS and SQL injection, as well as non-technical attacks such as comment spamming and site scraping. GRANULAR CORRELATION POLICIES REDUCE FALSE POSITIVES WAF distinguishes attacks from unusual, but legitimate, behavior by correlating web requests across security layers and over time. Correlated Attack Validation capability examines multiple attributes such as HTTP protocol conformance, profile violations, signatures, special characters, and user reputation, to accurately alert on or block attacks with the lowest rate of false positives in the industry. FLEXIBLE DEPLOYMENT OPTIONS WAF can be deployed as a physical or virtual appliance on-premises, and as a virtual image on Amazon Web Services or Microsoft Azure. Physical appliance deployments are particularly flexible in that they allow WAF to run transparently, requiring virtually no changes to the customer’s network. And granular policy controls enable superior accuracy and unequaled control to match each organization’s specific protection requirements. DEEP THREAT INTELLIGENCE To protect against today’s well resourced cyber-criminals, it is vital to have an advanced warning system that is aware of and protects against constantly evolving web-based attacks. Imperva ThreatRadar updates WAF with real-time threat intelligence crowd-sourced from around the world and curated by Imperva Application Defense Center. ThreatRadar provides better protection, improves WAF accuracy, and makes the security team more efficient by proactively filtering traffic from known bad sources so the security team can focus on what is really important. The following ThreatRadar intelligence feeds are available: Reputation Services: Filters traffic based upon latest, real-time reputation of source Community Defense: Adds unique threat intelligence crowd-sourced from Imperva users Bot Protection: Detects botnet clients and application DDoS attacks Account Takeover Protection: Protects website user accounts from attack and takeover Fraud Prevention: Simplifies deployment of best-in-class partner fraud prevention solutions VIRTUAL PATCHING WAF can perform “virtual patching” for your web applications via vulnerability scanner integration. Instead of leaving a web application exposed to attack for weeks or months while code is modified after discovering a vulnerability, virtual patching actively protects web applications from attacks to reduce the window of exposure, and decreases the costs of emergency fix cycles until you are able to patch them. CUSTOMIZABLE REPORTS FOR COMPLIANCE AND FORENSICS WAF rich graphical reporting capabilities enable customers to easily understand security status and meet regulatory compliance. WAF provides both pre-defined and fully-customizable reports. This enables you to quickly assess your security status and streamline demonstration of compliance with PCI, SOX, HIPAA and FISMA and other compliance standards. MONITORING FOR IN-DEPTH ANALYSIS OF ATTACKS Alerts can be easily searched, sorted, and directly linked to corresponding security rules. WAF monitoring and reporting framework provides instant visibility into security, compliance, and content delivery concerns. A real-time dashboard provides a high-level view of system status and security events.

IndusGuard Web Application Firewall is an operational security control that monitors the inbound/outbound HTTP/S traffic in order to safeguard the critical data and protect Web applications from attacks. An Application can be vulnerable regardless of the cautious development of application code. These vulnerabilities may prove to be disastrous for the brand reputation, thereby losing the customer trust and business revenue directly. Securing an Application, therefore holds as much importance as preventing exceptions, either in security policy, or in the underlying system vulnerabilities in their design, development or deployment. IndusGuard WAF assists in securing a Web Application structure by monitoring the HTTP and HTTPS traffic and protecting the Web Application from malicious attacks in real time. It is industry’s first WAF to guarantee Zero WAF False Positive. It is also the only Security-as-a-Service (SECaaS) WAF to offer integrated fully managed application DDoS solution that blocks application layer attacks by combining human intelligence based expert tuning along with application profiling. Highlights:

• IndusGuard WAF ensures continuous protection against attacks from hackers that exploit OWASP Top 10 vulnerabilities as well as enhanced application layer DDoS mitigation for bots, http connection abuse, clickjacking, Slowloris, and bandwidth theft.
• Zero False Positives & PCI 6.6 Compliance: Our WAF rules for known vulnerabilities never block legitimate traffic when tuned with IndusGuard Web application scanner. It also facilitates PCI compliance by fulfilling requirement 6.6.
• Continuous expert monitoring to validate efficiency of custom rules, ensure zero false positives, instant mitigation support for application exploitation incidences and detailed inspection of application traffic to analyze and block App DDoS attacks.