Navigation

Weidenhammer

Alert Logic Web Security Manager

Back to Home

Defending Against Web Application Attacks

Web application attacks are one of the most serious risks in today’s threat landscape. They’re prevalent – seven out of ten environments will be attacked an average of 40 times during a year  – and they’re dangerous, implicated in many high-profile data breaches. From SQL injection attempts to cross-site scripting exploits, solid protection is essential.

Web application firewalls (WAFs) are an ideal technology for this purpose – able to understand web app traffic and intercept attacks, they’re a practical approach to guarding your applications and data. However, they also require expert tuning and management to be effective; otherwise, they impact site availability by blocking legitimate traffic, or are tuned down to a level where they are no longer effective.

A New Approach to Web Application Security

Alert Logic Web Security Manager delivers on the WAF promise. The first Security-as-a-Service WAF, Web Security Manager provides:

  • Leading-edge WAF technology that block attacks with positive and negative security features and intuitive learning that adapts to your unique traffic patterns
  • SaaS delivery and ongoing management services from Alert Logic’s Security Operations Center (SOC) including 24/7 monitoring and ongoing tuning to protect you from emerging threats
  • ActiveWatch services that extend your capabilities with monitoring and alerting, expert guidance, and assistance with incident remediation by certified security analysts
  • Superior value, leveraging Alert Logic’s investment in highly-available infrastructure, security technology, and expert staff for a monthly fee – no capital expenses

Alert Logic Web Security Manager deploys rapidly on-premise, in hosted environments, or in the cloud, without complex integration. Now you can protect your web applications and sites with the superior technology and expert staff without the expense and management burden typically associated with web application firewalls.

Key Benefits

  • Web Security Manager protects your web sites and business-critical applications from web application attacks. Sitting inline and inspecting incoming web traffic, Web Security Manager blocks SQL injection, cross-site scripting, and other common attacks.
  • Web Security Manager protects you from zero-day exploits and emerging threats by blocking unauthorized behavior through a “whitelist” approach.
  • Industry-leading WAF technology provides immediate comprehensive protection, virtual patching, an intuitive learning engine to develop customized security policies, configurable policies for advanced protection, and flexible and customizable reporting options.
  • Security-as-a-Service provides full management and SaaS delivery – no software upgrades, no capital expenses, and Alert Logic’s SOC to provide ongoing management and tuning.
  • ActiveWatch services expand your protection to include 24/7 monitoring and incident escalation by Alert Logic’s certified security analysts.
  • Web Security Manager deploys rapidly and easily wherever your IT goes – on-premise, in hosted environments, or in the cloud.

Detailed Benefits

Web site and web application protection
  • Out of the box proactive protection against SQL injection, cross-site scripting, OS command injection, and other serious web attacks
  • Protection against web application attacks targeting the OWASP Top Ten risks
  • Automated learning engine which develops customized security policies for your sites
  • Compatibility with existing systems and applications
  • High availability infrastructure with automatic fail-over and policy synchronization
  • Support for all languages, including double-byte Asian languages
  • XML, JSON and SOAP web service supported
  • Web server cloaking and customizable HTTP error handling to shield web servers from direct Internet access and defeat -fingerprinting attacks
  • White-list based ¬filtering of input data (including all URLs and parameters) for protection against threats from unpublished vulnerabilities in web server software and applications
  • Blocking at either the application or network level
  • Protection against outbound data theft and log data masking

Improved Website User/Visitor Experience

  • Acceleration – 50 to 100% transfer rate improvement
  • Dynamic HTTP compression
  • Static content caching
  • Intelligent caching of dynamic content
  • SSL termination and TCP connection off-loading
  • Accommodates almost unlimited concurrent users (more than 100,000)
  • Integrates transparently with existing infrastructure, web systems and client browsers

Compliance Support

  • Rapid compliance with PCI DSS section 6.6
  • Support for other compliance mandates, including HIPAA and FISMA

Integrated Managed Web Security Services

  • Expert customized tuning and configuration
  • Incident response and escalation
  • Proactive analysis and ongoing management
  • GIAC-Certified Security Analysts and Researchers
  • 24×7 State-of-the-Art Security Operations Center
  • Applied attack research based on activity of more than 10,000 websites

Security-As-A-Service Delivery

  • Rapidly deploy and scale as needed
  • Pay as you go, with minimal capital expenditure
  • No upgrades or patching – you always have the current product
  • No hidden costs – monthly fee includes software and hardware upgrades, maintenance and patches
  • Easily deployed in on-premise, hosted, or cloud environments