Upload
lionel-dorsey
View
219
Download
4
Tags:
Embed Size (px)
Citation preview
Protecting Customer Websites and
Web Applications
Protecting Customer Websites and
Web Applications
Web Application SecurityWeb Application Security
The Application SecurityMarket ChallengeThe Application SecurityMarket Challenge
Data theft
Data leakage
Compliance
The DamageThe Damage
E-payment site breach compromises 5 million customersAround five million customers of CheckFree Corp. and some banks that use its electronic bill payment service may be affected by a hack that gave criminals control of several of the company's Internet domains. 1/8/2009
Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. 1/22/2009
Hackers breach Heartland Payment credit card system
FAA says info on 45,000 workers stolen in data breachThe compromise resulted from an intrusion into the system that was storing the data, the FAA said in a brief statement. 2/10/2009
What Enables Strong Application Security?What Enables Strong Application Security?
Provide active protection
Stop multi-vector attacks
Inspect all requests – even encrypted ones
Read the entire request - headers and content
View the request as the application will
Counter emerging threats
Web Application Firewall (WAF)Web Application Firewall (WAF)
Examines user interaction with the applicationPerforms deep inspection of HTTP traffic contentBlocks harmful requestsComplements network security measures, e.g., firewall, IDS/IPS
Why Security Rules?Why Security Rules?
Security rules define patterns that indicate hacking Generic rules based on hacking techniques, not specific
applications
Main benefits
Low false-positive rate
Strong security with low maintenance
Software plug-in for IIS and Apache
dotDefender PositioningdotDefender Positioning
dotDefender Security EnginesdotDefender Security Engines
Typical ImplementationTypical Implementation
Technology OverviewTechnology Overview Software plug-in
Multiple security engines
Rule-based
Low maintenance
High efficiency, low impact
Central Management
Open API
dotDefender delivers:dotDefender delivers: Award-winning Web application security
Solution for a wide customer base - enterprise, SME, SMB, service providers
Support for IIS and Apache
Locks down virtual and cloud environments
Affordable security and compliance
Variety of licensing/pricing models
Best TCO in the industry
Business DriversBusiness DriverseBusiness
Transactions
Sensitive data
Active content
Compliance – e.g., PCI
Already under attack!
Target MarketsTarget Markets
• Enterprise• SME• SMB• Service Providers
OpportunitiesOpportunities
Reselling
ServicesConsulting
Implementation
Integration
Additional touch points
Sample Customer ListSample Customer List
Applicure TechnologiesApplicure Technologies
Jan 2004
Incorporated
Apr 2007
IPO TASE: APCR
Offices• US Offices: NY & Atlanta
• Israel R&D office
• Worldwide network of business partners
dotDefender and You dotDefender and You
Provide better security to your clients
Add premium security service to your portfolio
Gain additional customer touch point
Enhance your reputation
Good for your customers’ security…and your bottom line!
Good for your customers’ security…and your bottom line!