Swordfish WAF Brochure

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)


Swordfish WAF Brochure

Transcript of Swordfish WAF Brochure

  • www.obrela.com

    Swordfish Web Application Firewall

  • www.obrela.com

    Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating a state-of-the-art transparent security layer over their web applications.

    Web Application Security as a Service

    Web Applications are a direct target for attacks, as they are directly accessible from all parts of the world and form a surface to valuable

    information and, many times, Personally Identifiable information (PII) such as credit cards, identity numbers, health information, etc. Each year,

    web-borne attacks are increased by 30%, while successful breaches reach up to a 60% increase, proving that not only new attack vectors are

    created on a daily basis, but also their effectiveness and complexity is significantly raised. Critical vulnerabilities like HeartBleed and ShellShock

    are disclosed leaving Web developers unable to implement means of protection or, worst, pro-actively plan these low-level vulnerabilities.

    Businesses, on the other hand, have a critical demand of information and services to be available in the minimum amount of time to, amongst

    others, increase profitability or make new business channels available worldwide. Adding to the complexity, regulation standards such as PCI or

    HIPAA, enforce the design and implementation of security controls to safeguard information.

    Swordfish Web Application Security was designed, in order to accommodate both business needs and security requirements. By implementing a

    transparent security layer in front of web applications, security and compliance requirements are no longer a dependency, as all Web requests

    handled by the Swordfish WAF, cleaned from malicious calls and legitimate traffic is directed to the Web Application for the business logic to be


    Swordfish Web Application Security is equipped with state-of-the-art rules, optimized to zero-out false positives and false negatives, as well as a

    set of features that establish a complete security solution for doing business today in the Web.

  • www.obrela.com

    The Swordfish Web Application Firewall Technology is engineered

    to be fully customizable in terms of user and group access

    privileges, aligned with both Corporate and Information Security

    policy. In effect, our solution addresses the security need for

    ongoing operational security not just the technology:

    Continuous Research Based Rule-Set

    The carefully designed policies contain a comprehensive set of

    rules that implement general-purpose hardening, common web

    application security issues protecting against the latest threats,

    while taking advantage of the continuous research on new threats

    appearing on a daily basis on OSI Security Labs. OSI Security Labs

    investigate the vulnerabilities identified, compiles them with the

    latest threats reported by Bugtraq, CVE, Snort, and performs

    primary research to deliver the most up-to-date and

    comprehensive Web Application Firewall service available.

    Anomaly Detection

    The rule-set keeps anomaly scores for each request, IP addresses,

    application sessions, and user accounts. Attack from sources having

    reconnaissance history, incomplete HTTP protocol transactions and

    malicious content within HTTP transport protocol, amongst

    multiple other factors, raise the abnormality score. Requests with

    high anomaly scores are rejected altogether.

    Positive Security Model

    Swordfish WAF analyzes the full HTTP transaction in order to

    understand the application structure, elements, and expected user

    behavior. The positive security model is implemented through the

    profiling of protected applications, including an enumeration of

    application URLs, parameters, cookies, and methods. By the end of

    the Learning phase, the WAF engine will have created a baseline of

    rules including all "whitelist" rules, ready to protect the Client's

    valuable web applications

    HTTPS/SSL Inspection

    The Engine analyzes the full HTTP transaction - even over

    HTTPS/SSL- allowing complete requests and responses to be

    inspected for malicious input. With the high technology inspection,

    fine-grained decisions can take place, ensuring that only malicious

    containing transactions are logged and intercepted.

    Evolution in parallel with Web Applications

    Swordfish WAF combines negative and positive security model in

    order to identify the evolution of a web application. Analyzing the

    full HTTP transaction and inspecting the complete requests and


    responses, the WAF learning engine understands the application

    structure and elements that have changed since the last rule-set

    upgrade. Swordfish WAF evolves with the web application in

    parallel recognizing application changes, while simultaneously

    protecting against deviations in known users behavior.

    Reputational Intelligence (Swordfish ReputationMonitor)

    Obrela Security Industries Reputational Intelligence enhances

    Swordfish WAF, by adding reputational context to all the actors

    associated with the communications between the customer

    infrastructure and the Internet. This is performed by integrating

    and de-duplicating multiple proprietary and open reputational

    feeds. OSI Domestic Intelligence Network uses SIEM and Honeypot

    intelligence to extract and local attack formations & attackers

    targeting multi-region telecommunication providers, amongst

    other industries. Sources based on OSI proprietary intelligence

    (SIEM based reputation, Malware Analysis, Regional Honeynets),

    Commercial Feeds (eg DVLabs) and Open Source feeds allow OSI to

    have total visibility of communication with TOR/Anonymity, C&C

    Servers, Compromised Hosts, Malware Repositories, Phishing

    Sites, etc.

    Web Resource Surveillance (Swordfish SocialMonitor)

    The customer's key web resources and their approved activities

    are extensively tested until a Gold Standard behavior mapping is

    developed. This Gold Standard mapping is then applied to OSI's

    Security Operations Center (SOC) and monitored round-the-clock.

    Any deviation from this mapping will trigger flags within OSI's SOC

    and strict rules of engagement are followed, allowing the

    customer to act quickly and decisively. Features include, but are

    not limited to, screenshot rendering changes, HTML source

    changes, key string monitoring, monitoring against sensitive

    information disclosure.

    Virtual Patching Through Vulnerability Scanner Integration

    Swordfish WAF acts as an external patching tool for systems with

    known weaknesses and vulnerabilities. OSI engineers create

    custom rules in order to reduce the window of opportunity.

    Provided the time needed to patch application vulnerabilities,

    OSImWAF allows applications to be patched from the outside,

    without touching the application source code, making the

    protected systems secure, until a proper patch is produced and


  • www.obrela.com

    Web Fraud Prevention

    Phishing criminals are getting smarter, whilst their techniques are

    constantly evolving. Their enhanced efforts continue to generate

    results from phishing, with the criminals focusing their effort where

    they can get results. Through the optional integration with

    FraudWatch, organizations are able to identify and stop fraudulent

    transactions damaging client's reputation.

    Monitor Mode Option

    With the high technology inspection, fine-grained decisions can take

    place, ensuring that only malicious containing transactions are logged

    without being blocked. In case the positive model is selected, the

    ruleset created during Learning mode, is used to identify deviations

    from normal behavior and instantly produce alerts. In case negative

    security model is selected, the carefully designed ruleset contains a

    comprehensive set of rules that identify common web application

    security issues protecting against the latest threats, while taking

    advantage of the continuous research on OSI Security Labs. In monitor

    mode, the WAF monitors traffic without blocking malicious activity.

    Operators are instantly alerted in case of malicious activity in order to

    manually mitigate the incident.

    Zero Impact Deployment and Ultra High Performance

    Swordfish WAF deployment only takes a few minutes to add web sites

    no matter what technology is used or even no matter the web server

    platform is used. It is practically deployed by just changing the DNS

    record of the site to point to the Swordfish WAF farm. In-house

    setups are also designed with speed-of-deployment in mind.

    Security Updates and Enhancements

    The Swordfish WAF Policies are continuously evolving, by taking

    advantage of the continuous research on new threats appearing on a

    daily basis on OSI Security Labs. Rules and definitions are getting

    updated monthly in order to protect Client's valuable Web

    Applications against the latest threats.

    In-House Deployment Options

    Swordfish WAF appliances provide superior performance, scalability,

    and resiliency for demanding web application environments. To

    maximize uptime, the Swordfish WAF hardware appliances optionally

    feature redu