Armorize Solutions
|
| CodeSecure™ |
| HackAlert™ |
| SmartWAF™ |
|
Security On Demand
|
| SaaS |
| Malware Detection |
| Source Analysis |
|
Research
|
| Academic Papers |
| Resources |
| Vulnerability DB |
Phone
: 1-408-216-7893
Fax : 1-408-583-4288
info@armorize.com
For products and sales
related queries, write to
sales@armorize.com
Fax : 1-408-583-4288
info@armorize.com
For products and sales
related queries, write to
sales@armorize.com
| Redherring.tv: "without security our enterprises can't gain trust" says Armorize COO, Matt Huang. View the interview |
| RSA 2007: Wayne Huang, CEO of Armorize gave a speech on "Automated Web Application Vulnerability Detection Using Static Analysis" Read More |
SmartWAF™ Web Application Firewall (WAF)
Real-Time Protection at the Web Application Layer
SmartWAF™ is a host-based integrated Web Application Firewall (WAF) that hardens and regulates access by detecting and blocking malicious code embedded in web application traffic. As a software plug-in on the Web Server, it is not designed to replace existing network perimeter security controls such as stateful/proxy firewalls, antivirus gateways or reverse proxies but to complement them by protecting against attacks that these technologies typically miss.
Installing SmartWAF™ as a web server plug-in offers the following advantages:
SmartWAF™ Management
With its intuitive web-based user interface, SmartWAF™ offers easy-to-administer configuration and security functions.
Reporting, Logs and Analysis
The centralized log management utility provides real-time information on incoming traffic, assisting in attack detection and mitigation. These options also assist in analysis of common attack points and points at which security is too stringent restricting legitimate users. Also featured are a number of reporting options that facilitate compliance with legal or contractual regulations regarding record keeping.
Download the Brochure for SmartWAF™
Real-Time Protection at the Web Application Layer
SmartWAF™ is a host-based integrated Web Application Firewall (WAF) that hardens and regulates access by detecting and blocking malicious code embedded in web application traffic. As a software plug-in on the Web Server, it is not designed to replace existing network perimeter security controls such as stateful/proxy firewalls, antivirus gateways or reverse proxies but to complement them by protecting against attacks that these technologies typically miss.
- Identifies, classifies and blocks malicious exploits embedded in the web traffic stream that specifically target web applications
- Integrates with both CodeSecure™ and HackAlert™, importing their findings to explicitly block web application exploits targeted at vulnerabilities identified by those processes
- Installs as a software plug-in directly on the web server (Apache, IIS) itself or on the security gateway (Microsoft ISA, IAG)
Installing SmartWAF™ as a web server plug-in offers the following advantages:
- Removes the single point of failure or bottleneck often experienced with a Network WAF
- Optimizes investment as security costs as scale linearly with web server infrastructure
- Allows creation of rule sets to suit specific web applications on the server avoiding a "one-size-fits-all" rule set minimizing number and complexity of firewall rules
SmartWAF™ Management
With its intuitive web-based user interface, SmartWAF™ offers easy-to-administer configuration and security functions.
- Basic Mode offers step-by-step guides and wizards for rule creation
- Expert Mode allows access to all menus for manual creation of specific rules to protect specific web applications
- Rules are not only customized for specific applications within the infrastructure, but also for specific portions of each application.
- Rules can be applied to all web applications in the cluster or to specific components
- Full support for version history allows "Rollbacks" to earlier configurations and supports auditing tasks.
Reporting, Logs and Analysis
The centralized log management utility provides real-time information on incoming traffic, assisting in attack detection and mitigation. These options also assist in analysis of common attack points and points at which security is too stringent restricting legitimate users. Also featured are a number of reporting options that facilitate compliance with legal or contractual regulations regarding record keeping.
- Graphical displays of statistics show the distribution of accepted and denied requests according to the time and the individual handlers.
- Log files contain host-specific logs from all internal system events and error messages.
- The Audit Log provides a list of all security-related changes to the system.
- The Default Error Log logs events which do not relate to any specific application or virtual host. This includes invalid requests, or requests with a hostname which does not match any of the configured hosts
Download the Brochure for SmartWAF™