Cloud based Web Application Security & Firewall: which covers with a 3-tiered approach that includes Protection, Detection, and Incident Response. If any Malware finds in your File-Manager or FTP Account our security service will also clean-up your code and files, it protects In-house Dedicated Server, Cloud Shared/VPS, Amazon, Azure and much more. Please find attached document for more information.
The Protection platform is a cloud-based SaaS Website
Application Firewall (WAF) and Intrusion Prevention System (IPS) which secures
Static, Dynamic, E-commerce, ERP, CRM or any kind of web applications
irrespective of their platforms. It functions as a reverse proxy by
intercepting and inspecting all incoming Hypertext Transfer Protocol/Secure
(HTTP/HTTPS) requests to a website, stripping it of malicious requests at the
Cloud network edge before it arrives at your server. The Web Firewall includes
both Virtual Patching and Virtual Hardening engines that allow for real-time
mitigation of threats with no impact to the website.
The Cloud Firewall is built on a Content Distribution Network
(CDN) that provides performance optimization features to a website. The CDN
utilizes a proprietary approach to caching dynamic and static content across
all nodes in the network to ensure optimal performance around the world.
Web Application Firewall Security Protects
from:
· Mitigation of Distributed Denial of Service
(DDoS) Attacks
· Prevention of Vulnerability Exploit Attempts
(i.e., SQLi, XSS, RFI / LFI, etc...)
Protection Against the OWASP Top 10 (and
more)
· Access Control Attacks (i.e., Brute Force
attempts)
· Performance Optimization
The Detection platform is a cloud-based Software as a Service
(SaaS) Intrusion Detection System (IDS) built on the concept of a Network-Based
Integrity Monitoring System (NBIMS). The monitoring platform is a remote and
local (server-side) continuous scanning engine, providing near real-time
visibility into the security state of a website.
·
Malware Distribution
·
Blacklisting Incidents
·
SEO Spam
·
Phishing Lure Pages
·
Whois Changes
·
DNS Changes
·
SSL Certificates
The platform requires no
installation or application changes. All sites are added and
configured just an A record pointing to Web Firewall.
Our Support team is
available to respond to all website-related security incidents, including
issues identified and those that aren’t. The team is highly trained and capable
of mitigating all website infections and malware related issues.
This platform exists because of the complex nature of website
security. Intrusions occur for a variety of reasons. Although our various
technologies are being employed to assist in the prevention of such
compromises, there are things beyond Web Firewall control. Examples include,
poor user/password management or creation, poor security configurations, and
other similar environmental issues. Because of the expanded attack vector
outside of Web Firewall control, the response platform was designed to provide
organizations a supplementary team to assist in the identification and
eradication of any successful compromises. This would include analysing the
cause, assisting in the patching of the issue, and restoring the environment to
operational order.
FAQ’s
·
We
already have an SSL for our website or application, how WAF helps?
Ans: In general, SSL
only encrypts data being sent from visitor computer to server, which doesn’t
verify the transmitted data has any malware content.
We
are using AZURE, AWS or similar Hosting service, do we require Web Application
Security?
Ans: Normally Hosting
companies only give guarantee on Uptime. Customer is responsible for their own
files.
Our
application is placed in a dedicated server within our office, which has
Anti-Virus & Firewall. Do we require Web Application Firewall &
Security (WAF)?
Ans: WAF has multi
layered security with multiple Firewalls, Anti-Virus and other commercial
security products. You can use WAF as second layer of security.
We
want to restrict Login pages in our application does WAF helps this?
Ans: WAF has
geographical, url, database injections, activity-based blocking, you can
protect your application in many ways.