“Given the recent spate of malicious attacks, it is clear that there needs to be a change in the industry,” says Dan Kuykendall, co-CEO and Chief Technology Officer of NT OBJECTives. “The various application security vendors must continue to work together to deliver innovation that helps organizations protect applications already in production more effectively. Security teams are discovering application vulnerabilities, but in the time it takes for a security team to notify the development team that a code fix is needed, a site can be defaced, taken down, or have customer data stolen.”
For this reason, organizations need to rely on WAFs to protect their web applications while developers are fixing the code, when the third party code cannot be accessed or when the code is simply outdated. In the ninth annual Global Information Security Survey conducted by CSO magazine and PricewaterhouseCoopers, the number of respondents who are investing in WAFs grew from 72 percent to 80 percent in the past year1, however, according to 451 Group research only five to 50 percent of enterprises ever put their WAFs into ‘active blocking mode’2.
This contradiction exists because very few enterprise security teams actually have time to properly train their WAFs to provide the necessary protection, leaving applications and enterprises vulnerable to an ever changing landscape of threats. Additionally, as has been the case with IPS deployment, enterprises are concerned that active defensive devices will block good traffic. While WAF and IPS devices include standard rules designed to block vulnerabilities, they lack the specific knowledge of the applications that they are supposed to protect. As such, the included packaged rules are one-size-fits-all and are less effective than rules that are designed to work specifically for that application.
NTODefend goes beyond standard, one-size-fits-all WAF rule generation to create stronger customized rules, while also allowing for rule modification. It combines NTOSpider’s knowledge of the application functionality with an understanding of specific vulnerabilities to be the first tool to create “perfect-fit” custom rules that effectively block bad traffic while letting the good traffic flow through. With these rules, NTODefend also tunes an IPS to behave like a WAF.
NTODefend Product Features
Automated Custom Rule Generation for WAF/IPS – Quickly and easily generate custom rules, and if needed modify these rules, to patch vulnerabilities on WAF/IPS, using the results from NTOSpider scans.
Vulnerability Report Selection – Quickly select which vulnerabilities to patch and automatically generate the highly targeted filters for the user’s particular WAF/IPS solution.
Integration with More WAF/IPS Appliances – NTODefend integrates with all market-leading WAFs including, Sourcefire SNORT, DenyAll, Imperva, ModSecurity, Nitro SNORT, and with Citrix, F5 and Barracuda coming soon. NTODefend automatically generates rules for each WAF/IPS that are highly targeted to the specific vulnerabilities which reduces the risk of false-positives.
Re-scan Ability to Confirm Effectiveness – NTODefend enables security teams to conduct a quick re-scan applications to confirm the trained WAF/IPS effectiveness. Now, teams can quickly confirm that target vulnerabilities are patched and that good traffic can continue to flow through as expected, eliminating the risk of false positives & false negatives and dramatically reducing QA time.
About NT Objectives
NT OBJECTives, Inc brings together an innovative collection of experts in information security to provide a comprehensive suite of technologies and services to solve today’s toughest application security challenges. NTO solutions are well-known as the most comprehensive and accurate Web Application security solutions available. NT OBJECTIVES is privately held with headquarters in Irvine, CA. For more information or to view a product video visit www.ntobjectives.com/defend.