WAF provides enhanced auditing capabilities

November 3, 2011

3 Min Read


CHICAGO (November 1, 2011) –Trustwave, a leading provider of information security and compliance solutions, today announced enhanced Web application security offerings, including a new version of Trustwave WebDefend and commercial offerings for the open source ModSecurity community, increasing the protection of the most vulnerable application attack vector.

Web applications allow companies to use the power of the Internet to conduct business and interface with a larger market, delivering a better user experience for their customers and partners. With this growth in usage, attackers are targeting the Web application layer to break into the core of an organization and gain access to its privileged information. In fact, Trustwave’s 2011 Global Security Report found that more than 60 percent of breaches were the result of poorly secured Web applications.

The new release of Trustwave WebDefend Web application firewall (WAF), targeted at organizations looking for quick install, immediate effectiveness and out-of-the-box reporting, offers robust and secure integration with Trustwave Security Information and Event Management (SIEM). This enables correlation across application security events for better visibility, increased intelligence and faster response time. Trustwave WebDefend also provides enhanced auditing capabilities critical to any organization’s compliance needs. In addition, it is driven by an advanced learning engine to understand application behavior, requires minimal configuration and provides excellent pre-configured reporting capabilities. WebDefend can be purchased as a stand-alone product, or as a component of Trustwave’s 360 Application Security program, which combines Secure Code Training, Application Penetration Testing, Code Review and Trustwave WebDefend with virtual patching into a holistic application security program.

"We are impressed with the new features of Trustwave WebDefend. It enables better authentication by leveraging our existing LDAP systems, provides system health monitoring and enhanced user activity audit,” said Sergejs Kravcenko, chief of IT, security department, at Latvia-based Norvik Banka. “Now we can easily manage and control our application certificates and monitor appliance behavior based on network and traffic changes. Trustwave WebDefend is always one step ahead in WAF technology.”

Additionally, Trustwave is introducing commercial rules and standard troubleshooting support for the tens of thousands of ModSecurity open source users worldwide. ModSecurity is a viable option for organizations such as hosting providers that have multiple customers using Web applications or companies that want a deeply customized WAF to protect their Web application environment. With more than 13,000 specific new rules to protect Web applications, the ModSecurity Rules from Trustwave SpiderLabs are automatically updated as new threats are identified. Developed by Trustwave SpiderLabs using intelligence gathered from real-world investigations, tests and research, it can be used alone or in conjunction with the OWASP Core Rule Set (CRS).

ModSecurity is the most widely deployed Web application firewall in the world today, yet there are very few options for support or troubleshooting for existing customers outside of the open source community. To address this, Trustwave is now offering standard product troubleshooting and support service. This service offers access to in-depth technical troubleshooting expertise to ModSecurity, providing swift, cost effective support for product and security issues.

“Protecting the Web application layer is essential to any organization that has an online presence,” said Patrick McGregor, senior vice president of product management at Trustwave. “With a strong portfolio of security solutions, Trustwave can work with any client to help properly secure their data, while enabling organizations to take full advantage of Web applications to grow their business.”

About Trustwave Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions including SIEM, WAF, EV SSL certificates and secure digital certificates. Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights