Web application layer attacks have become the number one target of attackers and this has critically exposed the soft underbelly of the vulnerability-centric information security model. Attacks have become so sophisticated, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk, and how resources should be allocated to deal with the most damaging attacks.
Today's Web-application defenses are unable to fully defend against threats based on Web application vulnerabilities. These defenses involve repeated cycles of code scanning, shielding technologies, and at some point, remediation. Together, these measures are an expensive drain on security resources and an arduous task that must be performed on an on-going basis, just to attempt to cope with a subset of all Web application vulnerabilities.
This resource intensive process can quickly amount to an economic challenge for small and medium business enterprises, but many large enterprises are not responding quickly to this dangerous threat to their business operations. Explanations such as best practices that are slow to change, lack of awareness, the abstract nature of Web application security in general, technical complexity, lack of developer time and questionable return for the amount of resources required suggests that the absence of a viable, cost-effective and straight forward solution, has left Web application defenders overwhelmed.
ry provides that solution. ry is hot deployable security software for Web applications comprised of drop-in plug-ins and modules for Web servers, database servers and optionally, the server operating system, to extend the security capabilities of Web server architecture to higher assurance levels.
ry Extensible Threat Protection can sandbox and perform extensive analysis of every process from the Web client to the database, applying mathematical models based on new research to monitor the content and context of all session communications. ry is able to predict any destructive command or attack component that would cause difficulties and deny it with the Trustifier kernel behavior enforcer at any step of the process inside its protected execution environment.
A recent report by the Ponemon Institute identified a lack of resources being allocated for Web application security by enterprises and the belief by survey participants that it could take up to 20 hours of developer's time for the remediation of a single high risk vulnerability. For the about the same cost, or less, of fixing a single vulnerability, customers can use ry to immediately protect all Web applications and Web sites running on a single Apache Web application server against all attacks, including zero day attacks, for an entire year.
The first package is now available by Internet download for a very modest price of $999 per server per year- ry 1.0.1 for Apache 2.x and MySQL5 on Red Hat Enterprise Linux 5 (i686/i386,32-bit). (www.trustifier.com/store.html) A free 14-day trial is available. Users will discover that ry takes only minutes to download and configure for hands-off Web application security.
The ry 1.0.1 bundle protects customers against all threats exploiting any and every of the 27 classes of Web application vulnerabilities, including Zero Day attacks.
Trustifier Inc. will be releasing 100 ry package combinations supporting the major enterprise operating systems, databases and Web application servers. For information regarding release of future packages, please email [email protected]
About Trustifier Inc.
Trustifier Inc., established in 2005, is a world leader in Information Assurance and IT security. It developed the Trustifier™ Security Sub-system, an injectable solution designed to transform existing low assurance systems into high assurance systems without affecting system functionality. The Trustifier control framework governs operational end behaviors and privileges of authorized users in a least privilege, trusted execution environment. Trustifier's kernel level mandatory policy enforcement transforms everyday computer systems into certifiably trustworthy computers with a trusted computing base.