Breach Security Announces General Availability of First Security Appliance with ModSecurity™ Open Source Web Application Firewall

Affordable appliance features rule sets for Payment Card Initiative and Microsoft™ Outlook Web Access plus an enterprise management console

CARLSBAD, Calif., November 14, 2006 – Breach Security, Inc. the leader in web application security, today announced the release of the ModSecurity version 2.0 open source web application firewall on a security appliance delivering the lowest cost commercial web application firewall available. The ModSecurity Pro™ M1000 appliance is easy to deploy and manage with packaged rule sets to help meet Payment Card Initiative v1.1 compliance, as well as protection for Microsoft™ Outlook Web Access (OWA).

“We have listened to the community and taken the ModSecurity open source project to an entirely new level—with a security appliance that delivers web application security immediately. It is ideal for small-to-medium businesses or large organizations needing just-in-time virtual patching,” said Ivan Ristic, chief evangelist, Breach Security. “The M1000 is easy to install and provides an affordable, essential layer of proven security, along with the PCI rule set that addresses important security vulnerabilities.”

With increasing amounts of customer data flooding complex networks, the risk of stolen or lost information continues to rise. The initial Payment Card Industry (PCI) Data Security Standard was adopted in December 2004 by major credit card companies including Visa, MasterCard, American Express, and Discover. It is designed to prevent fraud and protect consumer privacy when sensitive data is transmitted to a financial institution, merchant or vendor over the web and stored on their network. Released in June 2006, PCI v1.1 calls for source code review or deployment of a web application firewall by mid-2008.

The ModSecurity PCI rule set provides the following measures for compliance:

Build and maintain a secure network: The M1000 is a purpose-built, secure appliance developed with secure configurations of the OS and Apache web server.

Protect cardholder data: The PCI rule set identifies inbound credit card data and obfuscates this information in the audit log file. Furthermore, the PCI rule set will identify and block data if full credit card numbers are being sent to the browser. The M1000 uses an SSL encryption module to provide network encryption and is configured to only use strong encryption/ciphers.
Maintain a vulnerability management program: Capable of running antivirus applications to scan uploaded files. The M1000 will be continuously updated with new signature rule sets and addresses the OWASP Top 10 with the ModSecurity Core rule set.
Regularly monitor and test networks: The M1000 Audit Engine logs complete HTTP transactions. The Console can be used to search for transactions of interest and includes PCI template reports.
The ModSecurity M1000 also includes the OWA rule set providing web application security for organizations enabling remote employee access to Microsoft® Outlook over the internet. A component of the Microsoft® Office suite of products, Outlook is the most broadly used corporate personal information manager in the world.

Along with the PCI and OWA rule sets, the M1000 appliance includes the ModSecurity v2.0 web application firewall, a management console and an enhanced rule set. ModSecurity v2.0 is a highly flexible web application firewall that can be used for a wide range of functions including web application monitoring, web intrusion detection and prevention, as well as just-in-time patching of known vulnerabilities. Released in October, ModSecurity version 2.0 provides greater flexibility, enhanced attack detection, and support for XML and Web Services.

“Our stated goal has been to deliver effective web application security for any size organization, and we have delivered on that promise with our first ModSecurity Pro appliance,” said Marc Shinbrood, CEO, Breach Security, Inc. “The M1000 brings to market all of the advantages of the open source ModSecurity web application firewall in an easy-to-deploy package that includes protection for accelerated PCI compliance and enterprise-level worldwide support.”

The ModSecurity M1000 appliance is available at the list price of $5,995.00US. First year professional support and maintenance is included at no additional charge. The PCI rule set is available with the M1000 at no additional charge for a limited time. The OWA rule set is offered for an additional cost. For more information please visit www.breach.com or call 866 393 0907.

About Breach Security, Inc.

Breach Security, Inc. is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach’s solutions are ideal for any organization’s regulatory compliance requirements for security.  Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit: www.breach.com.

# # #

Media Contacts:

Breach Security, Inc. U.S.

Dan Chmielewski, Principal
Madison Alexander PR, Inc.
dchm@madisonalexanderpr.com
(949) 231-2965