Breach Security Releases Enterprise Version of Flagship Web Application Firewall BreachGate WebDefend™

New version scales to support large-scale WebDefend deployments; delivers centralized management in an enterprise architecture

CARLSBAD, Calif., December 5, 2006 – Breach Security, Inc. the leader in web application security, today announced the release of its BreachGate WebDefend Enterprise version 2.0 web application firewall. The new Enterprise version delivers a scalable enterprise architecture capable of managing large sensor deployments, enhancements to automated application profiling, and additional mechanisms for blocking attacks.

“BreachGate WebDefend is protecting web applications for some of the largest companies in the world. These customers have deployed WebDefend appliances throughout their networks and require a solution that scales effectively and is easy to manage,” said Marc Shinbrood, CEO, Breach Security, Inc. “We listened to our customers and delivered a product that meets the requirements of the growing number of large organizations looking to secure their online customer transactions and other sensitive web-based information.”

The new Enterprise architecture addresses the needs of organizations managing large numbers of geographically disparate web applications. The core of the new architecture is a management server providing centralized event consolidation, user management, and command and control. The consolidation of events from sensors throughout the organization also provides an early warning system for enterprise-wide attacks. WebDefend’s enhanced centralized user management provides granular user access control by web application based on roles, and centralized command and control provides a single point of management for all sensors.

In addition, WebDefend Enterprise’s enhanced patent-pending learning process ensures the most accurate application profiles of acceptable behavior available. Since application profiles are used to validate all web traffic, they directly relate to the accuracy of attack detection. Accuracy is important for effective detection of the many variations of Cross Site Scripting (XSS) and SQL injections that circumvent network intrusion detection systems.

With this new release, WebDefend’s application profiles provide unique support for web sites with dynamic URLs. As web sites have become more complex by serving up content from databases, the number of different URLs to profile is growing exponentially. Dynamic URL handling delivers accurate event consolidation and reporting. Without this capability, web application profiles quickly become too large to manage.

WebDefend delivers the ability to block 100% of detected attacks without requiring a network redesign. Blocking mechanisms include integrations with existing network infrastructure as well as Breach Security proprietary defense methods. Blocking mechanisms include:

  • Web server integration—supporting the most widely deployed web server technologies including Microsoft IIS via ISAPI filters, and Apache with extensions.
  • Logout malicious user—when an attack is detected, WebDefend will log the user out of the web application and indicate to the application that this user should not be granted access in the future. To the outside user, it appears that the application has been securely coded rendering it an unattractive target to hackers.
  • WebDefend includes other common blocking mechanisms including issuing TCP- Resets, blocking sessions at load balancers, and rewriting firewall rules.

WebDefend Enterprise version 2.0 is available from Breach Security and its resellers. For more information, please visit our website at www.breach.com or contact us at (866) 393-0907.

About Breach Security, Inc.

Breach Security, Inc. is a leading provider of next-generation web application security that protects corporate-critical information. Breach effectively protects web applications of commercial enterprises and government agencies alike against Internet hacking attacks and provides an effective solution for expanding security challenges such as identity theft, information leakage, and insecurely coded applications. Breach’s solutions are ideal for any organization’s regulatory compliance requirements for security.  Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit: www.breach.com.

# # #


Breach Security, BreachGate WebDefend and BreachMarks are trademarks of Breach Security, Inc.  All other companies’ names and product names are trademarks of their respective organizations

Media Contacts:

Breach Security, Inc. U.S.

Dan Chmielewski, Principal
Madison Alexander PR, Inc.
dchm@madisonalexanderpr.com
(949) 231-2965