Breach Security Releases Latest Version of ModSecurity Pro Web Application Firewall Appliance

ModSecurity Pro M1100 version 1.6 delivers enhanced alert management and automated PCI reporting

CARLSBAD, Calif., March 31, 2008 — Breach Security, Inc., the leader in web application security, today announced general availability of a new commercial version of its ModSecurity web application firewall, the ModSecurity Pro M1100 v1.6 appliance. The new version delivers significantly enhanced alert management that prioritizes attacks for quick remediation, visibility into security on a per-site basis and automated Payment Card Industry (PCI)-specific reports to prove compliance with section 6.6 of the Data Security Standard (DSS). The ModSecurity Pro appliance is based on the popular open-source ModSecurity software, the most deployed web application firewall, with more than 15,000 users worldwide.

To quickly address security events as they happen, the new ModSecurity M1100 enables administrators to sort alerts by criteria such as severity, site name, source IP and event category, such as a SQL injection or cross-site scripting attack. When sorting by severity of attacks, administrators can prioritize which attacks to remediate first. The M1100 filters both the request from the client and the response from the web server, and correlates the results. If an attack results in data leakage, that event receives a higher severity rating, ensuring high visibility to the administrator. Furthermore, the administrator can view the site name and source IP of the attack, enabling the administrator to quickly take action to prevent further damage.

The latest M1100 also features security policy enforcement and reporting on a per-site basis. This enables administrators to manage each protected website individually, receiving security alerts by site. Administrators can also view events by type and severity across all sites from a single interface, enabling a snapshot of website security across the web environment. The new M1100 v1.6 can also generate reports on a per-site basis.

“This new ModSecurity Pro appliance goes a long way in simplifying web application security management, enabling administrators to quickly see where attacks are occurring and prioritize remediation efforts based on severity,” said Ivan Ristic, ModSecurity author and chief evangelist for Breach Security, Inc. “With the new automated PCI reporting, organizations can address the June 2008 deadline for web application security with a single effective, easy-to-manage, low-cost solution.”

In addition to reporting on attacks, the new version automatically generates reports on PCI DSS compliance. The reports show all PCI-related attacks, such as SQL injections used to extract credit card numbers. The reports also pinpoint where an alert fits into the overall PCI DSS by section number along with an explanation. Once vulnerabilities have been remediated, the M1100 can run a new report that shows the attacks are now being blocked and any data leakage prevented. The M1100 also helps with PCI standard compliance by logging both legitimate transactions, such as accepting credit cards, as well as attacks, such as data card numbers leaking.

Additional features of the ModSecurity Pro M1100 v1.6 include:

  • New severity legend: provides a graphical representation based on severity ranging from information, to notice, warn, error, critical, alert and emergency.
  • Email reporting of attacks: can be configured to send email alerts to one or more email addresses when it has detected alerts that are of a particular severity or above. For example, the M1100 can be configured to send an email whenever it detects attacks that have a severity level of “WARN” or above. Email reporting can be set to forward alerts at different time intervals ranging from every five minutes, to once every twenty-four hours.
  • Streamlined alert management: now offers quick views of alert information under separate tabs for alert, parameter, request, response and rules. Administrators can quickly view aggregated details of alerts such as the values used for a hack within a parameter, or the header and body of a request, response header and body, as well as any rule which triggered an alert.
  • One-click site creation: can now add additional sites to be protected with the single click of a mouse.
  • Detection of comment spam: protects blogs, wikis, guestbooks and other user-contributed sites from the automatic random posting of comments.

For organizations with broad ModSecurity deployments, the ModSecurity Management Appliance supports multiple remote sensors. The appliance is built upon a reliable, high-performance framework that can securely collect log and alert data for events from up to 50 open-source and commercial sensors in real time. This support provides administrators with a single source for web application security information so they can remediate issues immediately.

The ModSecurity Pro M1100 v1.6 appliance is available from Breach Security as well as its worldwide network of partners at the list price of $12,995.00 US. For more information please visit www.breach.com or call 866 205 7032 or +1 760 448 2051.

About Breach Security

Breach Security, Inc. is the leading provider of real-time, continuous web application security that protects sensitive web-based information. Breach Security’s products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company’s products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel and government. For more information, please visit www.breach.com.

###

Breach Security and ModSecurity are trademarks of Breach Security, Inc. All other brand, product and service names are the trademarks, registered trademarks or service marks of their respective owners.