CARLSBAD, Calif., March 7, 2008 — Breach Security, Inc., the leader in web application security, today announced that its flagship web application security appliance, WebDefend, earned top marks in the web application firewall market round-up review, featured in the March 2008 issue of Information Security magazine. In this head-to-head review of six application firewall appliances, WebDefend received an A minus rating—the highest grade awarded. WebDefend was given high praise for features relating to compliance with the Payment Card Industry (PCI) Data Security Standard (DSS), ease of deployment, high detection accuracy, low false positives and performance.
In recognition of the growing importance of securing web applications, Information Security, a TechTarget publication, staged the product bake-off to identify how current web application firewalls are addressing the changing web application security threat landscape. Led by Sandra K. Miller, contributing writer for Information Security magazine, the review examined the following vendor appliances: Breach Security’s WebDefend, Barracuda Networks’ Web Application Gateway (formerly NetContinuum), Bee Ware’s iSentry, Citrix’s Application Firewall, F5 Networks’ Big-IP 8800 Application Security Manager and Imperva’s SecureSphere Web Application Firewall. Each product was graded on ease of installation and configuration, administration, depth of security policy control, monitoring, alerting, auditing and reporting; and overall security effectiveness.
According to the review, WebDefend received the highest praise for addressing compliance requirements for PCI DSS and was also designated as “an excellent choice for data protection as well as application security.” Specifically, Miller cites its design as “intuitive,” and praised the “rich level of detail and customization” WebDefend provides. Breach Security also earned praise for the best information leakage prevention with BreachMarks™, its exclusive pattern-matching feature that recognizes, flags and tops specific types of information, such as credit card or Social Security numbers from being extracted. WebDefend was the only web application firewall deployed in an out-of-line mode while providing comprehensive attack detection and prevention/blocking, PCI compliance and application defect detection. This non-intrusive deployment delivers maximum security without compromising network availability or performance.
The review, entitled “Core of the Matter,” measured protection for common attacks against applications including buffer overflows, cookie tampering, SQL injection, session hijacking, cross-site scripting (XSS), cross-site forgeries (CSRF), forms tampering, remote code execution, malicious code (Internet worms), denial of service, brute force login and forceful browsing. In addition, the reviewers indicate they “configured application-side security features, such as website cloaking, and attempted to gain network and application configuration via nefarious reconnaissance practices such as identifying operating systems and web server details through HTTP header data and scanning utilities like Nmap.”
“As hackers increasingly target web applications, organizations must look beyond traditional perimeter and network-centric technology to secure their web sites and customers’ transactions,” said Mike Pierce, CEO, Breach Security, Inc. “Receiving top marks in this month’s Information Security magazine review is a tremendous honor and validation of the unique capabilities of our WebDefend web application security technology. We will continue to devote development resources to innovate for the evolving web security threat landscape and changing needs of our customers, delivering solutions that are relevant, robust and tremendously effective for today’s businesses.”
Information Security review highlights of WebDefend v3.0:
WebDefend assesses the web application in its production environment and detects insecure and flawed application design techniques that go unnoticed by scanners. The entire application is assessed and any runtime defects can be detected immediately by the organization before they are exploited by hackers. In addition, security teams can bridge the software development lifecycle gap by generating help tickets for efficient defect remediation.
The Information Security web application firewall market round-up review can be viewed in its entirety at http://searchsecurity.com/magazineFeature/0,296894,sid14_gci1303838,00.html.
Additional information on Breach Security can be found on the TechTarget website at http://www.bitpipe.com/rlist/org/1201197142_825.html.
Information Security is a leading source of critical, objective information on strategic and practical security issues for enterprise security and risk managers. Information Security’s team of veteran security journalists and experts break down the security problems challenging enterprises and provide practical resolutions. Its in-depth, comprehensive reports and analyses provide security managers—department managers to CXOs—with the tools, knowledge and information they need to make informed decisions about how to safeguard their enterprises, comply with regulations and standards, and reduce risk. The publication’s analysis of technology and products provide a guide for budgeting and purchasing decisions and trends reports, case studies and industry-leading exposés offers security managers insight into how their peers are addressing and solving key security issues. Information Security is an indispensable guide for any security manager and executive charged with protecting information assets and reducing risk.
Breach Security, Inc. is the leading provider of real-time, continuous web application security that protects sensitive web-based information. Breach Security’s products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company’s products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel, and government. For more information, please visit www.breach.com.
###
Breach Security, WebDefend and BreachMarks are trademarks of Breach Security, Inc. All other brand, product and service names are the trademarks, registered trademarks or service marks of their respective owners.