Key Features

Multiple Web Server Protection

The M1100 can be deployed as a transparent or reverse proxy in front of multiple web servers to insulate web applications from the vulnerabilities inherent in web server technologies. In this deployment mode, the M1100 monitors application traffic, performs a wide set of checks for web application attacks, and reacts in real time.

Out-of-the-Box Security

The ModSecurity Pro M1100’s pre-packaged rule sets prevent information leakage and help organizations with their compliance efforts¹. These easy-to-apply rule sets save time and provide immediate protection for production applications against targeted attacks. Individual rule sets can be applied on a per-web application basis for more customized protection. Included rule sets address:

• Information leakage protection;
• Automated detection of malicious activity;
• Payment Card Industry Data Security Standard (PCI DSS) compliance;
• Open Web Application Security Project (OWASP) Top 10 vulnerabilities;
• Microsoft Outlook Web Access protection;
• Platform-specific protection for Apache, IIS, PHP, ASP, ASP.NET, and others;
• Anti-virus protection for file uploads through integration with ClamAV.

Intuitive, Web-Based Management Interface

The web-based ModSecurity management interface provides easy-to-use, anytime, and anywhere access to alerting, event analysis, and reporting capabilities. The ModSecurity management interface offers administrators a complete picture of their web applications’ operations and security by giving them in-depth event analysis. Detailed and summary reports for security, compliance, and audit requirements are available.

Benefits

• Provides immediate protection for production applications against targeted attacks with plug-and-play installation.
• Prevents information leakage and helps with compliance efforts through pre-packaged rule sets for commercial application vulnerabilities and for PCI standards.
• Delivers alerting, event analysis, and reporting capabilities in an easy-to-use remote console for event viewing and sensor configuration capabilities.
• Does not require the network reconfiguration for deployment.
• Protects the flow of mission-critical web traffic in the event of a power or hardware failure with its embedded bypass card.

¹ Some rule sets may be offered at an additional cost.

ModSecurity Management Appliance

Organizations with multiple ModSecurity open-source and ModSecurity Pro™ M1100 commercial deployments invest a significant amount of IT resources to secure and monitor their web applications. Often, each sensor must be individually monitored to determine if an attack has occurred. As a result, vital IT resources are consumed and application vulnerabilities still may not be identified in a timely manner, potentially leaving the organization and its sensitive data exposed.

The ModSecurity Management Appliance addresses the ModSecurity community’s needs by allowing its members to remotely manage events from their distributed sensor deployments. Used in conjunction with ModSecurity and M1100 deployments, the appliance collects, aggregates, and displays alert information from up to 50 open-source and commercial sensors to provide real-time, detailed visibility into each web application.

Key Features

Support for Multiple Sensors

The ModSecurity Management Appliance supports multiple remote sensors. The appliance is built upon a reliable, high-performance framework that can securely collect log and alert data for events from up to 50 open-source and commercial sensors in real time. This support provides administrators with a single source for web application security information so they can remediate issues immediately.

Detailed Event Analysis

On-screen, detailed event views allow organizations to identify specific application vulnerabilities. The ModSecurity Management Appliance categorizes each alert based on type, provides insight into the sensor receiving it, identifies the source address trigger, and displays the type of attack. Administrators can re-categorize events into custom categories to help document and report on the organization’s compliance with government and industry standards and regulations.

Event Reporting to Support Security, Compliance, and Audit Requirements

The ModSecurity Management Appliance’s reporting capabilities help organizations meet their security, compliance, and audit requirements. Included reports detail events by type, date and time, or per sensor. All reports are formatted and available as PDF files. Reports can be scheduled, produced on-demand, and/or distributed via email to ensure that information is available when and where it is needed.

ModSecurity Management Appliance Benefits

• Provides current and historical web application security information from its centralized event database.
• Offers anytime, anywhere access to alerting and reporting capabilities through its intuitive, web-based interface.
• Presents a complete picture of web application security by supplying detailed event analysis.
• Saves time and deploys easily due to its innovative, self-contained application design that includes an embedded web server and database.