Web Application Security, Application Security Tools

SOVEREIGN BANK PROTECTS WEB APPLICATIONS
WITH WEBDEFEND APPLICATION FIREWALL

WebDefend web application firewall uncovers insecurely coded
applications and defends against information leakage and SQL injections

Sovereign Bancorp, Inc., the parent company of Sovereign Bank, is an $82 billion financial institution with principal markets in the Northeast United States. Founded in 1902 as a small building and loan association, today Sovereign Bank is the 18th largest financial services institution in the United States and a world-class financial services company with nearly 750 Community Banking Offices in nine states, and more than 2,250 ATMs.

Sovereign Bank offers a broad array of financial services and products including retail banking, business and corporate banking, cash management, capital markets, wealth management, and insurance. Being such a large financial institution, it is imperative that the company’s web-facing storefront remain secure against online attacks.

“We had no visibility into what was happening on our website should an attack occur,” said Aaron Weaver, Internet manager-Applications Security for Sovereign Bancorp, Inc. “We were looking for a solution that would allow us to see where and how potential attacks were being executed and pinpoint code vulnerabilities within our web applications. Furthermore, the solution had to be proven to effectively reduce attacks that penetrate our web apps without placing additional burden on our IT security team.”

Sovereign Bank chose Breach Security’s WebDefend web application firewall to protect its online banking application from attacks and at the same time monitor usage of the application to identify any defects or vulnerabilities. With WebDefend, Sovereign Bank was able to report on the level of risk from an attempted attack and show what remediation steps needed to be taken to effectively secure its web applications.

“When we executed the initial pilot, Breach Security provided us with an assessment report of web application vulnerabilities which were detected in our application simply by installing WebDefend. We were amazed to see the number of potential attacks and holes within our web applications that were susceptible to a breach,” continued Weaver. “WebDefend’s forensics capabilities demonstrated that attacks were coming at us from multiple parts of the world including SQL injection attacks that criminals launch to obtain data by taking advantage of unpatched vulnerabilities in our web applications.”

Sovereign Bank was highly impressed with the ease of installation and low maintenance that WebDefend provided. “As a non-inline Internet security appliance, WebDefend was extremely easy to deploy and does not introduce network latency. Furthermore, we need minimal man power to keep WebDefend up and running. It basically runs itself. If I had to put a number on it, I would say it equates to needing less than one full-time employee for maintenance and reporting.”

“It’s critical to our business and our customers that we are able to block suspicious activity on our web applications, ensuring all parties involved are protected against attacks. As the web evolves, criminals are continuously honing their attack techniques. It’s crucial that security solutions are also able to help us predict and adjust to new threats. That’s the beauty of WebDefend. It has the ability to learn web application behaviors by itself and adapt accordingly, protecting us at all times,” concluded Weaver.

WebDefend is a next-generation internet security appliance that provides continuous, comprehensive web application protection to resolve information security challenges such as identity theft, information leakage, regulatory compliance, and insecurely coded applications.