One of the seminal security events each year is the release of the Trustwave Global Security report. The 2019 report, which is based on data collected in 2018, was released earlier this year. It is a sobering read. One headline figure is the astonishing fact that 100% of web applications they tested displayed at least one vulnerability for the second year in a row. This is up from 96% in 2014, 97% in 2015 and 99% in 2016 reports. To put this 100% figure into context, it’s worth noting how comprehensive the Trustwave Global Security report is: It summarizes the security vulnerabilities detected on their security infrastructure installed with client organizations and collects feedback from their security services business. The report uses data from millions of network vulnerability scans and monitored web transactions, thousands of web application security scans and penetration tests, plus the monitoring of billions of emails from managed organizations in 17 countries.
The Trustwave Global Security report demonstrates that most organizations need to do more to mitigate risks to their applications on the web. Kemp can be your partner in achieving this as we have the experience and the tools you need.
Kemp’s Web Application Firewall (WAF) helps to protect your custom or off the shelf applications from common vulnerabilities, such as SQL injection and cross-site scripting (XSS). It lets you create per application security profiles to enforce source location-level filtering, pre-integrated rulesets for common attack vectors and custom rules support. With these pre-defined rules and the ability to create your own custom rules, you can protect all your applications from within the LoadMaster from known attacks and prevent specific traffic patterns from reaching your applications and APIs – all without changing your application or infrastructure. It can also help meet organizational PCI-DSS and data loss prevention (DLP) compliance requirements. Visibility is provided with granular per-application event logging, in-UI statistic visualization and false positive analysis with rich telemetry to 3rd party SIEMs.
The Kemp Web Application Firewall (WAF) enabled as part of your network infrastructure helps deliver in-depth, defence for your web servers and applications from an ever changing threat landscape. Our cost-effective solutions allow you to start with the protection you need today, and then scale and grow as the number of users of your applications grow.
In addition to providing the protection you need we also make it easy for you to deploy and manage a LoadMaster solution. Predefined templates are available for many popular web applications with the right settings for most scenarios pre-set. The Kemp Technologies provided templates ensure that only the correct ports and settings are open to ensure the smooth running of the application; all extraneous ports are closed thus reducing the attack surface of the LoadMaster within the network.
Application security is a multifaceted and ever-changing task. It needs to be applied at multiple levels of the infrastructure that serves applications. One thing that is clear is that security should be provided on the network before requests reach the backend application servers. Deploying LoadMaster alongside your other network security tools, such as firewalls, will allow you to provide the best protection you can against the multiple threats outlined in the Trustwave Global Security Report.
Based on my personal experience, Kemp provides the best load balancers with the widest platform support in the industry, specifically for virtual / software and hardware deployments. A key part of our holistic application delivery strategy includes the mitigation of application-specific vulnerabilities. We continue to expand on our application-centric offerings by providing key security features and services that allows customers to enable secure access to web-based applications.
Contact us today to discuss all your application delivery and security needs.
Part 0: LoadMaster SecurityPart 2: SSL/TLS SecurityPart 3: Identity AccessPart 4: LoadMaster and SIEM Log Analysis