Introducing KEMP’s LoadMaster-Integrated Web Application Firewall Services
KEMP Technologies provides the best software and virtualization-focused enterprise application delivery controllers (ADCs) with the widest platform support in the industry. A key part of a holistic application delivery strategy includes the mitigation of application-specific vulnerabilities. With this in mind, KEMP continues to expand on its application-centric offerings by providing key security features and services that allow customers to enable secure access to applications that are made available over the web.
As an example, the introduction of KEMP’s Edge Security Pack provided a viable migration path for customers transitioning from Microsoft’s EOL’d (end-of-life) Forefront Threat Management Gateway (TMG) by enabling features in KEMP’s flagship LoadMaster ADC such as dual-factor authentication, single sign-on, domain filtering and security group validation. KEMP has further extended its security capabilities with the native integration of Web Application Firewall (WAF) services in its LoadMaster Operating System through collaboration with Trustwave. KEMP’s new integrated L7 WAF is based on the industry leading ModSecurity engine and provides real time coverage for published application threats including the OWASP top ten. Among the attack categories that are mitigated with this new functionality are the following common web application vulnerabilities:
- Cross-Site Scripting (XSS) allows attackers to execute scripts in a victim’s browser that can then hijack sessions, deface web sites and redirect the user to malicious sites.
- Cross-Site Request Forgery (CSRF) forces a victim’s browser to send a forged HTTP request, including session cookie and other included authentication information, to a vulnerable web application.
- SQL Injection causes untrusted data to be sent to a SQL interpreter as part of a command or query, allowing an attacker to trick the interpreter into executing unintended commands or providing access to data without appropriate authorization.
- Sensitive Data Exposure allows attackers to steal or modify weakly protected sensitive data, such as credit cards, tax IDs, and authentication credentials to carry out fraudulent or other malicious activities.
Value of Web Application Firewall in Security Architecture
To secure an application infrastructure, there is no one magic bullet that addresses all potential threats. Because of this, a layered approach is always best. While traditional firewalls are widely deployed and still play a key part in the security of an organization’s network, they are not enough on their own. Modern day hacker attacks are increasingly complex, frequently change vectors used, can bypass traditional firewalls and focus on application vulnerabilities. WAFs help to support an organization’s overall security strategy by adding application-level visibility to help prevent and mitigate attacks. Providing customers with additional tools to protect and optimize their application infrastructures has served as a key driver for KEMP’s inclusion of WAF services in its ADC product line.
Our beta program for the WAF-enabled LoadMaster ADC will launch in September 2014. General availability is planned for November 2014.
Stay tuned for the latest updates!