Continuous Intelligent Application Protection
Kemp WAF provides continuous protection against vulnerabilities with daily rule updates based on threat intelligence and research from information security provider, Trustwave. It combines Layer 7 Web Application Firewall protection with other application delivery services including intelligent load balancing, intrusion detection, intrusion prevention as well as edge security and authentication for comprehensive secure application delivery.
Layered Application Security
Add protection for common vulnerabilities
| Vulnerability | Protection provided by WAF |
|---|---|
| Injection of untrusted data | Identify and block requests that contain untrusted data or code |
| Broken authentication and session management | Protect against exploitation of weak Session ID management |
| Cross site scripting | Protect against dynamically adding malicious code to a web page |
| Flawed access control | Enforce access controls on what resources are accessible |
| Misconfigured security | Ongoing protection for resources that are misconfigured or vulnerable |
| Sensitive data exposure | Protect against leakage of information such as credit card numbers |
| Attack Protection | Adds a layer of protection via constantly updated rules |
| Cross site forgery | Protect authenticated users against forged requests |
Simplify Application Security
Kemp WAF simplifies the challenge of securing applications against common vulnerabilities and emerging threats by combining best of breed application delivery with advanced security and application protection.
Comprehensive Security Services
LoadMaster provides integrated security capabilities alongside WAF including edge security, L7 IPS/IDS, DDoS mitigation, application publishing and authentication services.
PCI-DSS Compliance
Protecting web applications is of critical importance for all organizations, especially those that process payments. Kemp WAF reduces the need for extensive code reviews for PCI-DSS compliance with industry proven rule sets.
Ease of Deployment and Use
With Kemp’s focus on simplicity and shortening time to production for application deployment, LoadMaster with WAF enables secure, scalable, and always-on workload delivery in one fully integrated, easy to use and deploy load balancing solution.
Application Vulnerability Protection
Ongoing Protection
Kemp WAF includes automatically updated rules that provide protection against known and emerging threats
Cookie Tampering
Cookies are used in authentication and authorization processes as well as to track and maintain state across HTTP sessions. They can also be used to accomplish a number of attacks (SQL injection, XSS, buffer overflow, integer overflow) by injecting malicious values into the cookie.
Cross Site Request Forgery
Cross-site request forgery (CSRF or XSRF) attacks execute unwanted commands on a web application. These exploits inherit the privilege level of the user and appear legitimate to the application which the user is authenticated to. By checking referrer headers, WAF blocks CSRF attempts.
Injection
Injection attacks leverage client sessions to insert input data into a traffic stream that can be used to read privileged data, modify content and execute administrative operations. WAF mitigates such attacks by dynamically monitoring client traffic flows for malicious injection patterns and preventing unauthorized execution.
Cross-Site Scripting
Cross-site scripting (XSS) attacks exploit web-based applications by sending scripts that are transparently activated by clients when read allowing for user identity theft, cookie poisoning and malicious redirection. KEMP’s Application Firewall Pack mitigates this attack by disallowing the malicious injection of untrusted data into values that are passed.
Data Loss Prevention (DLP)
The unauthorized transfer of sensitive information from a network may happen through malicious and legitimate means. By inspecting and denying egress traffic containing unauthorized data, WAF prevents the exfiltration of sensitive content out of application infrastructures in alignment with business policies.
Payment Card Industry Data Security Standards
(PCI-DSS)
Simplify compliance with PCI-DSS with Kemp Web Application Firewall
PCI-DSS
Organizations that process card payments are subject to a set of standards from the Payment Card Industry (PCI). Using a WAF as part of the application delivery infrastructure simplifies compliance with PCI standards.
PCI-DSS Section 1.2: Deny traffic from untrusted networks and hosts
The integrated security features of LoadMaster with WAF limit access to only explicitly allowed entities using only the protocols that are dictated as allowable
PCI-DSS Section 3.3: Mask account numbers when displayed
WAF can prevent the leakage of sensitive PII (Personally identifiable information) data by inspecting traffic for known patterns such as social security numbers.
PCI-DSS Section 3.5: Protect encryption keys against disclosure and misuse
With models that support FIPS 140-2 Level 2 compliance, LoadMaster provides protection for private keys and supports secure processes for key management.
PCI-DSS Section 4.1: Use strong cryptography and security protocols
LoadMaster with WAF provides a security overlay for applications that may have support for the latest SSL and TLS versions. LoadMaster can enforce the use of specific protocols and cipher suites.
PCI-DSS Section 6.6: Audit and correct application code vulnerabilities or institute an application firewall
If a WAF is not deployed, organizations must conduct expensive and time-consuming reviews of application code to identify vulnerabilities. Such code reviews are retrospective and do not provide the ongoing, constantly updated protection provided by WAF.