Industry First: Breach Delivers Cloud to Data Center Web Application Defense-in-Depth Solution

Breach Security, Inc., the leader in web application integrity, security and compliance announced the release of the WebDefend Global Event Manager, a solution developed to work in conjunction with the new Web Application Firewall service offered by Akamai Technologies, Inc., the leader in powering video, dynamic transactions and enterprise applications online. When deployed with Akamai’s Web Application Firewall service, the WebDefend Global Event Manager is the first web application security management solution that defends against global application security threats by enabling customers to make distributed cloud and data center defense-in-depth architectures operational.

The WebDefend Global Event Manager is designed to work in concert with Akamai’s solutions across joint customers’ web environments in real-time to accurately detect and block attacks, prevent unauthorized data leakage, improve performance and identify and remediate web application coding errors. The launch of the Akamai Web Application Firewall service adds a compelling new layer of defense for web applications.

“Enabling content delivery cloud networks with an off-premises web application firewall is an interesting new deployment option for web security including PCI compliance,” said Greg Young, Research VP of Gartner.

The WebDefend Global Event Manager enables customers to consolidate logs and intelligence from the Akamai Web Application Firewall service with events and the deep application visibility provided by Breach’s WebDefend solutions, which are deployed in customer data centers.

The distributed cloud and data center defense-in-depth solution provides enterprises and leading web properties with the following break-through capabilities:

* Defense-in-Depth: Visualize and monitor the security, compliance, and health of their entire web application environment, from the cloud to the customer data center
* Optimize Application Performance: Continuously optimize the balance between web application performance and security by implementing distributed detection and blocking of malicious traffic with maximum efficacy, minimizing attack-related consumption of communication and processing resources across the entire web application environment
* Automation: Automatically generate combined cloud and data center web application reporting for trending, audit and compliance purposes
* Detailed Event Reporting: Deliver integrated web application security events to security operations centers, security event and incident management solutions, governance, risk and compliance solutions, and managed security service providers

“Akamai’s innovative relationship with Breach, a known leader and innovator in the web application firewall market, is structured to enable our joint customers go beyond ‘defense-in-depth’ for complex web applications,” said John Summers, senior product line director for Akamai. “When customers use Breach’s WebDefend together with Akamai’s cloud based solutions, they will be able to apply a defense-in-depth approach at the application layer, while experiencing the performance benefits of the Akamai Platform and the operational visibility that helps WebDefend stand apart in the Web application firewall market today.”

“Akamai, a true technology pioneer with a uniquely capable service delivery platform, understands the urgent need for all organizations to protect their web applications,” said Sanjay Mehta, senior vice president for Breach Security. “Breach is delighted to support Akamai’s use of the ModSecurity Core Rule Set in the Akamai Web Application Firewall service. We believe that enabling customers to block threats at the Akamai Edge, can lead to improved performance and efficiency for their web-based applications. Breach is completing the picture by presenting Akamai’s real time intelligence from the cloud with the WebDefend Global Event Manager in a way that is designed to enable our joint customers to accelerate and streamline the identification, prioritization and remediation of web application attacks from the Akamai Edge to the customer’s data center.”

To Purchase Breach Products visit http://BreachWorks.com/

Breach Security Facilitates Community Testing of ModSecurity Core Rule

Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced it is advancing its ModSecurity product by facilitating unprecedented community collaboration and independent testing of the OWASP ModSecurity Core Rule Set (CRS) Project data by users.

ModSecurity is a web application firewall engine that requires rules to operate most effectively. The CRS is based on generic rules that provide protection from zero-day and unknown vulnerabilities often found in web applications, which are typically custom-coded and difficult to secure. The open source ModSecurity CRS is provided free to the public and has recently become an official OWASP Project with Breach Security Labs as the sponsor. As with any signature-based security application, constant testing and updates are essential. To help facilitate easier community testing of the CRS, Breach Security has released a demonstration testing page at http://www.modsecurity.org/demo/modsecurity-demo.html.

This page will allow users to send attack data through a live ModSecurity/CRS installation in order to identify any evasion issues. If a user identifies an issue, they can notify Breach Security personnel by either submitting a bug report ticket or by sending an email to the OWASP ModSecurity CRS mail-list.

“Breach Security is in a unique position in the web application firewall industry,” said Ryan Barnett, director of application security research for Breach Security, ModSecurity community manager and OWASP ModSecurity Core Rule Set project leader. “Having an open source product such as ModSecurity in our portfolio allows us to expose our security rules to the public for quality assurance and testing purposes in ways that other security vendors cannot. We want to leverage the global pool of outstanding web application security experts to help test ModSecurity to make it a better tool for the community at large.”

Benefits of providing the demonstration testing page include:

* The Core Rule Set will be tested by pen-testing specialists who are experts in breaking into web applications and evading security filtering devices.
* Breach Security is lowering the barrier for testing by not requiring community testers to install the software themselves.
* Breach Security is expediting the identification and reporting steps, which shorten the fix cycle.
* Signature improvements will be leveraged back into the entire Breach Security product line.

To Purchase Breach Products visit http://BreachWorks.com/

Reed Enlists Brookcourt Solutions, Breach Security

Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced that Brookcourt Solutions has deployed its WebDefend web application security appliance at reed.co.uk, the United Kingdom’s premier career source. reed.co.uk selected WebDefend to continue enhancing the online experience for the site’s users, as well as protecting the company’s distinguished brand. reed.co.uk has become a proven mechanism for attracting quality jobseekers to the U.K.’s largest selection of jobs, serving the recruitment needs of both recruitment agencies and direct employers.

As companies begin to supplement their traditional recruitment with the compelling usability of the web, online job seeking has soared, creating massive demand for reed.co.uk. “As competition for every available job has increased, jobseekers have increasingly embraced the Internet as the first and easiest place to look for their next job.” said Mark Ridley, director of technology for reed.co.uk. For reed.co.uk, business is booming; with unprecedented levels of site activity, a robust web application security solution to monitor, protect and report on activity surrounding reed.co.uk’s extensive web site and online applications is a necessity.

Brookcourt Solutions, the award-winning technology integrator, recommended Breach Security’s WebDefend solution to help ensure reed.co.uk users maintain a positive and satisfying experience on the web site. WebDefend’s detailed real-time reporting provides the information necessary to identify and quickly remediate application defects and security threats, helping ensure that reed.co.uk remains a well-known, trusted brand.

“As one of the U.K.’s best known web sites, we have to honour the trust our users place in us. We always take every step to ensure we are delivering the highest levels of service to the jobseekers, employers and agencies that benefit from reed.co.uk. Key to this is our zero-defect policy, which ensures we are focused on the quality of our code and infrastructure,” said Ridley. “Breach Security’s WebDefend serves as an early warning system for discovering issues, so that we can quickly identify, understand and resolve anomalies which could potentially impact our users.”

reed.co.uk is using WebDefend to block attacks and protect its site and web applications. WebDefend is deployed out of line in reed.co.uk’s environment, allowing analysis of all inbound and outbound data and the ability to block attacks with no impact on the company’s web site performance. WebDefend’s unique position ensures that reed.co.uk’s users experience no latency, helping to enhance the online customer experience.

“Brookcourt Solutions has been critical to Breach Security’s success and expansion in the U.K. with companies like reed.co.uk. As a well-respected technology integrator, clients know that Brookcourt makes recommendations with their security needs in mind,” said Sanjay Mehta, senior vice president for Breach Security. “We are thrilled to add reed.co.uk to the growing list of U.K. companies adopting WebDefend to protect against online threats and become PCI compliant.”

To Purchase Breach Products visit http://BreachWorks.com/

Breach Security Obtains $5 Million in Expansion Financing

Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced it has secured $5 million expansion financing from existing investor Sid R. Bass Associates. Funds will be invested in Breach’s product development and to further market expansion efforts.

“Breach Security has established market leadership in the web application security market and has amassed an impressive list of blue chip customers,” said Perse Faily, general partner at Sid R. Bass Associates. “Breach is well positioned to capitalize on the global demand for securing critical web applications and our additional investment provides the capital to drive accelerated growth.”

“An ever increasing number of successful web application exploits and stringent industry regulations are driving the rapid adoption of Breach products,” said Sanjay Mehta, senior vice president for Breach Security. “Sid R. Bass Associates’ further investment in the company provides the capital required to extend our technology innovation and market leadership.”

To Purchase Breach Products visit http://BreachWorks.com/

Breach Security Unveils WebDefend 4.0 Featuring Real-Time Application Monitoring

Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced the release of WebDefend™ 4.0. With this release, WebDefend is the only solution on the market to offer comprehensive web application security coupled with real-time web application performance monitoring to provide IT teams with a complete picture of web application health. This unique feature set provides unmatched security against malicious users and other threats against web applications, while also ensuring positive end-user experiences and successful transactions for legitimate web-based customers. WebDefend 4.0 also includes breakthrough enhancements in application security monitoring, analysis and control, and a new dashboard that offers a real-time security overview of protected applications along with the status of all systems in a WebDefend deployment.

Breach Security’s new web application performance monitoring provides users with real-time visibility into the performance of their web applications. With the new WebDefend 4.0, IT operators can track aggregate end-user experience and report service levels by providing real-time visibility into:

* Site and URL level availability
* URL and session-level transaction speeds
* URL and session-level error rates

WebDefend monitors every transaction in a web application environment and quickly detects key problem areas—such as the top 10 URLs with poor availability, slow speeds and high error rates. Application errors can be identified and logged in detail, including full HTTP or HTTPs requests and any associated errors in web server responses. WebDefend also allows IT operators to track HTTP and HTTPs bandwidth utilized by specific web sites, enabling capacity planning and internal charge backs associated with specific web applications.

Additionally, the new WebDefend enables service provider environments and third party technologies to offer detailed application-layer monitoring and analysis by delivering the web application firewall industry’s most information rich security events through flexible integration. “BT’s Managed Security Solutions Group has integrated WebDefend’s detailed web attack information and analytics to create a web application firewall monitoring service with unparalleled real-time application security insight and analysis,” said Toby Weir-Jones, vice president of product development, BT Managed Security Solutions Group. BT is one of the world’s leading providers of communications solutions and services, operating in 170 countries.

Other features in WebDefend 4.0 include:

* Enhanced Learning Engine—The Adaption engine in the new WebDefend provides more granular policy control and detailed analysis of anomalous traffic, automatically relearns HTTP constraints along with the existing information it profiles, and relearns about individual web application parameters. The new enhancements help organizations identify zero-day and targeted attacks, eliminate false positives resulting from application changes, and block with confidence.
* System-level Dashboard—From one screen, users have real-time visibility into security incidents, WebDefend events, and system information, such as concurrent HTTP and HTTPS connections being monitored by their WebDefend deployment.

“Our customers are concerned with securing their web environments and delivering an optimum end-user experience that is not marred by broken links, session time-outs and other issues that prevent the successful completion of web transactions,” said Brett Wilson, VP product management and global business development for Breach Security. “WebDefend 4.0 is the only solution available that automatically relearns applications as they change in production with no manual intervention, ensuring continuous protection, reducing false positives and providing unmatched insight into the protected web application environment. With this new release, IT teams can more quickly identify and repair web application problems, allowing enterprises to reduce costs and increase the return on investment in their web application environments.”

To Purchase Breach Products visit http://BreachWorks.com/

Nineteen Percent of Online Attacks in 2009 Targeted Social Networking Sites

New Web Hacking Report Shows Steep Rise in Web 2.0 Exploits Including Twitter Posts and Other User-generated Content. Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced a steep rise in attacks against social networking sites, according to the Web Hacking Incidents Database (WHID) 2009 Bi-Annual Report. Accounting for 19 percent of hacking incidents, social networking sites were the most targeted vertical market in the first half of 2009, with hackers exploiting Web 2.0 features such as user-generated content including Twitter posts to launch their attacks.

The WHID project compiles and analyzes application-related security incidents, focusing exclusively on publicly reported web application security attacks that have an identified outcome. The WHID 2009 Bi-Annual report analyzed global security incidents that occurred from January 1 through July 31, 2009, a 30 percent increase in overall web attacks compared to 1H 2008.

Key findings from the WHID 2009 Bi-Annual Report include:

* Drivers for Web Hacking—Defacement, which combines both planting of malware and standard overt changes, remains the most common outcome of web attacks (28%), while leakage of sensitive information is a close second (26%, up from 19% in 2008). Disinformation is a distant third (19%), mostly due to the hacking of celebrity online identities.

* Most Prevalent Attack Vectors—SQL Injection remains the number one attack vector, accounting for nearly one-fifth of all security breaches (19%). Attack vectors exploiting Web 2.0 features such as user-contributed content were also commonly employed: authentication abuse was the second most active attack vector (11%), and Cross Site Request Forgery (CSRF) rose to number five with 5% of the reported attacks.

* Vertical Markets Under Attack—Social networking sites emerged as the most targeted vertical market with 19% of the incidents, a dramatic increase from prior years when this sector was not represented, and displacing government/law enforcement from the number one spot in 2008.

“The dramatic rise in attacks against social networking sites this year can primarily be attributed to attacks on popular new technologies like Twitter, where cross-site scripting and CSRF worms were unleashed,” said Ryan Barnett, director of application security research for Breach Security. “Looking back at 2008, a notable election year, government-related organizations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a record of web application-related security incidents. The WHID’s purpose is to serve as a tool for raising awareness of web application security problems and to provide information for statistical analysis of web application security incidents. Unlike other resources covering web site security – which focus on the technical aspect of the incident – the WHID focuses on the impact of the attack. Breach Security Labs is a WHID project contributor.

To Purchase Breach Products visit http://BreachWorks.com/

Global Secure Systems Partners With Breach Security

Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced that Global Secure Systems (GSS) has joined the company’s worldwide partner network. GSS secures corporate data by delivering full consultancy services, ranging from Data Protection Act issues to ISO 27001 and PCI compliance to penetration and application testing.

As a new Breach Security partner, GSS is adding Breach’s WebDefend web application security appliance to its suite of data security offerings including firewalls, VPNs, encryption, patch management and wireless network security. The UK-based reseller has a strong foothold in the region, delivering data security solutions to more than 2,500 clients.

“GSS is a highly dedicated reseller focused on ensuring that organizations are protecting their key asset – their data,” said David Hobson, managing director for Global Secure Systems. “As IT security challenges evolve and companies face new compliance issues, it is important that our clients are protecting their application layer against the latest threats and meeting regulations such as PCI compliance. We’ve identified WebDefend as the best way to ensure our clients are protected.”

Application security is one of the world’s fastest-growing technology markets. Breach Security channel partners, such as GSS, provide increased value to their clients by adding application layer security to their existing security offerings.

“As a prominent UK reseller committed to delivering information assurance to its widespread client base, GSS was a natural fit for Breach’s partner program,” said Sanjay Mehta, senior vice president of sales and marketing for Breach Security. “GSS offers its clients a world-class suite of security products and we’re proud to have joined the ranks.”

To Purchase Breach Products visit http://BreachWorks.com/