- What is AppShield?
- What are the key features in AppShield 4.5?
- What other key features does AppShield have?
- What is a web application firewall?
- Why is AppShield's enterprise manageability important to customers?
- Can I assign different administrator users to AppShield?
- What are application specific security settings?
- How does the Automatic Policy Generation work?
- What are AppShield's logging and reporting capabilities?
- What does the watchdog technology provide?
- Does AppShield come as an appliance-based solution?
- What are the different appliance models available?
|
|
What is AppShield? |
|
AppShield is ...
An Enterprise- Class Web Application Firewall
- Enforces Web and Business Logic of site
- Intelligent policy based technology - no signatures required
- 24/7 online forensics - know who and what is going on with your entire application system
Built on a Secure Proxy Architecture
- Provides added security - internal network details not exposed to users
- Simplifies manageability and configuration of the Web application layer
- Optimizes Administrative Workload
Enforcing a Positive Security Model
- Enforces intended behavior vs. watching for unintended behavior
- Advanced enterprise-class application security administration and management
- Saves Operating Cost $$$: maintains application behavior 24/7 without the overhead
of signatures or rules, or surprise maintenance!
- Ensures compliance to Corporate security policies and best practices
Back to Questions
|
|
What are the key new features in AppShield 4.5?
|
|
Greater Manageability for Less Cost: Administrative enhancements
AppShield 4.5 allows for the definition of different administrators with different administrative roles for an AppShield instance or farm. This allows for the separation of roles between system administration and application security administration as well as the definition of auditing / view only roles within an AppShield environment.
Wider Protection for Less Cost: Application specific security settings
AppShield 4.5 allows administrators to configure different security settings and modes of operation for different applications within the same AppShield instance or farm. AppShield 4.5 administrators are able to configure both the operation mode and security level of applications based on the URL (scheme, host, port and path) defined in the settings. Thus a single AppShield (or AppShield farm) can protect different web applications/servers with differing security levels and differing modes of operation. Further, access to these settings can be limited to different Administrators based on the target host.
Enhanced Security and Flexibility:
There were several new security settings added to AppShield 4.5 including:
- Support for standard CRL formats
- Enhanced SQL Injection protection
- Support for authenticated and encrypted communications between the console and the engine
- Enhanced support for encoding type rules
- Full support for chunked-encoding for large chunk types
Back to Questions
|
|
What other key features does AppShield have?
|
|
Rapid Deployment
- Security Dashboard: Three security templates with customized controls
- Simplified configuration for complex sites (Basic, Intermediate, Strict)
- Custom Option for fine tuning - itemized security options
- Easy configuration for all major network architecture 'out of the box'
- 1-1, many to many, many to 1, advanced
- Automatic Policy Generation from a 'Trusted Host'
- 'One Click' Policy Generation
Comprehensive Application Forensics
- 'Quick glance' of incidents categorized by security violation
- Simple searchable online logs for 24/7 detailed view of all site activity
- Privacy compliance supported through auto-hide feature
- Application level logging integrated into current event monitoring tools
Secure Proxy Architecture
- Provides additional security
- Internal network details not exposed to outside users
- Detects encrypted attacks as SSL proxy
- Simplifies manageability and configuration of the Web application layer
- Allows the application to be broken into manageable units maintaining:
- Integrity of the application
- Single-application look from the user's perspective
Back to Questions
|
|
What is a web application firewall?
|
|
AppShield is the only Web application firewall certified by ICSA labs.
According to that report, a Web application firewall is a solution that:
- Functions at the application level - ISO model layer 7
- Understands inbound and outbound requests
- Block invalid requests without terminating entire user session
- Designed to recognize & protect against application threats
- Signature & Non-signature attacks
- Dynamic and Accurate
- Understands application logic (Web perversion)
- Compatible with Web application technologies
- Designed with the real world environment in mind - code/content changes every day
- Works in Real Time
- Addresses threats before they reach the server
- Provide Application Level Forensics
- Single Point of Administration
- One solution to protect all application components
Back to Questions
|
|
Why is AppShield's enterprise manageability important to customers?
|
|
Enterprise manageability allows AppShield to integrate seamlessly into the customers existing and growing management infrastructure. Features such as SNMP (with support for enterprise system management tools like Tivoli, CA/Unicenter, Symantec SESA and HP OpenView), automatic monitoring; multiple management consoles and improved logging capabilities all work together to deliver continuous operations and high availability needed in enterprise-class eBusinesses.
Back to Questions
|
|
Can I assign different administrator users to AppShield?
|
|
Yes. AppShield 4.5 supports multiple administrators and role based management. You can assign different administrators with different user names and passwords. By configuring their roles you can
set different configuration privileges to different administrators.
Back to Questions
|
|
What are application specific security settings?
|
|
In many sites, a single AppShield (or AppShield farm) is configured to protect several web servers with different web applications. Each application may have different security requirements. AppShield 4.5 has the option to set different security settings to these different web applications. The administrator can configure each application with a different security mode and with different security templates.
Back to Questions
|
|
How does the Automatic Policy Generation work?
|
|
In AppShield it is not necessary for the administrator to understand how to write policy rules or to understand how the application is intended to function. All that is required is a work station with a web browser. AppShield enforces a behavioral learning methodology based on the use of a trusted user. In AppShield you simply specify the IP address that is to be used as a trusted source, and all requests from that system will be used to create any rules required by AppShield.
Sites using client side code such as Java, ActiveX, JavaScript and others can be quickly configured to work with AppShield without manually writing rules. This policy generation process is critical in ensuring the safe execution of client side code, and without this mechanism the security of the web site cannot be ensured.
Back to Questions
|
|
What are AppShield's logging and reporting capabilities?
|
|
The logging and reporting in AppShield include:
- AppShield logging system uses a database for storing and accessing the logged information. It allows much faster access, including searching and filtering, as well as ODBC access
- The logged data is streamlined and contains additional, easy to read information about each request, with emphasis on the illegal ones
- The operator can choose selective logging - e.g. log only the page requests and do not log the images. This allows the operator to focus on the most important transactions while utilizing the log space more efficiently
- The user can set the size of the log
Back to Questions
|
|
What does the watchdog technology provide?
|
|
The watchdog technology is an independent component in AppShield that performs continuous monitoring of AppShield and the web server. It checks system parameters such as memory consumption, as well as the responsiveness of AppShield and the web server. If it detects an irregularity it can respond in a number of ways from alerting the operator to rebooting AppShield.
Back to Questions
|
|
Does AppShield come as an appliance-based solution?
|
|
Yes. The AppShield appliance is a co-branded SunFire V100/V120 or SunFire 280R
pre-installed with a Sanctum-hardened version of Solaris 8TM, AppShield, and
an optional SSL card.
Back to Questions
|
|
What are the different appliance models available?
|
|
- AppShield 100 - (550MHz UltraSPARC IIi, w/1GB)
- AppShield 100s - (SunFire V120 : 650Mhz UltraSPARC IIi, w/1GB w/ SSL card)
- AppShield 280 - (2 x 900Mhz UltraSPARC III w/ 2GB RAM and GigE NIC)
- AppShield 280s - (same as above w/SSL card)
Back to Questions
|
|
|
|
AppShield, Policy Recognition, and Adaptive Reduction are trademarks of
Sanctum, Inc. All other product names referenced are the property
of their respective owners and are hereby acknowledged.
|