Application Firewall
How can you protect your online applications and data against sophisticated application-level attacks like SQL Injection and Cross-site Scripting?
Sapphire provides a market-leading, award-winning Web Application Firewall (WAF) that provides the industry's only automated protection for critical applications, including online banking and brokerage, ecommerce, online billing and customer information portals.
Web Application Firewalls (WAFs) are designed to protect web-enabled applications from outside attack. While traditional firewalls address network access control, web application firewalls address the application layer by enforcing requests within application sessions. This type of protection protects web applications against attacks such as SQL injection, cookie poisoning, parameter tampering, directory traversal, and many more.
A WAF is a purpose-built platform which shares some similar functionality with network-based firewalls. Working from predefined criteria an application firewall sits on the network and dynamically profiles the URL structures and parameters of the web applications that it is monitoring. Once the web application is learned, an acceptable usage policy is created and enforced in real-time. The policy defines all allowed/known behaviours and immediately tracks and/or blocks all suspicious/undefined behaviours that do not conform to the usage policy.
Capabilities
- Automated modelling of application structure and usage.
- Transparent deployment that requires no network or application changes.
- Immediate defences provide continual protection with no re-coding.
- Centralised management and administration
While all WAFs are specifically designed to protect web applications, some can offer some of the same functionality as perimeter firewalls, IDS/IPS and database assessment and auditing tools.
Sapphire works alongside security vendor Imperva to provide a range of web and application firewalls.
