Real-Time Protection at the Web Application Layer
SmartWAF™ is a host-based integrated Web Application Firewall (WAF) that hardens and regulates access by detecting and blocking malicious code embedded in web application traffic. As a software plug-in on the Web Server, it is not designed to replace existing network perimeter security controls such as stateful/proxy firewalls, antivirus gateways or reverse proxies but to complement them by protecting against attacks that these technologies typically miss.
- Identifies, classifies and blocks malicious exploits embedded in the web traffic stream that specifically target web applications
- Integrates with both CodeSecure™ and HackAlert™, importing their findings to explicitly block web application exploits targeted at vulnerabilities identified by those processes
- Installs as a software plug-in directly on the web server (Apache, IIS) itself or on the security gateway (Microsoft ISA, IAG)
Installing SmartWAF™ as a web server plug-in offers the following advantages:
- Removes the single point of failure or bottleneck often experienced with a Network WAF
- Optimizes investment as security costs as scale linearly with web server infrastructure
- Allows creation of rule sets to suit specific web applications on the server avoiding a "one-size-fits-all" rule set minimizing number and complexity of firewall rules