Web App Protector | More Than Just a Web Application Firewall As cyber-attacks and mitigation techniques continue to evolve, enterprises need to be on alert and keep time to protection as short as possible. Enterprises are migrating business-critical functions to web applications in an effort to increase productivity, improve business agility and reduce costs. While the migration to web applications provides economic advantages and enables increased business agility, it also creates new security risks and compliance requirements that need to be addressed. The complexity of attacks and the speed in which new mitigation tools and techniques are being bypassed require a more robust and comprehensive solution that provides faster protection and reduced maintenance costs. By targeting the application layer, attackers exhaust server and application resources using stealth attack techniques that go undetected by traditional security tools. It is no longer just about http floods and downtime. Advanced methods and the use of multiple vectors during attacks present new challenges in securing an organization. ADVANCED WEB APPLICATION SECURITY Web App Protector, Check Point's Web Application Firewall (WAF), ensures fast, reliable and secure delivery of mission-critical Web applications. Web App Protector is an ICSA Labs certified and PCI compliant WAF that provides complete protection against web application attacks, web application attacks behind CDNs, advanced HTTP attacks (slowloris, dynamic floods), brute force attacks on login pages and more. Web App Protector is the only web application firewall that provides complete web application security. It blocks attacks at the perimeter and ensures fast, reliable and secure delivery of mission-critical web applications. It is the best performing application security solution for web security, mitigation and compliance. Comprehensive and Accurate Security Coverage Web App Protector delivers comprehensive and accurate security coverage of known and unknown web application threats. It provides full security coverage out-of-thebox of OWASP Top 10 threats, including injections, cross-site scripting (XSS), cross site request forgery (CSRF), broken authentication, leakage of sensitive information and session management. It offers security coverage for additional attacks and threats beyond the OWASP Top-10 list such as Web Application Security Consortium (WASC) threats. Web App Protector terminates TCP connections and normalizes client encoded traffic to block various evasion techniques and guarantees that out of the box negative security is much more efficient, accurate and difficult to evade. Automated Protection from Zero-Day Web Attacks The best security coverage with minimal impact on legitimate traffic is made possible by Check Point's combination of negative (defining what is forbidden and accepting the rest) and positive security models (defining what is allowed and rejecting the rest). Combining the two models allow granular and accurate policy definitions, therefore avoiding false positives and false negatives. By using both negative and positive security models - Web App Protector features not only the lowest false positives and minimal operational effort, but also robust protection against known and unknown (Zero-day) threats. |