Empowering Knowledge is our business ...
Web Security Product

Enterprise Content Management (ECM)

  • Email - Management
    • Easy Notes
  • Solutions for Microsoft
    • Easy for Office 2010
    • Easy for Dynamics Nav
    • Easy for xBase
    • Easy for xShare
  • Digital Mailroom
    • Easy Captures
  • Solutions for SAP
    • Easy for SAP
Web Application Firewall - WebDefend®

WebDefend is integrated with our award-winning Trustwave SIEM, which serves as the nerve center to our Unified Security approach by correlating and consolidating attack information from many sources beyond Web applications to deliver simplified security and faster response to threats.

Only WebDefend uses a patent-pending profiling system and multiple, collaborative detection engines to ensure the flow of mission-critical traffic while supplying complete protection for applications to keep your confidential information safe from targeted attacks.

Key Features
Provides the industry's best protection against application vulnerabilities and emerging threats, such as OWASP Top 10 Web application attacks, site scraping, malicious bots, GoogleTM hacking, zero-day and targeted attacks

  • Patent-pending, adaption application profiling system continuously builds a dynamic security model of each protected Web application to ensure only valid traffic is allowed
  • Ability to profile HTML, XML and SOAP and monitor both compressed and uncompressed Web traffic
  • Patent-pending ExitControl analysis engine inspects outgoing traffic for data loss, defacement and security information exposure
  • Application layer signatures provide actionable information on detected vulnerabilities
  • Geo-location blocking provides customization for blocking requests generated by specific countries
  • Highly scalable sensor covers flexible site definitions, flexible deployment modes and to support for up to 10G NIC cards
  • Facilitates compliance with PCI DSS requirement 6.6
  • Custom response page to communicate a response to potential hackers based on the type of attack initiated

Easy Implementation, Robust Performance
WebDefend is designed to scale from single application to global enterprise deployments:

  • Multi-tier architecture allows separate protection for and management of multiple data centers
  • Sensors can be made redundant for high availability
  • Deploy out-of-line or transparently, in-line without requiring any network reconfiguration
  • Multi-tenancy allows multiple customers or departments to be defined in a single appliance, ensuring data is not shared across users - ideal for complex organizations and managed security service providers (MSSPs)

WebDefend Global Event Manager is optionally available to centralize control of and reporting for multiple or remote data centers.

Immediate Integrity and Security Issue Detection
WebDefend performs continuous assessment of your protected applications to identify issues that impact the application's security, functionality and availability. Issues include programming mistakes, application errors or failures and insecure code.

Virtual Patching
Virtual patching enables you to apply user-defined rules to quickly address vulnerabilities. When vulnerabilities are identified through regular application scanning, virtual patches immediately protect while your software development team fixes the underlying bug. Virtual patching protects vulnerable applications from attack, without having to wait for the next release cycle. WebDefend integrates with the industry-leading Web application scanners.

Intuitive, Instructive Console
The management console lets you enjoy ease of use with a single point of configuration and monitoring. Immediately use the console, without prior training, to gain a complete understanding of Web application architectures and security.

The console helps you understand the context of events to quickly remediate issues. For every event or defect detected, a detailed description pinpoints the problem, provides insight into its meaning and explains its resolution. The console offers multiple event views and drill-down capabilities, allowing you to easily identify events, examine root cause, view entire transactions and see error messages presented to site visitors. Powerful reporting tools communicate security issues to application development and executive management, help meet compliance requirements and track the effectiveness of WebDefend policies.

Web Application Performance Monitoring
WebDefend provides real-time visibility into the performance of your Web applications. WebDefend Application Performance Management identifies problems and trends at the site, URL and session levels in the Web application environment - all with real-time views that provide performance metrics. Because WebDefend automatically profiles Web applications, you do not need to define application structures or paths.

Integration with Trustwave SIEM
WebDefend securely integrates with Trustwave Security Information and Event Management (SIEM) solutions. Integration with Trustwave SIEM enables WebDefend events to be correlated with events or results from other technologies, such as network access control or data loss prevention - whether delivered by Trustwave or a thirdparty - enabling simplified security and faster response to threats.

Key Benefits
Provides unparalleled protection against the loss of sensitive information.

Patent-pending profiling system and collaborative detection engines ensure the protected flow of your mission-critical traffic and offer the industry's only correlation of inbound and outbound events and help to maintain application integrity.

Lowest Total Cost of Ownership
Features automatic and continuous profiles of your Web applications that deliver maximum security with minimal management overhead.

Because it is easy to use, security events and vulnerabilities can be identified with an intuitive console that provides a single point of configuration and monitoring in either an on premise appliance or as a managed security service that provides 24x7 analysis from our Trustwave experts.

Minimize Risk with Application Security Life Cycle Solution
Trustwave 360 Application Security program ensures security is at the very foundation of software development and ongoing operations by providing a market-leading, wide range of services and technologies to protect critical applications and sensitive data, including: secure development training, application penetration testing, application code review and our Web application firewall solutions - delivering a holistic approach to secure applications.

Optional Modules

WebDefend Manager
WebDefend Manager consolidates security events and defects and provides centralized control for multiple local or remote sensors.

High Availability Option
High availability deployment provides local and data center redundancy for sensors and WebDefend Managers to ensure continuous Web application security.

Global Event Manager (GEM)
Enables real-time monitoring and analysis of events from the Akamai WAF Service and ModSecurity along with WebDefend events in the management console and enables distributed cloud data center, defense-indepth architectures to be operational.

Service Options

  • Standard Support includes e-mail and phone support during local business hours, plus all product maintenance updates.
  • Premium Support includes 24x7x365 email and phone support, a one-year hardware warranty, next-day replacement service and all product maintenance updates.
  • On-site installation, extended hardware coverage and professional services are also available.

Technical Specifications

  • Protected protocols: HTTP, HTTPS (SSL), XML, Web services, SOAP and AJAX
  • Alerting and monitoring options: email, syslog, SNMP custom alerts, event viewer, dashboard and integrated reporting
  • Blocking options: in-line deployment, TCP reset, Web server agent, user logout, firewall and other devices
  • Languages: supports the collection and analysis of Web application traffic in any language, including doublebyte character languages
  • Supports VLAN IDs
  • Supports remote LDAP-2 or LDAP-3-based authentication of console users