According to Trustwave’s State of Security report, 96 percent of web applications scanned by Trustwave in 2013 harboured one or more serious vulnerability. The widely deployed WAF engine ModSecurity, has been optimised and integrated with KEMP’s kernel-based ADC (Application Delivery Control) engine. It directly augments LoadMaster’s existing security features to create a layered defence for web apps and enables safe, compliant and productive use of web application resources.
KEMP worked closely with Trustwave’s engineering team, custodians of ModSecurity, to extend the core LoadMaster ADC technology to be both a flexible L7 application centric delivery engine and a dynamic WAF. KEMP’s integrated L7 WAF platform is based on an industry-leading rules engine that provides real-time coverage for all published application threats, including the OWASP Top Ten, as well as critical baseline protections. Importantly, it also allows customers to reuse their existing rules based on ModSecurity in a centralised KEMP ADC appliance.
“Enterprises that focus their WAF efforts on compliance or protecting public-facing web applications, such as e-commerce and web retail, cannot afford to overlook equally important custom applications that interoperate end-to-end,” said Peter Melerud, co-founder and EVP, Product Management, KEMP Technologies. “KEMP’s ADCs dynamically deliver application high availability that now, with natively integrated WAF from KEMP, also provides the most robust threat protection.”
With WAF-ADC integration announced today, KEMP enhances its existing security features available on LoadMaster platforms. This includes edge security gateway functionality to protect published workloads including reverse proxy, SSO, pre-authentication and SMTP domain filtering, dual-factor authentication, IPS, and SSL bridging for secured traffic flows. KEMP’s threat protection also includes attack categories such as IP reputation, botnet attack detection, web-based malware detection, webshell/backdoor detection, HTTP denial of service (DoS) attack detection, and anti-virus scanning of file attachments.