NetContinuum Adds Web Anti-Crawl Protection to Application Security Gateway

Santa Clara, CA – December 14, 2004 – NetContinuum, the worldwide leader in application firewalls, today announced another industry first with the addition of Anti-Crawl Protection to its popular Application Security Gateway product line. The new feature addresses customer demand for a solution to stop the growing threat of maliciously programmed web crawlers. When enabled, the new feature automatically prevents hackers from automated data harvesting, vulnerability scanning, content theft and full site downloads – without hindering the performance of legitimate site crawlers or negatively impacting search engine optimization efforts.

“A web crawler’s ability to systematically and automatically examine web sites make them a “hacker’s best friend.’ Many of our customers, especially those that rely on consumer traffic, are concerned about crawlers that can automatically steal and repurpose data content from their web sites,” commented Kurt Roemer, Chief Security Officer for NetContinuum. “Unfortunately industry standards such as the Robots Exclusion Protocol have no real security built in, and while there are some solutions that can deny all web crawlers, this is often undesirable from a business point of view. Until now there has not been a product on the market that enables web sites to be crawled by the desirable web crawlers and simultaneously protected from malicious ones.”

Also known as web spiders, robots or bots, web crawlers are commonly used by web search engines such as Googleâ„? and Yahoo!. Most organizations encourage the use of web crawlers to increase their “hit” percentages on search engines and drive increased traffic to their site. With hundreds of open source web crawlers freely available on the Internet, they have become an ideal hacker tool to perform automated reconnaissance assignments against external-facing web sites and web applications, automatically and methodically discovering possible avenues of attack, such as cross-site scripting or SQL injection vulnerabilities. The information gathered can then be used to exploit any weaknesses found. Web crawler information can also be used by hackers to help reverse engineer a web application and quickly identify all potential entry points. For more examples on how web crawlers work and can be misused, visit
https://www.netcontinuum.com/products/whitePapers/
getPDF.cfm?n=NC_TechBrief_AntiCrawl.pdf

To protect organizations from exposure to malicious web crawlers, NetContinuum’s new Anti-Crawl Protection technology utilizes proprietary security algorithms to identify and log malicious web crawlers as they initially visit a web site. Using the security algorithm, the web crawler is identified and compared against a list of authorized web crawlers. If the identified web crawler is not successfully authenticated, it is automatically denied access to the web site. In addition to denying access to unauthorized web crawlers, the NC-1000 also maintains detailed logging information of web crawler activities and provides web site administrators with the necessary application forensics to fine tune their application firewall policies.

Pricing and Availability

The new Anti-Crawl Protection capability is shipping today on all NC-1000 models and is available to existing NetContinuum customers as a free software upgrade.

NC-1000: Enterprise-Class Web Services & Web Application Firewall

The NetContinuum NC-1000 Application Security Gateway is a powerful application firewall that delivers the highest level of protection available for mission-critical web applications. Unlike reactive signature-based products, NetContinuum utilizes a powerful, methods-based approach to proactively defend against both known and unknown attack methods. The NetContinuum NC-1000 is the only application firewall on the market designed from the ground up with strict data center requirements in mind. Unlike generic PC and software-based alternatives, the NC-1000 is based on a purpose-built platform that begins with the world’s most powerful security ASIC and extends this design philosophy through the entire system architecture. The result is an application security system that is dramatically more robust, more reliable and more secure than any other product in the industry today.

About NetContinuum, Inc.

NetContinuum is the leading provider of ASIC-based application firewalls that deliver the highest level of application protection available. The NetContinuum Application Security Gateway product line reduces the risk of data theft, financial fraud and loss of customer confidence due to web application attacks. It is the only product on the market to pass rigorous independent certification from ICSA Labs against both network and application-layer security threats, including data theft, cross-site scripting, SQL injection, command execution, information disclosure and authentication bypass. NetContinuum boasts an impressive customer base comprised of Fortune 1000 enterprises, government agencies and service providers. For more information, please visit www.netcontinuum.com or call 408-961-5600.

NetContinuum is a registered trademark of NetContinuum, Inc. All other trademarks, service marks and company names are the property of their respective owners.