Breach Security announced the release of the ModSecurity version 2.0 open source web application firewall on an appliance delivering the lowest cost commercial web application firewall available. The ModSecurity Pro M1000 appliance is easy to deploy and manage with rules sets for compliance with Payment Card Initiative v1.1, as well as protection for Microsoft Outlook Web Access.
The ModSecurity PCI rule set provides the following measures for compliance:
Ã‚Â·Ã‚Â Ã‚Â Build and maintain a secure network: The M1000 is a hardened appliance and is built with secure configurations of the OS and Apache web server.
Ã‚Â·Ã‚Â Ã‚Â Protect cardholder data: The PCI rule set identifies inbound credit card data and obfuscates this information in the audit log file. Furthermore, the PCI rule set will identify and block data if full credit card numbers are being sent to the client. The M1000 uses an SSL encryption module to provide network encryption and is configured to only use strong encryption/ciphers.
Ã‚Â·Ã‚Â Ã‚Â Maintain a vulnerability management program:Ã‚Â Has the capability to run antivirus applications to scan uploaded files. The M1000 will be continuously updated with new signature rule sets and addresses the OWASP Top 10 with the ModSecurity Core rule set.
Ã‚Â·Ã‚Â Ã‚Â Regularly monitor and test networks: the M1000 Audit Engine logs complete HTTP transactions. The Console can be used to search for transactions of interest and will include PCI template reports.
“We have listened to the community and taken the ModSecurity open source project to an entirely new level—with an appliance that delivers web application security immediately. It is ideal for small-to-medium businesses or large organizations needing just-in-time virtual patching,” said Ivan Ristic, chief evangelist, Breach Security. “The M1000 is easy to install and provides an affordable, essential layer of proven security, along with the PCI rule set that addresses important security vulnerabilities.”