WebDefend, now in version 3.2, identifies and stops abuse of web application resources, offers higher performance, and delivers enhancements to ease enterprise-wide adoption.
WebDefend 3.2 includes automated detection of application resource abuse. Unlike a typical attack that exploits vulnerable code, these specialized attacks exploit flaws in business logic through excessive actions such as an unusually high rate of requests for proprietary information from a single user posing as a subscriber. Left undetected, such “scraping” attacks can result in data leakage and theft of intellectual property such as industry research, gaming odds, and resumes, ultimately undermining a corporation’s reputation and revenue model. Additionally, these attacks can be used to overload system resources causing web applications to fail and online business operations to cease.
In response to increased demand from global enterprises with high-volume web traffic, WebDefend 3.2 features enhanced performance and increased port density. The new version delivers up to a 50 percent increase in performance without compromising the full inspection of all SSL-encrypted and clear text web traffic. To prevent automated attacks, these ports can easily be configured in monitoring/blocking pairs. For attack detection and subsequent code remediation, a single WebDefend appliance can be configured to monitor up to four independent network segments.
Other features in WebDefend 3.2 include:
- Automated report generation: WebDefend administrators can easily schedule reports for automated delivery.
- Complete enterprise high availability: the WebDefend Enterprise Manager now includes high availability over wide area networks, complementing the robust failover capabilities already available with WebDefend sensors. The WebDefend Manager appliance supports large-scale sensor deployments with consolidated security and application defect events, role-based user administration and full command and control for remote sensors.
- Support for segmented web infrastructures: the latest version offers ease-of-deployment with six network interfaces including four user-configurable ports.
- Updated signature database: Breach Security Labs has updated the WebDefend application signature rules set to provide protection against the latest forms of attacks including variants of SQL injections and cross site scripting.
- WebDefend automatic upgrade: provides administrators with a quick and easy upgrade path to the software, signatures and policies.