Qualys takes step towards complete automation of web app security
Qualys announced Qualys Web Application Firewall (WAF) version 2.0 that comes fully integrated with the Qualys Web Application Scanning solution (WAS).
Presented at RSA Conference 2015, the new release includes virtual patching capabilities to enable organizations to fine-tune security policies, remove false positives and customize rules leveraging vulnerability data from the Qualys WAS. Qualys WAF also includes customizable event response, helping customers evaluate and create exceptions to web events to better prioritize and mitigate vulnerabilities, making it one of the first end-to-end web application security services to combine WAF security rules and policies with WAS data to address web application security threats.
As hackers continue to find new ways to penetrate web applications, WAFs can detect, alert and block known attacks. With the latest version of Qualys WAF, users can now create “virtual patch” rules in direct response to their Qualys WAS findings, to enable rapid false positive resolution, as well as customization of security rules tailored for the organization’s environment. This helps customers better tune security policies, quickly remove false positives, and easily customize WAF security rules for web applications.
Qualys Web Application Firewall brings scalability and simplicity to web app security. Its automated, adaptive approach provides organizations with the following:
Tight integration with Qualys Web Application Scanning
Qualys WAS provides customers the ability to continuously discover, catalog and scan thousands of web applications on a global scale with a high degree of accuracy. It crawls and tests web applications for OWASP top 10 risks, SQL injection, Cross-Site Scripting, and web site misconfigurations. When it identifies a threat or a risk, it can automatically deploy the relevant virtual patch to the Qualys WAF to mitigate associated risks.
Additionally, Qualys WAF monitors all web pages visited by users and automatically shares this information back to the web application scanner, ensuring these pages are not missed during the next scan. Such an approach helps block attacks on web app vulnerabilities, prevent disclosure of sensitive information and control where and when applications are accessed.
Qualys Web Application Firewall is now available and sold as an annual subscription starting at $1,995 for small businesses and $9,995 for larger enterprises based on the number of web applications and virtual appliances.
“Many organizations are struggling to find a balance between identifying and effectively addressing vulnerabilities fast enough to avoid falling victim to large-scale breaches,” said Philippe Courtot, chairman and CEO of Qualys. “By integrating security rules and policies from our WAF solution with Qualys WAS data, we are providing significant value to our customers with the flexibility and automation needed to tackle web application security threats. It’s a giant step towards complete automation of web application security.”