Product spotlight: Qualys Web Application Firewall 2.0

In this podcast recorded at RSA Conference 2015, Wolfgang Kandek, CTO at Qualys, talks about the recently announced Qualys Web Application Firewall (WAF) version 2.0, that comes fully integrated with the Qualys Web Application Scanning solution (WAS).

The new release includes virtual patching capabilities to enable organizations to fine-tune security policies, remove false positives and customize rules leveraging vulnerability data from the Qualys WAS.

Qualys WAF also includes customizable event response, helping customers evaluate and create exceptions to web events to better prioritize and mitigate vulnerabilities, making it one of the first end-to-end web application security services to combine WAF security rules and policies with WAS data to address web application security threats.

With the latest version of Qualys WAF, users can now create “virtual patch” rules in direct response to their Qualys WAS findings, to enable rapid false positive resolution, as well as customization of security rules tailored for the organization’s environment. This helps customers better tune security policies, quickly remove false positives, and easily customize WAF security rules for web applications.

Its automated, adaptive approach provides organizations with the following:

  • Easy, set-up. Qualys WAF is deployed as a virtual image alongside web applications. It can be set up and configured in minutes, requiring no equipment or admin resources or dedicated security staff to get set up and running.
  • Real-time application defense and hardening. Qualys WAF blocks attacks against websites in real time. The service provides a shield around coding defects, application framework flaws, web server bugs, and improper configurations.
  • Seamless, automatic updates, increasing security over time. Running on the Qualys Cloud Platform, the WAF service is updated automatically with new defenses from the Qualys research team, and the defense is activated intelligently according to specified policies — all without disrupting the websites or site visitors.
  • Centralized Cloud Management. Delivered via the Qualys Cloud Platform, WAF can be centrally managed from anywhere in the world via the Qualys console. It provides a clear dashboard showing timelines and geo-location graphs of events. The cloud platform also provides maximum efficiency by security events from all customers, with immediate rules deployment to all WAFs connected to it.