Protecting Customer Websites and Web Applications Web Application Security
The Application Security Market Challenge Data theft Data leakage Compliance
The Damage E-payment site breach compromises 5 million customers Around five million customers of CheckFree Corp. and some banks that use its electronic bill payment service may be affected by a hack that gave criminals control of several of the company's Internet domains. 1/8/2009 Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. 1/22/2009 Hackers breach Heartland Payment credit card system FAA says info on 45,000 workers stolen in data breach The compromise resulted from an intrusion into the system that was storing the data, the FAA said in a brief statement. 2/10/2009
What Enables Strong Application Security? Provide active protection Stop multi-vector attacks Inspect all requests – even encrypted ones Read the entire request - headers and content View the request as the application will Counter emerging threats
Web Application Firewall (WAF) Examines user interaction with the application Performs deep inspection of HTTP traffic content Blocks harmful requests Complements network security measures, e.g., firewall, IDS/IPS
Why Security Rules? Security rules define patterns that indicate hacking Generic rules based on hacking techniques, not specific applications Main benefits Low false-positive rate Strong security with low maintenance
Software plug-in for IIS and Apache dotDefender Positioning
dotDefender Security Engines
Typical Implementation
Technology Overview Software plug-in Multiple security engines Rule-based Low maintenance High efficiency, low impact Central Management Open API
dotDefender delivers: Award-winning Web application security Solution for a wide customer base - enterprise, SME, SMB, service providers Support for IIS and Apache Locks down virtual and cloud environments Affordable security and compliance Variety of licensing/pricing models Best TCO in the industry
Business Drivers eBusiness Transactions Sensitive data Active content Compliance – e.g., PCI Already under attack!
Target Markets Enterprise SME SMB Service Providers
Opportunities Reselling Services Consulting Implementation Integration Additional touch points
Sample Customer List
Applicure Technologies Jan 2004 Incorporated Apr 2007 IPO TASE: APCR Offices US Offices: NY & Atlanta Israel R&D office Worldwide network of business partners
dotDefender and You Provide better security to your clients Add premium security service to your portfolio Gain additional customer touch point Enhance your reputation Good for your customers’ security… and your bottom line! Good for your customers’ security… and your bottom line!