This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
While Bee Ware's security policies provided adequate protection against our assortment of attacks, setting up polices proved to be difficult. The appliance utilizes blacklists, dynamic whitelists and behavioral analysis, but the logic required to institute rules and patterns is time-consuming and disorganized. Policy creation was spread across a series of tabs. We would have like to been able to create policies from a centralized location using drop-down menus and tables.
Imperva delivered an impressive set of predefined attack signatures. Custom signatures can be easily created through a simple menu system that includes a wide variety of metadata choices (Web, stream, SQL). The easy-to-navigate interface allowed us to peruse polices through a variety of filters listed in a hierarchical tree on the left side of the policies page.
Imperva sports a highly configurable real-time interface, in which we were able to monitor all our applications, alerts, events,
| connections and the overall health of our
systems at a glance under the Monitoring tab.
A separate and equally functional tab offers more than 100 types of reports from which to choose--from a list or using Imperva's robust filtering capabilities.
The Admin tab put everything neatly at our fingertips. With a mouse click we could access users, sessions and, most important, the Application Defense Center--a catch-all for updates and information on signatures, policies, protocols, reports, etc.
Breach also offers an assortment of useful reports, many which are obviously focused on PCI compliance reporting. Monitoring our shopping cart application, it took only minutes to compile detailed reports about how credit card information transmitted through specific Web pages.
The Event Viewer offers nine filtering options to drill down on an incredible amount of information, as well as the ability to create customized filters.
Citrix provided adequate monitoring, alerting and logging capabilities. Monitoring is accessed via a dashboard icon on the main interface, as are reports and logs. There are two basic types of logs: The firewall log provides information about security-related events, and the audit log records all activities you select when you configure the box.
This was first published in March 2008