|
Bee Ware more than held its own under testing against common attacks and exploits such as SQL injection, buffer overflows, XSS and Microsoft and Unix vulnerabilities. Additionally, the behavioral analysis-based security engine offered enough automation of policy creation to make it attractive to smaller IT shops. Bee Ware's learning capabilities quickly identified new sites and pages added within our applications. However, until a new URL has been learned or manually added, it was rejected, leading initially to legitimate sites being blocked.
Breach uses dynamic application profiling combined with inbound and outbound traffic analysis to mitigate threats. Breach also identified imperfections in Web pages, such as miscoded URLs, images and objects that can create vulnerabilities, such as returning error pages displaying identifying information about the Web server or application.
We started our testing in learning mode with the option to automatically switch to protect mode once enough traffic has been analyzed. We were pleased to see a change without any false positives once the device initiated an active posture.
There's no doubt that Breach is an excellent solution for PCI compliance. Focusing on security aspects specific to credit card transactions, from masking account numbers to robust SSL protection, we were pleased with the overall performance of the appliance. When we tagged our test data simulating credit card information with BreachMarks, our exploitable shopping cart application lit up our alerts. At first, we allowed the private information to traverse the firewall to verify Breach's claims that it provides detailed records about any compromised information. This lets companies verify exactly what records have been illegally accessed.
Meeting The New Threats
All of the appliances we reviewed provide effective application layer protection; all scored well against the diverse attacks we threw at them. But we found significant enough differences depending on your organization's requirements. Imperva presented the strongest all-around offering, followed closely by Breach Security. Both were strong across the board. F5 and Barracuda Networks are strong choices, faltering only in their monitoring, alerting and reporting categories.
The scope of our testing was limited to a single appliance placed in front of a couple of Web servers. However, when working with these products it becomes apparent that they were designed to protect clusters of servers, if not entire server farms hosting Web-facing applications. Though network management features weren't part of our evaluation criteria, these may be important factors in your choice of an application firewall appliance.
Application firewalls represent next-generation digital security. As these technologies mature, and working in conjunction with traditional network firewalls, IDS/IPS and malware scanners, it is hoped they will reduce the threats faced by an increasingly Web application-driven society.
|
