- Protection for various businesses
PT AF pre-trained modules are compatible with ERP systems (SAP system, first of all), e-banking, telecoms, e-government and mass media service portals. They ensure protection for critical infrastructures whilst considering various industry practices.
- Detecting robots and frauds
Behavior analysis ensures preventing automated attacks (scanning, brute force, DDoS attacks, fraud, data leakage) and revealing suspicious activities of users.
Working in tandem with the code analyzer, PT Application Inspector, helps to detect attacks aimed at a particular application's vulnerabilities and block them before source code is corrected.
If used together, PT AF and PT AI allow you to automate the process of detecting and fixing vulnerabilities at the early stages of development and enforce the secure software development life cycle. Avoid the losses—eliminate vulnerabilities before they get into production.
Almost every modern enterprise runs on hundreds of web, mobile, or ERP applications. But as your number of applications grows, so does the number of security vulnerabilities within them that could be exploited to damage your business. The Verizon 2014 Data Breach Investigation Report (DBIR) shows that 35% of security breaches involved attacks against web applications, up by 14% since 2012. Web app attacks were the most common cause of data breaches, followed by cyber-espionage, POS intrusion, and insider misuse.
POS intrusion, and insider misuse. Why do these attacks succeed so often? Most application security threats are created by developers’ mistakes that cannot be addressed with traditional security scanners, IDS, or firewalls:
- Attackers often exploit zero-day vulnerabilities, making signature analysis obsolete and confirming the need for adaptive solutions, self-learning, and behavioral analysis techniques.
- Modern corporate applications use different languages, protocols, and technologies, as well as customized solutions and third-party code. Protecting such applications requires careful analysis of the application structure, user interaction patterns, and usage context.
- Modern firewalls deal with thousands of suspicious incidents. Manually sorting through all of them to identify the real threats is impossible. There is an urgent need for automatic sorting, ranking, and smart visualization of security events.
- Even well-known vulnerabilities cannot be fixed immediately. Patching of ERP or e-banking systems can take months. An application security system should have a mechanism to mitigate breaches even while developers are working on a more permanent fix.
- Secure SDL may dramatically reduce the cost of errors at the early stages of coding, but it’s hard to find effective automated solutions for code analysis.
Why PT Application Firewall?
PT Application Firewall, a smart protection system developed by Positive Technologies, is a serious response to the security challenges created by today’s range of web portals, ERP, and mobile applications. PT AF can block 30% more network attacks than other firewalls thanks to several innovative security technologies:
- Fast adaptation to your systems: Instead of applying the traditional signature method, PT AF analyzes network traffic, logs, and user actions, constantly creating and maintaining a real-time statistical model of normal operation. It then uses this model to detect abnormal behavior. Together with other protection mechanisms, statistical modeling ensures 80% of zero-day attacks are blocked without any special client-side adjustments.
- Focus on major threats: PT AF weeds out irrelevant attack attempts, groups similar incidents, and detects attack chains—from spying to data theft or setup of a backdoor. Instead of thousands of potential attacks, security specialists sort through only a few dozen truly important messages.
- Instant blocking: PT AF’s virtual patching makes it possible to protect an application even before its code is fixed. Together with PT Application Inspector’s exploit generation mechanism, virtual patching provides continuous and automated detection, verification, and blocking of vulnerabilities.
- Protection against security bypass attempts: PT AF handles data with regard to a protected server technology stack, and also analyzes XML, JSON, and other protocols typically used in modern portals and mobile applications. The majority of firewall bypass methods, including HPC, HPP, and Verb Tampering, are effortlessly blocked.
- Behavioral analysis against robots: Mechanisms against automated malware include protection from brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage
- SSDL support: PT Application Inspector (PT AI) and PT AF provide developers with information about incorrect code in convenient formats, including exploits. As a result, secure development and testing become much more affordable.
With more than 14 years of security research and a huge knowledge base of vulnerabilities, the experts at Positive Technologies have extensive experience in protecting enterprises of all sizes across a wide range of industries. Each industry has its own unique requirements and every deployment of PT Application Firewall is configured for the specific needs of the client.
Pre-configured versions of PT AF have been developed to protect:
- Banks and Financial Institutions, where many critical applications used both by clients and partners have to meet the requirements of PCI DSS and other regulations, while third-party applications and 24/7/365 uptime requirements leave little scope for vulnerability fixes.
- Media portals, whose frequently updated content—including online streaming, XML gateways, and other integrations with a wide range of systems—provides a popular target for hacktivists, rivals, and criminals.
- Telecoms, where convergence of many different technologies may lead to a cascade of failures caused by a single hack. Integration of simple mass services with payment systems heightens the risk of fraud.
- ERP systems, which are often maintained and supported remotely by third-party companies. All too often, security mechanisms are weakened for the sake of ease of access and time-pressed developers of business applications think about security last, if at all.