|
Privacyware Enhances SQL Injection and XSS Defense with
Updated IIS Web Application Firewall
—
Web Application Firewall and AI-based Behavioral
Modeling/Analysis Delivers Broad IIS/SQL Defense and
Reinforces PCI DSS Compliance —
RED
BANK, NJ – June 24, 2008 – Privacyware (http://www.privacyware.com),
an innovative provider of web application security,
intrusion prevention and security data analytics
software, today released the
latest version of ThreatSentry, a software-based IIS Web
Application Firewall and Intrusion Prevention solution.
In response to customer and general market demand for
more effective protection against Structured Query
Language (SQL) Injection, cross-site scripting (XSS) and
other web application and database related attacks,
Privacyware has expanded ThreatSentry’s Parameter
parsing and URL Query String
inspection capabilities at the Web Application
Firewall and behavioral analysis layers.
“In
recent months, we’ve witnessed the attack landscape —
SQL injection exploits in particular — expand
exponentially”, said Privacyware CEO, Greg Salvato.
“This problem is largely a result of the swift adoption
of automated tools now in common use by hackers to
rapidly identify vulnerable websites and servers. More
urgent, however, is the evolving sophistication of the
evasion techniques used which can render ineffective
traditional rules-based (keyword and signature
pattern-matching) technologies.”
An
ISAPI filter hosted in MMC, ThreatSentry is comprised of
a Web Application Firewall and behavior-based Intrusion
prevention component founded on specialized artificial
intelligence and machine learning technologies
specifically designed to address internal and external
unauthorized system access and cyber-criminal threats on
Web servers utilizing Microsoft Internet Information
Services (IIS). Since its introduction, IIS has grown in
popularity and ranks as one of the most widely used
platforms for enabling simple to sophisticated Web sites
and Web-based applications. While it is well-regarded
for its ease of use and range of features, it is
frequently targeted by hackers due to a variety of
server and database vulnerabilities and the inherently
open nature of many Web applications – many of which
manage sensitive information such as credit card
numbers, passwords, or other private data.
“In
response the alarming rise in frequency of SQL-based
attacks, we’ve expanded ThreatSentry’s Parameter parsing
and URL Query String
inspection capabilities at the Web Application Firewall
layer,” said Privacyware CTO, Konstantin Malkov. “In
addition, we’ve enhanced ThreatSentry’s cognitive
components, which are capable of detecting similarities
to known malicious patterns or revealing behavioral
deviations among normal traffic, to deliver improved
protection against known or new SQL Injection and other
threats to the web infrastructure.”
The
latest version of
ThreatSentry detects and blocks known and new attacks
and unwanted web application traffic and also helps
customers comply with section 6.6 of the
Payment Card Industry
Data Security Standard (PCI DSS). Other key ThreatSentry
features include email alert notification, compliance
and security reporting, centralized management for
multiple servers and protection from an array of
documented exploitive techniques including SQL
Injection, Directory Traversal, Cross-site scripting,
Parameter Manipulation, Buffer Overflow, Denial of
Service, and other exploitive techniques.
ThreatSentry is available for purchase or 30-day trial
download via the Privacyware web site:
www.privacyware.com
or through an authorized Privacyware reseller.
ThreatSentry pricing starts at $649 per server and
supports Microsoft Windows Server 2000/2003 and Internet
Information Services (IIS) 5.0/6.0. To locate a
reseller, please visit Privacyware at
http://www.privacyware.com/sales.html or call
732-212-8110 x235.
About Privacyware
Privacyware (www.privacyware.com)
is an innovative provider of web application security,
intrusion prevention and security data analytics
software. Privacyware security data analytics products
help enterprise security and compliance personnel
overcome the increasingly critical challenge of security
data overload, better understand the environments for
which they are responsible and more effectively identify
and comprehend malicious, unauthorized and/or deviant
activity. Privacyware web application security and
desktop defense offerings increase the level of
protection from new and known malware, intrusions and
other threats to individual, small business and large
enterprise computing environments. Privacyware is a
Microsoft Gold Certified Partner.
CONTACT: Gregory Salvato - Privacyware, (732)-212-8110,
x235.
sales@privacyware.com
Privacyware, Adaptive Security Analyzer, ThreatSentry,
Endpoint Security Console, Privatefirewall and Dynamic
Security Agent are registered trademarks of Privacyware/PWI,
Inc. in the United States and other countries. All other
trademarks mentioned are the property of their
respective owners.
|
