― IIS Web Application Firewall Offers Increased Protection from SQL Injection Attacks and Optimized Out-of-Box Configuration —

Summary: Privacyware (http://www.privacyware.com), has released a new version of its award-winning ThreatSentry IIS Web Application Firewall. The update features an expanded knowledgebase of pre-configured SQL Injection, XSS and other defense filters and modified default configuration settings that deliver improved out-of-box performance and ease of use.

RED BANK, NJ, April 15, 2009 – Privacyware (http://www.privacyware.com), an innovative provider of web application firewall, intrusion prevention and security data analytics software, today announced the release of a new version of its award-winning ThreatSentry IIS Web Application Firewall and Intrusion Prevention solution. The updated release features an expanded knowledgebase of pre-configured filters designed to identify and block a broader range of web application threats including Cross Site Request Forgery (CSRF/XSRF), Structured Query Language (SQL) Injection, Cross-Site Scripting (XSS) and other attack techniques. Default configuration settings have also been modified to deliver improved out-of-box performance and administrative control and ensure greater overall value and ease of use.

“Our coordination with customers throughout the world continues to intensify as attacks on leading-edge as well as legacy web applications has become more frequent, severe and dynamic,” said Privacyware Chief Executive Officer, Greg Salvato. “The resulting enhancements within ThreatSentry include expanded and optimized coverage for system, extended and other stored procedures as well as potentially dangerous SQL functions. The default rules configuration and behavioral engine settings have also been re-calibrated to ensure more efficient and proactive out-of-box protection while limiting potential interference with the growing variety of increasingly complex web applications.”

ThreatSentry protects Microsoft IIS Web servers, Windows operating systems, and popular Web application platforms including ASP.NET, PHP, JavaScript and more from known and new threats and helps customers comply with section 6.6 of the Payment Card Industry Data Security Standard (PCI DSS).

Key ThreatSentry features include:

• State-of-the-art Web Application Firewall provides configurable and extensible rules-based control over HTTP/HTTPS request methods (OPTIONS, GET, POST, HEAD), URL Paths, URL Path Request Frequency, URL Query String length, and HTTP Request Headers.
   

• Fulfills the web application layer firewall (WAF) requirement in PCI DSS 6.6 and aids in the web application code review process by revealing vulnerabilities embedded within the software.
   

• Proprietary NDIS driver delivers flexible network IP blocking (featuring white list, black list and duration control) at TCP/IP and UDP layers for all ports.
   

• Artificial intelligence (AI)-based behavioral engine (with sensitivity control) analyzes Web traffic patterns to detect new threats and behavioral deviations.
   

• Compatible with IIS Lockdown, URLScan, and major third party server-side scripting platforms like ASP, ASP.NET, PHP, JSP, ColdFusion, and Perl.
   

• Email alert notification, compliance and security reporting, centralized management for multiple servers, Active and Passive security modes.
   

• Enterprise-grade Web Application Firewall priced for any business.
   

"The IT and compliance personnel of small and mid-sized businesses must manage Web application and database threats and demonstrate compliance with the PCI Data Security Standard and other regulatory mandates just as effectively as any global enterprise, but typically with much smaller budgets," stated Salvato. "The ThreatSentry IIS Web Application Firewall not only delivers exceptional protection against an array of SQL and web application threats, but also fulfills the application layer firewall requirement specified in PCI DSS 6.6 at a very affordable price.”

Pricing and Availability
ThreatSentry IIS Web Application Firewall is available for purchase or 30-day trial download via the Privacyware web site: www.privacyware.com or through its business partners worldwide. ThreatSentry pricing starts at $649 per server and supports Microsoft Windows Server 2000/2003 and Internet Information Services (IIS) 5.0/6.0. To locate a reseller, please visit Privacyware at http://www.privacyware.com/sales.html or call 732-212-8110 x235.

About Privacyware
Privacyware (www.privacyware.com) is an innovative provider of award-winning web application firewall, intrusion prevention and security data analytics software. Privacyware products leverage conventional and neural analytics technologies to help systems administrators, IT security and compliance personnel more effectively identify, understand and prevent malicious, unauthorized and/or deviant computing system activity. Privacyware is a Microsoft Gold Certified Partner.

CONTACT: Gregory Salvato - Privacyware, (732)-212-8110, x235. sales@privacyware.com

Privacyware and ThreatSentry are registered trademarks of PWI, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. Copyright(C) 2009 PWI, inc. All rights reserved.