High Performance Web Application Security for Virtual and Cloud Environments

Secure Your Applications with a
Distributed Web Application Firewall

Banner WebAppFirewall2 Copy

Defense in Depth with Pulse vWAF

Pulse vWAF delivers scalable application security for off-the-shelf and custom applications, including third-party frameworks. Apply business rules to online traffic, inspect and block attacks such as SQL injection and cross-site scripting (XSS), and filter outgoing traffic and data to mask credit card data. Pulse vWAF helps achieve compliance with PCI-DSS requirements.

Massive Scalability
Column Icon

Scale dynamically to secure global applications, and cluster across hybrid cloud platforms.

Cross Platform Portability
Column Icon

Deploy distributed security policies across hybrid cloud, software and virtual environments.

Rapid Response
Column Icon

Refine policies with dual-mode “detect and protect” operation, minimizing false positives and disruption.

Scalable Security for Critical Applications

Pulse vWAF is a web application firewall designed to support industry best practices. A modular architecture makes it ideal for next-generation applications and hybrid cloud deployments.

Proactive security tools

Apply business rules and security policies to online traffic, inspecting and blocking attacks such as SQL injection and cross-site scripting, while filtering outgoing traffic to mask credit card data.

Hybrid security fabric

Define security policies which can follow you on your journey from lab, to data center to hybrid cloud. Protect applications which span technology platforms, with a common set of management tools and a single console.

Virtual patching

Close application vulnerabilities faster, by importing ruleset recommendations from third-party vulnerability scanners or use automated learning to discover new recommendations. Baseline updates can be applied for common vulnerabilities such as SQL injection and Cross-Site Scripting.

Feature Highlights

Block Icon

Massive Scalability

Scale dynamically to secure global applications, and cluster across hybrid cloud platforms.

Block Icon

Cross Platform Portability

Deploy distributed security policies across hybrid cloud, software, virtual and more.

Block Icon

Rapid Response

Close application vulnerabilities faster, pushing virtual patches out to global applications.

Block Icon

Dual-Mode Detection and Protection

Automated means to refine policies to minimize false positives.

Block Icon

Automated Learning

Adaptive learning makes it easier for security teams to manage policies.

Block Icon

Delegated Management

Secure access for application teams to manage specific domains independently.

Block Icon

PCI DSS Compliance

PCI auditor role to review baselines and application-specific policies to help compliance.

Block Icon

SIEM Integration

Works with your security workflow and SIEM.

  • Overview

  • Key Features

  • Use Cases

  • Deployment

  • Benefits

Pulse vWAF can apply business rules to online traffic, inspecting and blocking attacks such as SQL injection and cross-site scripting, while filtering outgoing traffic to mask credit card data.

Protecting Incoming Requests

Pulse vWAF receives and analyzes each request against the ruleset assigned to the application, and determines which of the following actions to take:

  • Permitted requests are passed to the application.
  • Requests which are identified as known attacks are rejected, and logged with information to help trace the attacker.
  • Requests which cannot immediately be categorized can be configured for rejection, passed to the application, or captured for future analysis.

Protecting Outgoing Data

Pulse vWAF also monitors outgoing responses as they are returned to the client. Sensitive information can be filtered out from responses to prevent data leakage (DLP) even if an initial malformed request is successful. Pulse vWAF monitors the behavior of the application and traffic patterns to help optimize protection and recommend additional policies.

Proactive Application Security Features

Cross Site Scripting (XSS)

  • Validation of user-generated input.
  • Exclude suspected XSS payloads.
  • Create custom rules to trigger on specific XSS patterns.

 

Injection Flaws

  • Detect attempts to execute malicious code in a database or script.
  • Typically via vectors such as SQL, LDAP or Shell
  • Custom rules can be set to look for application-specific pattern.

 

Mask Sensitive Data

  • Enforce encryption for data in transit.
  • Filter outgoing traffic for data leakage.
  • Mask sensitive data such as SSN, Credit Card information.

 

Secure Application Entry Points

  • Ensure user sessions start at approved entry points.
  • Prevent deep linking into applications, enforcing entry points and authentication steps.

Secure Session Management

  • Protect user and session data from being exposed through weak links such as session cookies and tokens.
  • Enforce controls on user session timeouts and session limits.
  • Exchange weak session cookies for a more secure session management.

 

Baseline Protection

  • Baseline Protection Wizard makes it easy to update policies.
  • Known vulnerabilities and attacks are defined by black list and/or regular expressions.
  • When a rule or policy is triggered, the request is rejected without exposing the application.

 

Redirection and Forwarding Attacks

  • Enforce fully-qualified URLs to protect against unwanted redirection.
  • Protect against weak validation of redirection criteria used to trigger malware or phishing attacks.
  • Define preferred redirection targets to trap attacks.

Agile Security for Critical Applications

Pulse vWAF brings defense-in-depth to applications with real-time policy enforcement, including transparent secure session management and form-field virtualization, in a scalable Web Application Firewall (WAF) solution.

  • PCI DSS Compliance: Pulse Secure vWAF helps compliance with PCI DSS, which is a key standard with for organizations which manage credit card payments. Not only does Pulse vWAF help to meet the requirements of PCI DSS 6.6, but it can be easily be configured with additional security policies to detect and prevent attacks specific to all applications.
  • Data Leakage Protection (DLP): Filter outgoing traffic to hide sensitive data details when sent outside your organization, by identifying certain patterns of data such as social security numbers, names, card numbers, and other sensitive information. Pulse vWAF can also enforces SSL/TLS encryption to protect data in transit.
  • High-Velocity Development: Accelerate application development, by providing proactive security shielding for Agile or DevOps processes. Pulse vWAF provides the extra security layer necessary to balance faster innovation and growth, with the need to maintain security and regulatory compliance.

Deployment

Pulse vWAF supports a full range of deployment options allowing you to choose the best fit for your architecture and application risk profile. Pulse vWAF can be deployed as a virtual appliance, on a web server, or as a physical appliance in your data center or cloud provider — or even as an integrated package with Pulse Virtual Traffic Manager (vTM) for enhanced security and control of complex applications.

In addition, Pulse Secure vWAF is also available as a stand-alone package, designed to be used with existing load-balancers and ADCs, and is particularly suitable for cloud deployment to add application-level security to a cloud application without changing the application architecture.

  • Integrated with Pulse vADC

The most popular type of deployment, Pulse vWAF is included with the Pulse Access Suite.

  • Stand-Alone vWAF For Third-Party Load Balancers

Available as a stand-alone virtual appliance, Pulse vWAF is typically deployed alongside an existing ADC or load balancer device.

  • Fully Distributed vWAF

Pulse vWAF can be implemented as Web server plug-ins providing a fully distributed microservices architecture with complete flexibility.

Application-Aware Policy Enforcement

Pulse vWAF enables fine-grained control of policies to minimize false positives, enforce specific workflows, and redirect access to prevent URL manipulation.

  • Unique Scalable Architecture: Scale up to meet the requirements of the largest global applications in the cloud, or scale down to protect management ports on access gateways. Scale out by clustering, or co-host multiple applications on a single instance.
  • Delegated and Distributed Management: Centralized policy management and reporting with support for delegating security configurations of specific applications or domain.
  • Resolve Vulnerabilities 10x Faster: Create virtual patches for third-party applications, import rules and recommendations from external tools, or use automated learning to develop recommendations and insights into application behavior.

Recognition

Gilt Groupe Logo

Gilt Groupe

"With Pulse Secure, we can lock down sensitive data and satisfy PCI DSS compliance.”

- VP Development, Gilt Groupe