High Performance Web Application Security for Virtual and Cloud Environments
Secure your applications with a distributed web application firewall
Defense in Depth with Pulse vWAF
Pulse vWAF delivers scalable application security for off-the-shelf and custom applications, including third-party frameworks. Apply business rules to online traffic, inspect and block attacks such as SQL injection and cross-site scripting (XSS), and filter outgoing traffic and data to mask credit card data. Pulse vWAF helps achieve compliance with PCI-DSS requirements.
Massive Scalability: Scale dynamically to secure global applications, and cluster across hybrid cloud platforms.
Cross Platform Portability: Deploy distributed security policies across hybrid cloud, software and virtual environments.
Rapid Response: Refine policies with dual-mode “detect and protect” operation, minimizing false positives and disruption.
Discover how to secure your applications with Pulse vWAF, a scalable, distributed application security platform for protecting off-the-shelf and custom applications.
Today’s complex applications are prime targets for hackers, and your application and security teams can find it difficult to resolve application vulnerabilities in today’s dynamic IT environment.
Evolving AppSec What’s next? New attack vectors are emerging all the time, and as your application evolves, so too do the potential vulnerabilities which become exposed. It can take longer to fix security vulnerabilities once identified, and in some cases it may prove prohibitively expensive to locate the error, create the patch, and deploy the fix.
Blunt Tools How can you reduce false positives? Traditional application security tools focus on detection of malicious activity using inflexible rules, which can lead to many false positives. You need more flexibility in the response to each type of activity, and the ability to tune individual policies for each part of the application.
Long Exposure Window How long does it take to close critical vulnerabilities? Your developers are under pressure to meet deadlines and secure customer data, and software vendors are often unable to provide patches quick enough to meet your campaign deadlines and product release cycles.
Scalable Security for Critical Applications
Pulse vWAF is a web application firewall designed to support industry best practices. A modular architecture makes it ideal for next-generation applications and hybrid cloud deployments.
Proactive Security Tools Apply business rules and security policies to online traffic, inspecting and blocking attacks such as SQL injection and cross-site scripting, while filtering outgoing traffic to mask credit card data.
Hybrid Security Fabric Define security policies which can follow you on your journey from lab, to data center to hybrid cloud. Protect applications which span technology platforms, with a common set of management tools and a single console.
Virtual Patching Close application vulnerabilities faster, by importing ruleset recommendations from third-party vulnerability scanners or use automated learning to discover new recommendations. Baseline updates can be applied for common vulnerabilities such as SQL injection and Cross-Site Scripting.
Scale dynamically to secure global applications, and cluster across hybrid cloud platforms.
Cross Platform Portability
Deploy distributed security policies across hybrid cloud, software, virtual and more.
Close application vulnerabilities faster, pushing virtual patches out to global applications.
Dual-Mode Detection and Protection
Automated means to refine policies to minimize false positives.
Adaptive learning makes it easier for security teams to manage policies.
Secure access for application teams to manage specific domains independently.
PCI DSS Compliance
PCI auditor role to review baselines and application-specific policies to help compliance.
Works with your security workflow and SIEM.
Pulse vWAF can apply business rules to online traffic, inspecting and blocking attacks such as SQL injection and cross-site scripting, while filtering outgoing traffic to mask credit card data.
Protecting Incoming Requests
Pulse vWAF receives and analyzes each request against the ruleset assigned to the application, and determines which of the following actions to take:
Permitted requests are passed to the application
Requests which are identified as known attacks are rejected, and logged with information to help trace the attacker
Requests which cannot immediately be categorized can be configured for rejection, passed to the application, or captured for future analysis
Protecting Outgoing Data
Pulse vWAF also monitors outgoing responses as they are returned to the client. Sensitive information can be filtered out from responses to prevent data leakage (DLP) even if an initial malformed request is successful. Pulse vWAF monitors the behavior of the application and traffic patterns to help optimize protection and recommend additional policies.
Proactive Application Security Features
Cross Site Scripting (XSS)
Validation of user-generated input
Exclude suspected XSS payloads
Create custom rules to trigger on specific XSS patterns
Detect attempts to execute malicious code in a database or script
Typically via vectors such as SQL, LDAP or Shell
Custom rules can be set to look for application-specific pattern
Mask Sensitive Data
Enforce encryption for data in transit
Filter outgoing traffic for data leakage
Mask sensitive data such as SSN, Credit Card information
Secure Application Entry Points
Ensure user sessions start at approved entry points
Prevent deep linking into applications, enforcing entry points and authentication steps
Secure Session Management
Protect user and session data from being exposed through weak links such as session cookies and tokens
Enforce controls on user session timeouts and session limits
Exchange weak session cookies for a more secure session management
Baseline Protection Wizard makes it easy to update policies
Known vulnerabilities and attacks are defined by black list and/or regular expressions
When a rule or policy is triggered, the request is rejected without exposing the application
Redirection and Forwarding Attacks
Enforce fully-qualified URLs to protect against unwanted redirection
Protect against weak validation of redirection criteria used to trigger malware or phishing attacks
Define preferred redirection targets to trap attacks
Agile Security for Critical Applications
Pulse vWAF brings defense-in-depth to applications with real-time policy enforcement, including transparent secure session management and form-field virtualization, in a scalable Web Application Firewall (WAF) solution.
PCI DSS Compliance: Pulse Secure vWAF helps compliance with PCI DSS, which is a key standard with for organizations which manage credit card payments. Not only does Pulse vWAF help to meet the requirements of PCI DSS 6.6, but it can be easily be configured with additional security policies to detect and prevent attacks specific to all applications.
Data Leakage Protection (DLP): Filter outgoing traffic to hide sensitive data details when sent outside your organization, by identifying certain patterns of data such as social security numbers, names, card numbers, and other sensitive information. Pulse vWAF can also enforces SSL/TLS encryption to protect data in transit.
High-Velocity Development: Accelerate application development, by providing proactive security shielding for Agile or DevOps processes. Pulse vWAF provides the extra security layer necessary to balance faster innovation and growth, with the need to maintain security and regulatory compliance.
Pulse vWAF supports a full range of deployment options allowing you to choose the best fit for your architecture and application risk profile. Pulse vWAF can be deployed as a virtual appliance, on a web server, or as a physical appliance in your data center or cloud provider — or even as an integrated package with Pulse Virtual Traffic Manager (vTM) for enhanced security and control of complex applications.
In addition, Pulse Secure vWAF is also available as a stand-alone package, designed to be used with existing load-balancers and ADCs, and is particularly suitable for cloud deployment to add application-level security to a cloud application without changing the application architecture.
Integrated with Pulse vADC
The most popular type of deployment, Pulse vWAF is included with the Pulse Access Suite
Stand-Alone vWAF For Third-Party Load Balancers
Available as a stand-alone virtual appliance, Pulse vWAF is typically deployed alongside an existing ADC or load balancer device
Fully Distributed vWAF
Pulse vWAF can be implemented as Web server plug-ins providing a fully distributed microservices architecture with complete flexibility
Application-Aware Policy Enforcement
Pulse vWAF enables fine-grained control of policies to minimize false positives, enforce specific workflows, and redirect access to prevent URL manipulation.
Unique Scalable Architecture: Scale up to meet the requirements of the largest global applications in the cloud, or scale down to protect management ports on access gateways. Scale out by clustering, or co-host multiple applications on a single instance.
Delegated and Distributed Management: Centralized policy management and reporting with support for delegating security configurations of specific applications or domain.
Resolve Vulnerabilities 10x Faster: Create virtual patches for third-party applications, import rules and recommendations from external tools, or use automated learning to develop recommendations and insights into application behavior.