Product Id: 34567163
Description: Brocade Virtual Web App Firewall Decider - License - 1 core
Mfr Part #: PL-WAF-DEC-CORE
The Brocade Virtual Web Application Firewall (Brocade vWAF) is a scalable solution for application-level security, both for off-the-shelf solutions, and complex custom applications including third-party frameworks. It can be used to apply business rules to online traffic, inspecting and blocking attacks such as SQL injection and cross-site scripting (XSS), while filtering outgoing traffic to mask credit card data, and help achieve compliance with PCI-DSS requirements by filtering outgoing data.
The software consists of three scalable components: the Enforcer, the Decider and the Administration Interface. These can be configured as a fully distributed solution across hundreds of Web servers and multiple data centers for maximum scalability and performance. The Decider is the compute-intensive part of the solution, and the workload on the Decider depends on the load of the Web infrastructure behind it. As users and applications generate more traffic, the Decider will utilize greater CPU resources.
- Massive scale for global applications
- Delegated security model for security professionals
- Wide range of proactive security measures
- Protection against key vulnerabilities such as SQL injection and Cross-Site Scripting
- Integration with external security scanners and and workflow tools such as Denim Group's Threadfix
- Dual-mode "detect and protect" operation
- Security automation using REST API
- Maximizes deployment flexibility
A software-based Web Application Firewall (WAF) is ideal for Network Functions Virtualization (NFV).
- Provides massive scalability
Organizations can secure the largest online applications, clustering both within data centers and across global cloud platforms.
- Cross platform portability
As IT architectures deploy more applications, they must also ensure that they are secure. The Brocade vWAF can extend security policies to all corners of the data center, and as the network transforms to enable the new IP. It can deploy common security policies across a mixture of cloud, software, virtual appliance, web server plug-in, or even as a bare-metal server, integrating with existing systems with minimal disruption to the existing network.
- Rapid response
Brocade vWAF can close application vulnerabilities faster, by importing ruleset recommendations from third-party vulnerability scanners and workflow tools such as Denim Group's ThreadFix. Automated learning helps security teams manage policies. With full control over the activation of individual policies, organizations can maximize application security, while reducing the number of false positives.
- Dual-mode detection and protection
Organizations can refine security policies with the dual-mode "detect and protect" operation. Brocade vWAF allows layered rulesets, maintaining a live ruleset to enforce policies which have been approved for production, and simultaneously operating a detection only ruleset which can include watch lists and trial policies. This enables new rulesets to be tested in a detection only mode, ensuring that new policies are not activated without approval from security administrators. With this feature, new layered rulesets can be tested without compromising existing policy enforcement, which helps to avoid false positives or weakened defenses, particularly in large-scale cloud applications.
- Automated learning
The Brocade vWAF's security is adaptive through automated learning and can make policy recommendations by learning about application behavior, which can make it easier for security teams to manage policies. Administrators retain full control over the activation and deactivation of each ruleset, with the opportunity to screen for false positive before committing to production.
- Integration with existing technology
Organizations can avoid vendor-locking for both networking and application security. The Brocade vWAF connects with organizations' existing technology and business processes, and can integrate with Security Incident and Event Management systems (SIEMs).
- Distributed and delegated management
The Brocade vWAF includes a webbased user interface to give security professionals full distributed access to centralized policy management and reporting. Organizations can now manage policies centrally and also delegate access to business partners to manage the security configurations of specific applications or domains, tailoring access rights granular settings for individual client applications.
- Comprehensive reporting and logging
Brocade vWAF includes a range of reporting options for threat analysis and data retention. This not only helps security professionals to see potential attacks developing, but also where policies are too restrictive. In addition, data retention can help with local compliance requirements for record-keeping, and also for auditing policy changes.
- PCI DSS compliance
Brocade vWAF helps compliance with PCI DSS, which is a key standard with for organizations which manage credit card payments. Failure to meet the requirements of PCI DSS exposes a merchant to higher risk of fraud, potential liability for costs resulting from leakage of cardholder data, and incurs higher processing fees from credit providers. The PCI DSS standard defines a pragmatic set of security procedure: Section 6.6 of the standard mandates that a merchant must either perform regular security reviews of the source of all public-facing applications or deploy and configure an appropriate Web application firewall. Brocade vWAF not only helps meet the requirements of PCI DSS 6.6, but it also helps to observe other parts of the PCI DSS standard. Brocade vWAF can easily be configured with additional security policies to detect and prevent attacks specific to all applications.