Obrela Security Industries Managed Web Application Firewalling as a Service (WAFaaS) provides an innovative on-demand security as a service model to help organizations and businesses protect their brand and online presence, incorporating a state-of-the-art transparent security layer over their web applications.
Recognizing the risk that insecure Web applications present, several compliance mandates now require or recommend that organizations secure their Web applications and protect them from cyber attacks.
For example, Requirement 6.6 of the Payment Card Industry Data Security Standard v1.2 (PCI DSS v1.2) requires merchants and service providers to address new threats and vulnerabilities for public-facing web applications and ensure they are protected against known attacks. OBRELA’s WAF as a service (WAFaaS) safeguards clients’ web applications 24×7, helping to satisfy PCI 6.6 and other regulatory requirements.
The WAFaaS forms a complete enterprise-grade security platform, utilizing approved and tested filtering mechanisms and following industry Best-Practices in order to protect client web applications against the latest threats and attack trends.
Based on the SWORDFISH leading technology in order to cover a multitude of needs OBRELA provides a cloud based WAF alternative (WAFaaS) with flexible on-demand model allowing companies to enjoy coverage without paying huge CAPEX outlays. The WAFaaS can be deployed in minutes, supports SSL, and doesn’t require special expertise to use. It delivers a new level of web app security and compliance while freeing you from the substantial cost, resource and deployment issues associated with traditional products.
The key features of the WAFaaS include:
- No CPE (customer premises equipment) necessary
- Real-time reactive defense to all known and even zero-day threats targeting your web applications
- Compliance with PCI DSS requirement 6.6
- Customer specific rule set in order to mitigate focused threats
- Classification mechanism based on reputational databases. Ability to deny access from well-known suspicious sources, such as DShield Top 10 and TOR proxy networks.
- Mitigation of denial-of-service (DOS and DDOS) attacks against your web application.
- Customer access to events and reports analyzing the attack behavior.
- Deep analysis of the SSL/TLS configuration (as part of PCI DSS requirement 4.1).
- 24/7 Support and Help Desk Center.
- Event Management and SIRT.
WAFaaS is integrated with event management and log management. Services are regularly tested for compliance and assurance purposes and include 24/7/365 support. Clients have access to the technology services through a specialized management console, which provides visibility and includes a ticketing system.