WEB Protection Program Position:Home » Solutions » WEB Protection Program
WAF products are among the best in the market
Recently, the global consultancy Frost & Sullivan released the 2013 annual WAF (Web application firewall) market report, WEB application security protection system (WAF) the company's rapid growth in sales revenue, the growth rate of the industry average and the way ahead of other competitors, and ultimately to a higher market share among the best in the market China.
Recently, the global consultancy Frost & Sullivan released the 2013 annual WAF (Web application firewall) market report, WEB application security protection system (WAF) the company's rapid growth in sales revenue, the growth rate of the industry average and the way ahead of other competitors, and ultimately to a higher market share among the best in the market China.
WAF is a high performance and high stability WAF product independently developed by our company. It can thoroughly analyze and filter the HTTP/HTTPS traffic through the website, and protect against the attack of Web application vulnerability. At the same time, using professional algorithms to optimize the website application delivery process, to provide integrated security protection and application delivery solutions for all types of website systems. Up to now, WAF has been widely used in many fields, such as government, finance, operators, education, energy, e-commerce and so on.
Core competitive edge of WAF products
In the market analysis report of Frost & Sullivan, in addition to affirming the outstanding performance of WAF products in the Chinese market, it also points out several key factors for WAF products to gain advantages in the fierce market competition.
Key factors one: product performance, stability and safety, reduce user operation and maintenance management costs.
Accumulated years of experience in the development of security products, in the possession of independent intellectual property rights and mature security operating system - TOS (SEC Operating System) based on the construction of WAF products. Not only ensures the performance of the product, but also provides maximum safety and stability.
Key factors two: products with accurate attack detection capabilities, to meet the user's core needs for WAF products.
WAF products use protocol analysis, pattern matching, traffic anomaly monitoring and other comprehensive technical means to determine Web attacks, which can accurately identify and block all kinds of Web attacks. The company is the national security defense laboratory detection vulnerability database creation unit, is also a national emergency response support service units and designated national post doctoral workstations, with high-quality technical professional researchers, through continuous tracking, research and analysis of the latest discovery of Web security vulnerabilities, the formation of attack detection rules with independent intellectual property rights, to ensure WAF products have accurate detection capability. At present, the number of rules in the rule base is in the leading position of the industry, and maintain at least once a month update frequency.
Key factors three: fine product security configuration, able to adapt to complex and ever-changing application environment.
WAF products support fine grained security configurations. According to the different server site, not only can apply different protection rules, can also check the flow of different strategies, configuration items to fine direction, HTTP packet inspection, packet content inspection depth, HTTP packet content inspection and check point to security threats after treatment. Website operators or developers can configure appropriate security policies for WAF according to their own characteristics, so as to improve the efficiency of product detection and reduce the false positive rate.
Key factor four: product function integrity, rich, to provide users with integrated solutions.
On the basis of ensuring the ability of Web attack and defense, WAF also integrates such modules as DDOS attack defense, Web vulnerability scanning, website application delivery and so on. Among them, the DDOS attack defense function, using professional algorithms, can effectively defend the network layer and application layer DDOS attacks. Web vulnerability scanning capabilities based on high-performance scanning engine and a huge vulnerability information library, scanning covers SQL injection, XSS and other common vulnerabilities OWASP 10. Web application delivery capabilities include caching acceleration, data compression, server load balancing, and SSL offload / acceleration. All of the functions mentioned above can be implemented independently by WAF without the help of other systems or platforms, providing users with integrated website security protection and application delivery solutions.
Provide full cycle site security solutions
In order to deal with the increasingly prominent security issues, the company first established a set of WAF products as the core of the full cycle of web security solutions. With the combination of security products and security services, corresponding security measures are taken at the four stages of the website life cycle, and the whole process of security management and protection is realized. Moreover, for different industries, different nature of the site, to provide more intimate customization program to meet the user's security needs.
Core competitive edge of WAF products
In the market analysis report of Frost & Sullivan, in addition to affirming the outstanding performance of WAF products in the Chinese market, it also points out several key factors for WAF products to gain advantages in the fierce market competition.
Key factors one: product performance, stability and safety, reduce user operation and maintenance management costs.
Accumulated years of experience in the development of security products, in the possession of independent intellectual property rights and mature security operating system - TOS (SEC Operating System) based on the construction of WAF products. Not only ensures the performance of the product, but also provides maximum safety and stability.
Key factors two: products with accurate attack detection capabilities, to meet the user's core needs for WAF products.
WAF products use protocol analysis, pattern matching, traffic anomaly monitoring and other comprehensive technical means to determine Web attacks, which can accurately identify and block all kinds of Web attacks. The company is the national security defense laboratory detection vulnerability database creation unit, is also a national emergency response support service units and designated national post doctoral workstations, with high-quality technical professional researchers, through continuous tracking, research and analysis of the latest discovery of Web security vulnerabilities, the formation of attack detection rules with independent intellectual property rights, to ensure WAF products have accurate detection capability. At present, the number of rules in the rule base is in the leading position of the industry, and maintain at least once a month update frequency.
Key factors three: fine product security configuration, able to adapt to complex and ever-changing application environment.
WAF products support fine grained security configurations. According to the different server site, not only can apply different protection rules, can also check the flow of different strategies, configuration items to fine direction, HTTP packet inspection, packet content inspection depth, HTTP packet content inspection and check point to security threats after treatment. Website operators or developers can configure appropriate security policies for WAF according to their own characteristics, so as to improve the efficiency of product detection and reduce the false positive rate.
Key factor four: product function integrity, rich, to provide users with integrated solutions.
On the basis of ensuring the ability of Web attack and defense, WAF also integrates such modules as DDOS attack defense, Web vulnerability scanning, website application delivery and so on. Among them, the DDOS attack defense function, using professional algorithms, can effectively defend the network layer and application layer DDOS attacks. Web vulnerability scanning capabilities based on high-performance scanning engine and a huge vulnerability information library, scanning covers SQL injection, XSS and other common vulnerabilities OWASP 10. Web application delivery capabilities include caching acceleration, data compression, server load balancing, and SSL offload / acceleration. All of the functions mentioned above can be implemented independently by WAF without the help of other systems or platforms, providing users with integrated website security protection and application delivery solutions.
Provide full cycle site security solutions
In order to deal with the increasingly prominent security issues, the company first established a set of WAF products as the core of the full cycle of web security solutions. With the combination of security products and security services, corresponding security measures are taken at the four stages of the website life cycle, and the whole process of security management and protection is realized. Moreover, for different industries, different nature of the site, to provide more intimate customization program to meet the user's security needs.
| Planning Stage | Development Stage | Test Phase | Operation Phase | ||
Beforehand | Middlehand | Afterwards | ||||
Product | N/A | N/A | Web Vulnerability Scanning System | Web Vulnerability Scanning System | WAF | Web Tamper Proofing Software |
Website Security Monitoring Platform | ||||||
Service | Safety Planning Suggestion | Code Verification | Safety Assessment and Reinforcement | Safety Assessment and Reinforcement | Remote Security Monitoring | Emergency Response |
Safety Training | Penetration Test | Penetration Test | Event Traceability | |||
Table 1: the company's website security solution
