protecting customer websites and web applications web application security

Protecting Customer Websites and

Web Applications

Protecting Customer Websites and

Web Applications

Web Application SecurityWeb Application Security

The Application SecurityMarket ChallengeThe Application SecurityMarket Challenge

Data theft

Data leakage

Compliance

The DamageThe Damage

E-payment site breach compromises 5 million customersAround five million customers of CheckFree Corp. and some banks that use its electronic bill payment service may be affected by a hack that gave criminals control of several of the company's Internet domains. 1/8/2009

Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. 1/22/2009

Hackers breach Heartland Payment credit card system

FAA says info on 45,000 workers stolen in data breachThe compromise resulted from an intrusion into the system that was storing the data, the FAA said in a brief statement. 2/10/2009

What Enables Strong Application Security?What Enables Strong Application Security?

Provide active protection

Stop multi-vector attacks

Inspect all requests – even encrypted ones

Read the entire request - headers and content

View the request as the application will

Counter emerging threats

Web Application Firewall (WAF)Web Application Firewall (WAF)

Examines user interaction with the applicationPerforms deep inspection of HTTP traffic contentBlocks harmful requestsComplements network security measures, e.g., firewall, IDS/IPS

Why Security Rules?Why Security Rules?

Security rules define patterns that indicate hacking Generic rules based on hacking techniques, not specific

applications

Main benefits

Low false-positive rate

Strong security with low maintenance

Software plug-in for IIS and Apache

dotDefender PositioningdotDefender Positioning

dotDefender Security EnginesdotDefender Security Engines

Typical ImplementationTypical Implementation

Technology OverviewTechnology Overview Software plug-in

Multiple security engines

Rule-based

Low maintenance

High efficiency, low impact

Central Management

Open API

dotDefender delivers:dotDefender delivers: Award-winning Web application security

Solution for a wide customer base - enterprise, SME, SMB, service providers

Support for IIS and Apache

Locks down virtual and cloud environments

Affordable security and compliance

Variety of licensing/pricing models

Best TCO in the industry

Business DriversBusiness DriverseBusiness

Transactions

Sensitive data

Active content

Compliance – e.g., PCI

Already under attack!

Target MarketsTarget Markets

• Enterprise• SME• SMB• Service Providers

OpportunitiesOpportunities

Reselling

ServicesConsulting

Implementation

Integration

Additional touch points

Sample Customer ListSample Customer List

Applicure TechnologiesApplicure Technologies

Jan 2004

Incorporated

Apr 2007

IPO TASE: APCR

Offices• US Offices: NY & Atlanta

• Israel R&D office

• Worldwide network of business partners

dotDefender and You dotDefender and You

Provide better security to your clients

Add premium security service to your portfolio

Gain additional customer touch point

Enhance your reputation

Good for your customers’ security…and your bottom line!

Good for your customers’ security…and your bottom line!