8/13/2019 Webapp Firewall

1/2

AT&T Web ApplicationFirewall

SM

Service

Todays organizations rely on Web applicationsand Web 2.0 technologies to support keybusiness processes and improve performance.

As a result, Web application technology hasbecome pervasive in the modern IT environment,enabling interaction with consumers, partners,employees and other parties.

However, Web applications have also becomea prime vector of attack for hackers andcybercriminals. To attack Web applications,hackers take advantage of attack vectors thatbypass traditional network and host-basedsecurity technologies. Because of this, it isessential for organizations to have application-layer security measures in place that protectWeb applications as well as the underlying

servers and databases that support them.

Regulators have also recognized the riskthat insecure Web applications pose. Manycompliance mandates including Payment CardIndustry (PCI), Federal Financial InstitutionsExamination Councils (FFIEC), North AmericanElectric Reliability Corporation (NERC), Critical

Infrastructure Protection (CIP), and FederalInformation Security Management Act of 2002(FISMA). NERC CIP, and others now require

organizations to better secure their Webapplications and protect them from attack.

Service OverviewAT&T Web Application Firewall service is afully managed security service that combinesWeb Application Firewall technology withexpert management and 24x7x365 securitymonitoring to help protect Web applicationsand their underlying systems. It is offeredon a subscription, per device basis to helpsafeguard Web applications and sensitive data.Architecturally, Web Application Firewall islocated in front of the Web application servers

as a transparent Layer 2 bridge. Depending onwhere the Web servers reside, the service canbe deployed and provided at your premises orin any hosting environment.

With the Web Application Firewall, AT&Tprovides the highest degree of protectionpossible without interrupting legitimate traffic

Benefits

Helps protect Web applications

Aids in better securing

sensitive data

No management overhead

24x7x365 real-time security

vigilance

Better prevention of attacks

Faster detection and response

to threats

Reduces costs associated

with securing Web apps and

underlying systems

More cost effective than code

audit alone

Provides visibility into Web

application layer traffic

Reduces risk to critical

applications and business

processes

Satisfies PCI requirement 6.6

Features

Inspection of all inbound and

outbound Web application

traffic including encrypted traffic

Blocking of inappropriate or

malicious application traffic

Real-time, 24x7x365 security

event monitoring

Ongoing performance and

availability management

Initial and ongoing tuning and

configuration management

Maintenance, backup and

recovery

Comprehensive security and

compliance reporting

Product Brief

AT&T Web Application FIrewallSMService

8/13/2019 Webapp Firewall

2/2

to Web applications. During implementationof the service, experts from AT&T performextensive analysis of your Web applicationtraffic and tightly configure Web ApplicationFirewall policies accordingly. Once the serviceis turned up, we continuously review theperformance and fine tune the appliances

to deliver optimum protection against Webapplication threats including SQL injection,cross-site scripting, session hijacking andWeb 2.0 attacks.

Seamless Web Application FirewallImplementationDeploying a Web Application Firewall is notrivial task. As with any in-line appliance,organizations must take care to properlyimplement the service so that they do notaffect legitimate business traffic and ITinfrastructure while protecting these sameresources from malicious traffic. For

organizations with frequent changes towebsites and applications, the workload touse Web Application Firewall effectively canbe significant.

As part of the service, AT&T will architect,design and deploy a solution that addressesyour security and compliance needs andintegrates seamlessly into your environment.

Utilizing a mature provisioning anddeployment process, our experts can installthe Web Application Firewall service easilyand at your convenience.

Optimum Performance and ProtectionBecause of the dynamic nature of todays

web applications, to help protect themrequires strong security features and webapplication knowledge as well as the timeto analyze traffic and test policies and rules.Without ongoing tuning, Web ApplicationFirewalls can block legitimate applicationtraffic (a.k.a. false positives) and pass trafficcontaining attacks (a.k.a. false negatives).

However, with AT&T Web Application Firewallservice, we help ensure the technologyprovides protection without interruptinglegitimate business traffic to your applications.During implementation of our service, experts

from AT&T perform an analysis of yourapplication traffic and tightly configure WebApplication Firewall policies and rules. Oncethe service is turned up, we continuouslyreview the performance and fine tune theappliances to deliver optimum protectionagainst application threats including SQLinjection, cross-site scripting, sessionhijacking and Web 2.0 attacks.

Real-Time Event Management and ResponsUsing highly scalable event correlation andanalysis technology, our certified expertsmonitor, assess and respond to Webapplication threats real-time. Our advancedtechnology platform correlates events acrosall managed or monitored devices in your

environment, providing our certified expertswith the context they need to virtuallyeliminate false positives and respond to truthreats against your organization.

When an incident is detected, our expertsimmediately assess the threat and beginworking with your staff to mitigate the attacand protect your assets. Our experts providefull support, serving as an extension of yourteam to safeguard IT systems and data.

On-Demand Security andCompliance Reporting

With AT&T Web Application Filtering serviceyou will have full access to reports via a webased client portal. The portal provides youwith real-time security and service deliveryvisibility. Using the portal, you can easilydemonstrate the effectiveness of the WebApplication Firewall service to managementand auditors.

For more information contact your AT&T Representative visit us at www.att.com/security,email us at mss@att.com or call 877-954-7771

Product Brief - AT&T Web Application FirewallSMService ______________________________________________________________________________________

01/31/11 AB-2076

2011 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.