Industry Financial services
The Solution Web application firewall plug-in hyperguard
Payment gateway provider fulfills Web application security specific requirements of PCI Data Security Standard with ISA Server/Forefront TMG and art of defence´s Web application firewall plug-in hyperguard.
Payment Card Industry Data Security Standard requires comprehensive security at the network and the web application layer
Businesses in the financial services sector, particularly those companies who process or store credit card data, have to comply with many legal and industry standards, including PCI compliance. Non-compliance leads to increasing transaction costs, fines, or claims for any damages, which vary depending on the size of the organization.
The current version 1.2 of PCI DSS consists of 12 requirements that comprise specific security measures for the security of the network level and of Web applications, e.g. anti-virus protection. Specifically, PCI requirement 6.6 states that all Web-facing applications must be protected against known attacks, such as Cross Site Scripting (XSS), SQL-injection and other OWASP Top10 threats. This additional requirement is fulfilled by installing a Web application firewall in front of Web-facing applications. A leading European payment gateway provider looked for a comprehensive security solution that helped cover both network and application layer specific requirements of PCI DSS.
ISA Server/Forefront TMG plus Web application firewall hyperguard as software plug-in
After evaluating different solutions, the company chose the combination of Microsoft ISA Server with art of defence´s Web application firewall hyperguard as a software plug-in. One key advantage this combination offered was reliable Web application security, Web publishing capabilities and comprehensive network protection in a single device. Other solutions needed at least separate network firewalls and Web application proxies, which would have doubled the number of components.
Installing an enterprise array of three ISA Server installations fulfilled the high available requirements of the customer. These new servers could easily be integrated into the existing Active Directory, without changing any global configurations. In addition, the sophisticated logging and monitoring features of ISA Server allow tracking of all access to network resources and cardholder data (PCI DSS 1.2.1 Requirement 10). Web publishing rules for certain Web-applications provide centralized protection of IIS Web servers at the backend.
hyperguard enhances the Microsoft ISA Server/Forefront TMG 2010 protections with additional Web application security features, allowing administrators to:
These proactive security features of hyperguard are continually, regularly and automatically updated to protect against the latest known vulnerabilities. Each protection level can be customized to the users needs, taking into account the risk level of the Web applications being protected. Separate rulesets for enforcement and monitoring can be used simultaneously (protection ruleset/detection ruleset) to avoid false positives. Advanced logging and monitoring are enabled, to provide an overview of all internal system events, error messages, application-independent events that are not tied to a specific host (e.g. invalid requests), as well as the load and status of all the serves and clusters.
The Web application firewall hyperguard was easy to configure and offered a variety of protection levels, ranging from pure Web application attack detection over intermediate levels, such as baseline protection against known attacks, up to complete Web application shielding. hyperguard also offered hierarchical administration for applications based on roles with Active Directory support.
PCI compliance was met and higher levels of security were reached
Using the integrated solution, the customer not only passed the PCI audit, but also continues to improve protection levels by iteratively using more proactive security features of hyperguard.
art of defence provides comprehensive application security technology for every scale. Our flagship product, the pure software distributed Web application firewall (dWAF) hyperguard, protects Web and cloud applications against known and unknown attacks at the application layer (such as OWASP Top10). Today, art of defence helps leading banks, financial services providers and e-commerce businesses to fulfill industry standards such as PCI compliance (PCI DSS v1.2). The company is based in San Francisco, USA, and Regensburg, Germany.
For more information, visit: http://www.artofdefence.com/en
Compiled by: Nady Gorodetsky, Program Manager, Forefront TMG
Reviewed by: Rachel Aldams, Technical Writer, Forefront TMG
Businesses in the financial services sector, particularly those companies who process or store credit card data, have to comply with many legal and industry standards, including PCI compliance. Non-compliance leads to increasing transaction costs, fines, or claims for any damages, which vary depending on the size of the organization.www.webfrontsolutions.com/webdesign