SecureWorks(R), a leading Security as a Service Provider, today launched a Web Application Firewall (WAF) management and monitoring service that detects and blocks threats targeting Web applications found on corporate Web sites. Today's organizations rely on Web applications and Web 2.0 technologies to support key business processes and interact with consumers, partners, employees and other parties. With SecureWorks' Managed Web Application Firewall service, Web applications such as online shopping carts, login pages, forms and dynamically generated content (user ratings, forums, etc.) are protected against application layer attacks that bypass traditional network and host-based security controls. SecureWorks currently supports full lifecycle management, maintenance and monitoring of Imperva (R) SecureSphere(R) appliances as well as monitoring for other WAF appliances that organizations may have. Imperva is a market leading Web application firewall provider.

"Web applications are one of the fastest growing vectors of Internet attacks," said Corey Merchant, vice president of product management at SecureWorks. "Analyzing the attack data from over 2,000 clients, we've found that over 80 percent of all cyber attacks target Web applications. Our new Managed Web Application Firewall service will deliver optimum protection against application threats like SQL injection, cross-site scripting, session hijacking, etc."

Recognizing the risk that insecure Web applications present, several compliance mandates now require or recommend that organizations secure their Web applications and protect them from cyber attacks. For example, Requirement 6.6 of the Payment Card Industry Data Security Standard v1.2 (PCI DSS v1.2) requires merchants and service providers to address new threats and vulnerabilities for public-facing web applications and ensure they are protected against known attacks. SecureWorks' Managed WAF service safeguards clients' web applications 24x7, helping to satisfy PCI 6.6 and other regulatory requirements. Additionally, the new service provides detailed reporting that enables clients to easily demonstrate compliance to auditors and senior management.

Unlike network security appliances like firewalls and intrusion detection and prevention systems, WAF appliances perform full inspection of inbound and outbound Web application communications including encrypted (https://) traffic. To accommodate high diversity among commercial and internally-developed applications, WAF technologies profile each application's behavior and use defined policies to detect and block inappropriate activity.

Leveraging purpose-built security management technology, applied security research from the Counter Threat Unit and 100% GIAC-certified security professionals, SecureWorks provides "end to end" management of WAF appliances to provide the highest degree of protection and visibility without interrupting legitimate business traffic to and from client applications. SecureWorks supports the full WAF lifecycle from initial architecture design and deployment to ongoing tuning and configuration management to real-time security event monitoring and response, removing these burdens on client staff and allowing them to focus on business-driven security initiatives.

"Since WAF monitoring and management are very resource intensive for organizations to tackle on their own and require an in-depth knowledge about Web application security, clients benefit from being able to offload the work to security experts who stay on top of the latest threats and have the tools and experience you need to protect Web applications and data. This not only reduces administrative overhead costs, it also improves their overall security and compliance with regulations like PCI," concluded Merchant.