Fortinet FortiWeb Web Application Firewall (WAF) is PCI DSS compliant, top security — NSS Labs recommended, has groundbreaking throughput up to 20 Gbps, and is available in hardware and virtual form factors. Fortinet FortiWeb is able to process up to tens of thousands of web transactions by providing hardware accelerated SSL offloading in most models. Although Payment Card Industry Data Security Standards (PCI DSS) compliance is the main reason most organizations deploy Web Application Firewall — many now realize that unprotected web applications are the easiest point of entry for even unsophisticated hackers. Externally facing web applications are vulnerable to attacks such as cross site scripting, SQL injection, and Layer-7 Denial of Service (DoS). Internal web applications are even easier to compromise if an attacker is able to gain access to an internal network where many organizations think they’re protected by their perimeter network defenses.
However, even commercial code is vulnerable as many organizations don’t have the resources to apply patches and security fixes as soon as they’re made available. Even if you apply every patch and have an army of developers to protect your systems, zero-day attacks can leave you defenseless and only able to respond after the attack has occurred. Deep integration with FortiGate and FortiSandbox — as the threat landscape evolves, many new threats require a multi pronged approach for protecting web-based applications. Advanced Persistent Threats that target users can take many different forms than traditional single-vector attack types and can evade protections offered only by a single device. Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your external and internal web-based applications from the OWASP Top 10 and many other threats.
Fortinet FortiWeb — Advanced False Positive Mitigation Tools
False positive detections can be very disruptive if a web application firewall isn’t configured correctly. Although the installation of a WAF may only take minutes, fine tuning it to minimize false positives can take days or even weeks, plus there’s the regular ongoing adjustments for application and environment changes. FortiWeb combats this problem with many sophisticated tools including alert tuning, white lists, automatic learning exceptions, correlated threat detection, and advanced code based syntax analysis. Blazing fast SSL offloading — Fortinet FortiWeb is able to process up to tens of thousands of web transactions by providing hardware accelerated SSL offloading in most models. With near real-time decryption and encryption using ASIC based chip sets, Fortinet FortiWeb can easily detect threats that target secure applications. FortiWeb user tracking — FortiWeb monitors users authenticating to web applications and tracks all their subsequent activity.
Included Vulnerability Scanning
Only Fortinet FortiWeb includes a web application vulnerability scanner in every appliance at no extra cost to help you meet PCI DSS compliance. FortiWeb vulnerability scanning dives deep into all application elements and provides in-depth results of potential weaknesses in your applications. Vulnerability scanning is always up to date with regular updates from Fortinet FortiGuard Labs. Deep integration with FortiGate and FortiSandbox — as the threat landscape evolves, many new threats require a multi pronged approach for protecting web-based applications. Advanced Persistent Threats that target users can take many different forms than traditional single-vector attack types and can evade protections offered only by a single device. Fortinet FortiWeb integration with Fortinet FortiGate and FortiSandbox extend basic WAF protections through synchronization and sharing of threat information to both deeply scan suspicious files and share infected internal sources.
You must be logged in to post a comment.