DenyAll announces a refresh of its entire product line. New features address the needs of DevOps teams by simplifying and automating tasks associated with testing and protecting web applications, web services and APIs.
Continuous integration and delivery is the name of the game for any business looking at digital transformation as a competitive differentiation opportunity and breaking organizational silos to achieve greater agility. Application security tools can be of great help, assuming they embrace the automation paradigm. DevOps teams can use them to create applications that are secure by design, continuously tested for vulnerabilities and protected from automated attacks.
The need for automation and ease of administration is at the heart of innovations built into DenyAll’s latest appliances and cloud services, namely:
- Web Application Firewall (WAF) version 6.3 and its associated modules, Web Services Firewall (WSF) and Web Access Manager (WAM), shipping this week,
- Vulnerability Manager 6.5, shipping at the end of the month,
- Cloud Protector, the company’s fully automated, WAF-as-a-Service.
New automation features
The new products and services include the following automation-related features, which aim at optimizing administration time and security effectiveness:
- Configuration cloning: administrators can clone tunnels in DenyAll WAF without any pre-configured HA, so tunnel configuration is automatically synchronized when a third party load balancer is positioned in front of the WAF. The new orchestration API helps automate other similarly repetitive management tasks.
- Application learning: the revamped sitemap function in DenyAll WAF automatically learns HTTP/REST apps and APIs from developer or preproduction traffic logs, or Open API/Swagger files. It automatically learns paths, methods and parameters, saving valuable time.
- False positive management: a new token concept in DenyAll WAF simplifies false positive resolution, by allowing 1-click resolve on alerts generated by the platform’s several, complementary security engines, which leverage negative, positive, normalization, heuristics, grammar analysis and user behavior analysis techniques.
- Vulnerability checking & virtual patching: Vulnerability Manager can read Swagger files written by developers, or generated by DenyAll WAF, to speed the process of detecting application vulnerabilities, using the new automatic web crawler and semi-automatic proxy mode for authenticated pages. It can update the initial descriptor and pass it on to DenyAll WAF for automatic validation and virtual patching.
- Monitoring & Reporting: deep diving into the WAF’s comprehensive log data is made easier with DenyAll WAF’s configurable security dashboard based on Elastic Search and Kibana. Some teams may prefer Cloud Protector’s simplified, multi-tenant and customizable role-based alerting system which offers similar visibility into their web applications’ traffic.
- Global delivery & caching: the automated WAF-as-a-Service has evolved, based on the input of the large and mid-size customers who have adopted it. To make web administrators’ life even easier, it now features Content Delivery Network (CDN) features, combined with granular policy configuration and customization options.
Chaining engines for higher security effectiveness
DenyAll WAF now embeds several security engines initially created within DenyAll rWeb, the company’s historical WAF. In addition to a normalization engine which can helps prevent WAF evasion attempts, administrators can take advantage of the Scoring List’s heuristics engine to identify zero-day attacks and two advanced detection engines, SQLi Sec and PathSec, which use grammatical analysis to identify more advanced attacks. Chaining these with the product’s core negative and positive security engine helps achieve greater security effectiveness, useful for most critical web applications and web services. As a result, DenyAll WAF 6.3 is a solid version for rWeb customers to transition to.
Upcoming live demonstration webinar
Join our webinar on March 30, 2017 at 11h CET for a live demonstration of these new features and a taste of the benefits they will bring to your DevOps teams once they adopt them. Customers and partners can go to https://www.denyall.com/blog/events/webinar-automate-application-security-continuous-delivery/ to register.