Call a Specialist Today! 855-958-0756

Web and Enterprise Application Controls

With high-profile data breaches announced every day, a growing number of compliance initiatives now mandate application controls. These initiatives were enacted to address both external attacks and insider threats. Regulations such as PCI DSS, SOX, and HIPAA require application controls as a means to protect data confidentiality and integrity. Enterprise applications including SAP, Oracle EBS, and Peoplesoft are subject to regulatory compliance requirements focused on insider threats.

cogsThe following application controls will satisfy most regulatory compliance requirements:

Protect Web Applications Against Known Attacks

Organizations should fortify public-facing Web applications with a Web Application Firewall (WAF). A WAF automatically detects and blocks attacks before any damage can occur. A WAF provides continuous protection—not just after a scan, fix and test cycle—and fully satisfies PCI DSS requirement 6.6. A WAF should prevent the OWASP Top Ten list of Web security risks, block both known and custom application attacks, and virtually patch application-specific vulnerabilities.

Securing and Auditing Key Enterprise Applications

Businesses store sensitive financial, personal and operational data in enterprise application databases. Faced with increased security risk and regulatory scrutiny aimed at this data, organizations are looking to improve security and demonstrate compliance without impacting application performance and availability. A comprehensive solution for access control, activity monitoring and auditing and vulnerability assessment should be application aware and minimize the performance and operational impact on enterprise applications.

Follow Secure Web Application Development Best Practices

Implementing application code according to security best practices can effectively reduce the number of vulnerabilities in Web applications. Secure Web development is an important way to fortify applications and satisfy multiple federal and industry regulations including the PCI DSS and the Massachusetts Data Protection Act. Used in conjunction with a Web Application Firewall, a Database Firewall, vulnerability scanning, and code review, secure Web development offers a comprehensive defense in-depth strategy.

Apply Latest Vendor Supplied Security Patches

To ensure the most up-to-date protection against vulnerabilities, organization should install security patches to critical systems and applications. Security patches protect critical assets from published and easily-exploitable vulnerabilities. Database and Web vulnerability assessment tools can help organizations discover unpatched systems and manage and prioritize patch updates. Integrating database assessment with a database firewall enables virtual patching of vulnerabilities—sometimes even before a vendor patch is released.

Generate Pre-Defined and Custom Compliance Reports

Security and auditing reports document regulatory compliance. Out-of-the-box reports should demonstrate how application controls have been implemented, while custom reports offer unique views tailored to individual business requirements. Flexible graphical reports, as well as real-time alerts and audit analytics tools, enable organizations to easily understand and present security and compliance status.

Related Products:

Database Security
Product Name: Capabilities:
SecureSphere Database Firewall
  • Protects application data stored in databases
  • Virtually patches vulnerabilities discovered by database assessments
SecureSphere Discovery and Assessment Server
  • Discovers database servers
  • Assesses databases and systems for vulnerabilities and patch level
  • Prioritizes security risks
ADC Insights
  • Pre-packaged enterprise application awareness for auditing, security and vulnerability assessments initiatives

Web Security
Product Name: Capabilities:
SecureSphere Web Application Firewall
  • Continuously protects against known and zero-day application attacks
  • Prevents common application vulnerabilities, including the OWASP Top Ten
  • Provides transparent protection with no changes to existing Web applications or network
  • Automates security management by dynamically learning application structure and usage
  • Integrates with application scanners for instant virtual patching of vulnerabilities
  • Offers predefined and custom compliance reports
  • Detects known malicious sources such as anonymous proxies, malicious IP addresses, and TOR servers
  • Provides visibility into phishing incidents
  • Identifies the geographic location of attack sources to provide additional incident context