The latest release of DenyAll's Next Generation WAF marks a new milestone
in the platform merge journey of the application security vendor. Version
6.2 embeds several innovations: new learning capabilities to automate HTTP
and REST API security, the core security engines of DenyAll rWeb, a
high-level orchestration API and advanced reporting capabilities.
DenyAll announces the general availability of version 6.2 of DenyAll Web
Application Firewall (WAF), DenyAll Web Services Firewall (WSF) and DenyAll
Web Access Manager (WAM). The new features added to the platform include:
· *Learning:* new learning and validation capabilities for HTTP and
REST traffic replace the former sitemap and focus table approaches. OpenAPI
files describing REST Web Services can be imported to simplify and automate
the process.
· * Security:* three security engines used in DenyAll rWeb are
available as new security bricks, including the heuristics-based Scoring
List, which assigns weights to request components in order to detect
zero-day attacks. Chained together, these bricks ease the transition to the
merged platform for rWeb customers. Profile configurations and exceptions
are automatically translated to be immediately operational in DenyAll WAF
6.2.
· *Orchestration API:* a new high-level functional RESTful API
helps automate repetitive administrative tasks such as tunnel and reverse
proxy creation and manipulation, SSL uploading and updating. More functions
will be exposed in the next release.
· * Monitoring & Reporting:* a new log management and storage
facility, based on NoSQL technologies provides faster search, drill-down
capabilities and new indicators, such as top 10 attacked applications,
attacking IPs or countries, requested URLs, slow pages, etc.
· *Application Security Automation:* the application fingerprinting
feature automatically identifies the nature of web applications and
suggests the adequate pre-defined policy. New security templates are
available for SAP Netweaver and e-Commerce platforms Magento, OS Commerce,
Woo commerce and Prestashop.
The next iteration of the platform, version 6.3, is scheduled for delivery
in January 2017. It will further enhance the automation capabilities and
embed the Advanced Detection Engines of DenyAll rWeb, which use grammatical
analysis and sandboxing techniques to improve threat detection.
*Platform merge*
Version 6.2 marks an important milestone for the DenyAll user community.
rWeb's core security engines being used by a large majority of rWeb
customers, they can start transitioning to the merged platform with minimal
effort. In doing so, they will be able to take advantage of incremental
capabilities, such as Adaptive Authentication and Web Single Sign On, and
the Workflow approach to tune configuration and automate the response to
changing users' context and behavior.
*“This version brings together our best-of-breed security and unique ease
of administration capabilities”,* says Stéphane de Saint Albin, DenyAll
Chief Marketing Officer. *“The NextGen WAF is here and it's going to change
the way applications are secured”. *
DenyAll is working with rWeb customers to plan and facilitate their
transition to the merged platform over the next years. The current version
of DenyAll rWeb (4.2) will be supported until 2019.
A webinar will be held on October 11 at 5pm Central European Time, focused
on the new features. Go to http://www.denyall.com/blog/events/...
application-firewall-6-2/ to register
*DenyAll Vulnerability Manager and Cloud Protector*
DenyAll shipped new versions of its other offerings as well this summer.
DenyAll Vulnerability Manager version 6.3, now offers a proxy mode for
enabling the scanning of web pages that are not easily discovered, either
because the application uses browser-side frameworks such as Flash,
one-time passwords and multiple authentication factors, or virtual
keyboards. This version also supports the creation of tasks via third-party
ticketing systems.
DenyAll Cloud Protector, the Cloud WAF implementation of DenyAll's NextGen
WAF technology, now features role-based access control capabilities,
enabling distributed role management in large organizations. Additional
features will be added in the coming weeks.