“Few enterprise security teams actually have time to properly train their WAFs to provide the necessary protection, leaving applications and enterprises vulnerable to an ever-changing landscape of threats,” said Dan Kuykendall, co-CEO and CTO of NT OBJECTives. “By strengthening our solution with more accurate rules, we are able to save security teams time, improve the effectiveness of their WAF or IPS, and better protect their web applications from attacks.”
Most types of web application security software offer virtual patching solutions that merely turn on the default rules packaged with the WAF or IPS; however, in many cases, custom rules are necessary and critical in order to more effectively block discovered vulnerabilities without blocking desirable traffic.
NTODefend automatically leverages knowledge of the application with information about the vulnerability that instantly creates a custom rule to block the vulnerability. The impact of this custom rule is significant. According to a 2011 study by Larry Suto, web application firewalls become up to 39% more effective in blocking web application vulnerabilities when layered with Dynamic Application Security Testing (DAST) solutions.
NTODefend enables enterprise security teams to create custom rules to patch their WAF or IPS against vulnerabilities discovered in automated NTOSpider scans. With NTODefend, security professionals are able to patch web application vulnerabilities immediately, expediting the days or weeks it can take to build a custom rule for a WAF or IPS, or the time it takes to deliver a source code patch. This provides developers with the time they need to identify the root cause of the problem and fix it in the code.
Users simply take the results of their NTOSpider web application security software scan, import them into NTODefend, and generate strong customized rules that target the application’s vulnerabilities, which increases the WAF’s accuracy and ability to protect WAF/IPS. These filters are able to pinpoint vulnerabilities without blocking desirable traffic.
The improved rules enhancement enables an almost 47% increase in the application vulnerabilities blocked using NTODefend and Sourcefire or ModSecurity.