Web application firewall (WAF) services will be natively integrated in the Kemp Technologies LoadMaster load balancer operating system (LMOS). This will enable secure deployment of Web applications preventing Layer-7 attacks, while maintaining core load balancing services, ensuring superior application delivery performance, high availability and scalability.
According to Trustwave’s State of Security report, 96% of Web applications scanned by Trustwave in 2013 harboured one or more serious vulnerabilities. The widely deployed WAF engine ModSecurity has been optimised and integrated with Kemp’s kernel-based ADC engine. It directly augments LoadMaster’s existing security features to create a layered defence for Web apps, and therefore enable a safe, compliant and productive use of Web application resources.
Kemp worked closely with Trustwave’s engineering team who are the custodians of ModSecurity to extend the core LoadMaster ADC technology to not only be a flexible L7 application centric delivery engine, but also a dynamic WAF. KEMP’s integrated L7 WAF platform is based on an industry-leading rules engine that provides real-time coverage for all published application threats, including the OWASP Top Ten, as well as critical baseline protections. Importantly, it also allows customers to reuse their existing rules based on ModSecurity in a centralised KEMP ADC appliance.
“Enterprises that focus their WAF efforts on compliance or protecting public-facing Web applications, such as e-commerce and Web retail, cannot afford to overlook equally important custom applications that interoperate end-to-end,” says Peter Melerud, co-founder and EVP, Product Management, KEMP Technologies. “KEMP’s ADCs dynamically deliver application high availability that now, with natively integrated WAF from KEMP, also provides the most robust threat protection.”
With the WAF-ADC integration announced today, KEMP enhances its existing security features available on LoadMaster platforms, which currently feature edge security gateway functionality to protect published workloads including reverse proxy, SSO, pre-authentication and SMTP domain filtering, dual-factor authentication, IPS, and SSL bridging for secured traffic flows. KEMP’s threat protection also includes attack categories such as IP reputation, botnet attack detection, Web-based malware detection, Webshell/backdoor detection, HTTP denial of service (DoS) attack detection, and anti-virus scanning of file attachments.