DataLine Web Application Firewall

Main article: Firewall

2020

Service of a comprehensive protection of web applications based on Web Application Firewall

On November 24, 2020 DataLine reported start of service of a comprehensive protection of web applications which should protect the websites from threats from the OWASP Top-10 list, the slow attacks and DDoS- activities of malefactors. Service is constructed based on Firewall Web Application (WAF) FortiWeb which is complemented with solutions for a comprehensive protection of the websites, including:

• regular check of the website the Qualys scanner on existence of vulnerabilities,
• Qrator.Ingress for traffic filtering and protection of infrastructure from DDoS-attacks
• ELK for collecting of statistics, visualization and data analysis.

Before connection to service the website of the client is analyzed on vulnerability using the Qualys scanner. Specialists of DataLine define measures of protection together with the client and configure WAF taking into account the found vulnerabilities.

Further engineers of the center of cyber defense DataLine give expanded support: configure individual security policies, monitor work of WAF and activity on the websites, politicians in coordination with the client quickly change. The client sees statistics on the solution on dashborda in ELK.

The service helps to fulfill the requirements to WAF according to the PCI DSS standard for the companies which work with payment customer information. Service also has certification on PCI DSS.

Detailed SLA guarantees the round-the-clock technical support, availability of service of 99.982% and the financial responsibility of provider for violation.

Start of service for protection of web applications

The DataLine company announced on March 10, 2020 start of service for protection of web applications (Web Application Firewall)

Service based on solutions of FortiWeb analyzes traffic and protects web applications from all threats, including from Top-10 OWASP list.

Service protects web applications from operation of vulnerabilities and directed attacks: incorrect security settings, SQL injections, cross-site scenarios, botnet- DDoS- the attacks and other. Web Application Firewall works at the level of application network protocols (HTTPS HTTP FTP, DNS, SMTP). It allows to analyze behavior of each user within the session of work with the web application, precisely identify and to suppress the attacks.

The Web Application Firewal service is developed for protection of web applications, critical for business: internet- shops payment systems, the companies with programs of loyalty, CRM- and ERP- systems. It will help to prevent unavailability of resources and will protect data. Also the Web Application Firewall service is certified according to the standard PCI DSS that will simplify fulfillment of requirements of the standard to a final system regarding protection of applications against the attacks. Before connection to Web Application Firewall service the web application is scanned regarding vulnerabilities with the help scanner Qualys. On the basis of received data individual politicians of protection of the web application are configured. Further all requests to the application are checked for compliance to politicians, and, in case of illegitimacy of addresses, the attacks are blocked. The detailed report with information on the recorded and reflected attacks is provided to clients of service.

Detailed SLA guarantees the round-the-clock technical support of service, time of response to an incident within 15 minutes and suppression of the non-standard attacks less than for an hour. Clients have an opportunity free of charge to test service within 1 month.