Web Application Firewalls

NTT Security provides monitoring and management services for leading web application firewalls to protect web applications and support compliance requirements.

Web Applications — the IT Security Perimeter

Since web applications are exposed to the Internet, they have become the IT security perimeter. Web applications contain much of the data malicious attackers seek, so they are a prime target for hackers, cybercriminals, hacktivists and state-sponsored attackers. Traditional firewalls protect the network layer and filter access to ports; they do not inspect or prevent attacks against web servers or web services.

Often organizations find that developers simply do not have the bandwidth or resources to find and remediate vulnerabilities in web applications, making them vulnerable to exploits like server application exploits, cross-site scripting and SQL injection. Many organizations embrace the remediation guidelines in the Open Web Application Security Project (OWASP) Top 10 Most Critical Risks, but that is just a starting point for the protection of vulnerable applications.

Web Application Firewalls

Web application firewalls help to protect web applications from attacks and support compliance with security frameworks and compliance requirements such as the PCI DSS, SOX and COBIT. With a web application firewall, protection can be implemented in a day while a longer term solution is designed, tested and rolled into production code.

While web application firewalls are a strong solution for web application security, they are not a panacea. To be most effective, web application firewalls require customization and tuning. They can also be rigorous to maintain in dynamic applications with ever-changing, data-driven event paths. To maximize performance and reduce false positives, web application firewalls require expert management.

NTT Security Web Application Firewall Services

NTT Security helps to address the pitfalls of web application firewall maintenance and tuning. Experienced NTT Security engineers optimize device performance by configuring, updating and monitoring 24/7. Updates and patches are applied by NTT Security, along with recommendations for blocking rules.

Detect and Respond to Threats

NTT Security also provides 24/7 log monitoring services for all devices under management. The patented, cloud-based ActiveGuard® Security and Compliance Platform collects, monitors and manages logs from virtually any device capable of producing a log file. Information Security Analysts in the NTT Security Security Operation Centers (SOCs) investigate identified security events, reducing the number of false positives. 

Features include:

  • Web application firewall monitoring and management
  • Updates and patch management
  • Flexible SLAs to match device criticality
  • Device configuration and tuning
  • Block/do not block recommendations
  • On-demand device, security and compliance reporting
  • 24/7 service and support including:
    • Expert SOC analysis of alerts
    • False positive investigation
    • Dynamic content analysis
    • Tailored escalation procedures
  • Certified, experienced security experts