Web Application Firewall for Microsoft IIS: Defeat Web Hackers (PCI Compliant)
ServerDefender Artificial Intelligence (AI) Web application firewall is designed to provide IMMEDIATE PROTECTION for Web sites and applications running on the Microsoft IIS Web server by blocking Web attacks including SQL injection, buffer overflows, cross-site scripting (XSS) and request forgery (CSRF), directory traversal, zero-day, brute force, dictionary, denial of service and others.
ServerDefender AI then goes beyond mere signature blacklisting by learning, from your Web logs or by MONITORING TRAFFIC with your guidance, exactly what is legitimate traffic for your site — and blocking anything else! An advanced BEHAVIORAL ENGINE (AI) organizes IIS server requests into a multi-dimensional baseline of normal system activity.
Each server connection and request is scrutinized by the rule-set configured in ServerDefender AI and also by the behavioral baseline to identify and take action against any activity falling outside trusted parameters. ServerDefender’s ANOMALY DETECTION and intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from Web administrators.
Combining attack countermeasures — ranging from 404 error presentation, robust IP blocking at the IIS- or network-layer to IIS shut-down — with reporting and real time alerts (via e-mail, SMS/text message, and instant messaging services), ServerDefender AI is the complete solution.
The software monitors, analyzes and detects ATTACK SIGNATURES in HTTP methods, URL characters and request elements, URL query strings, and specific HTTP request headers that lead to privilege escalation and a hacked IIS server. To make it short, just the trusted, safe requests are allowed to the database and application layers on your web site or app.
Here are some key features of “ServerDefender AI”:
· Attack signature and behavioral learning Web application firewall protects against known, unknown, and new Web hacking attacks against Microsoft IIS Web servers, Windows operating systems, and popular Web application platforms like ASP.NET, ColdFusion, Java/JSP/J2EE, Perl, PHP, Python, Ruby — and now, even Ajax and JavaScript
Configurable, predefined HTTP/HTTPS request event classifications offer signature-based defense, with specific rule enforcement by:
· HTTP Methods (OPTIONS, GET, POST, HEAD, and all possible HTTP methods/operations)
· URL Paths (Any characters, extensions or symbols possible in a request URL)
· URL Query Strings (Length of variables)
· HTTP Request Headers
· IP addresses and address ranges (Whitelist/blacklist with duration control and included WHOIS lookup for accuracy)
· Artificial intelligence (AI)-based behavioral engine in Training Mode reviews Web traffic patterns to establish a baseline of Trusted and Untrusted Events
· New requests are screened against the baseline to determine if request should be trusted based on previous request history and training database
· Offers both supervised and self-learning capabilities
· Adjustable sensitivity levels and percentage of requests to be analyzed
· Requires periodic event review, classification and retraining of database for maximum effectiveness
Extensive Threat Management Options when a request falls outside of an allowed or trusted profile, including:
· Block request by serving HTTP 404 File Not Found response
· Block IP for subsequent HTTP requests
· Deny all ports for IP requests with Network IP Blocking feature
· Stop Microsoft IIS Web services
· Inactive monitoring mode allows for easy testing of ServerDefender AI without interrupting production Web serving
Multiple, configurable notification alert options for blocked requests in real-time via:
· Pager
· E-mail
· SMS or text message
· MS Messenger service
· On-screen/audio security alert notification on Web server’s desktop
· Microsoft Management Console (MMC)-based UI Settings Manager with settings stored in Windows registry
· Remote Deployment and Management to install, manage and monitor Web app security on multiple servers (settings applied across server, not by individual virtual server or site)
· Full consolidated logging of events and request event details (with exportable log files)
· HTML reporting on most frequently requested URLs and request IP addresses
· Compatible with IIS Lockdown, URLScan, major third party server-side scripting platforms like ASP, ASP.NET, PHP, JSP, ColdFusion, and Perl
· Supports FrontPage publishing, Outlook Web Access (OWA), and other Microsoft platforms running on the IIS Web server
· Super-fast, stable ISAPI filter with no noticeable server performance impact
· Adjust settings without an IIS restart
· Quick and easy installation and configuration
Requirements:
· Microsoft IIS 5/5.1/6.0
Limitations:
· 30 days trial
See Demo – Download – Visit Author Site
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!