Using Zeus Application Firewall Module

Using Zeus Application Firewall Module

Web Application Firewalls are complex systems. They can be hard to configure and prone to errors that leave vulnerabilites open or deny legitimate traffic. Self-learning modes often fail to create useful security policies, tend to have high false positive rates and can even inadvertently learn to permit common, scripted attacks against the system.

From the outset, Zeus Application Firewall Module was desinged with ease of use in mind. It offers a rich user interface, detailed reporting and rule suggestions, seamless configuration management across a cluster, and the ability to run updated rules in 'detection' mode alongside existing rules in active 'protection' mode.

Key features

  • Role Separation:

    Reflecting the common separation between security and other functions, Zeus Application Firewall Module offers full role separation. An administration user has full access, but individual users can just access the application they are responsible for, with full audit logging to track all configuration changes. It's security configuration is managed completely separately from the traffic management policies managed by Zeus Traffic Manager.
     
  • 'Basic' and 'Expert' configuration:

    Initial configuration of Zeus Application Firewall Module is performed in Basic mode, where the administration interface guides the admin through a series of straightforward Wizards to create and apply core protection policies. Wizards configure specific Handlers, and the configuration can subsequently be fine-tuned by editing the handlers directly in Expert mode. The two modes make it easy to get started with security policies in Zeus Application Firewall Module and reduce the learning curve for new administrators.
     
  • Protection and Detection mode:

    It supports easy testing of new rules in a live environment without disrupting the current security policy.

    Rulesets are applied by deploying them in Protection mode to enforce secure behaviour, permit or deny traffic and seal web application parameters against modification.  Rulesets are tested by deploying then in Detection mode to evaluated them against traffic and log actions without enforcing them.  An Application can run one ruleset in protection mode and one in detection mode simultaneously.

    This makes it easy to made modifications to an existing, active ruleset and test them. An active, protection ruleset is cloned and the copy is deployed in detection mode alongside the active ruleset. The copy can be modified at will and tested against live traffic. Once the administrator is satisfied that the new ruleset functions as desired and no false positives are raised, the new ruleset can replace the existing protection ruleset.
     
  • Regularly-updated baseline rules:

    The Baseline rules provide comprehensive general protection, based on blacklisting of known vulnerabilites and attacks. Signature updates to the baseline rules are issued frequently as new vulnerabilites are found against general web applications.

    Zeus Application Firewall Module regularly checks for updates and displays an alert in the adminstration home page when a new signature database is available. The administrator can choose when to apply the updates using the simple Baseline Protection Wizard, and can test the updates in 'detection' mode before activating them.

    If the local security policy prevents it from contacting the external update server, updates can be downloaded from the server and manually uploaded.
     
  • Detailed reporting and alerting:

    Monitoring and reporting of real-time and historical activity is a core function of Zeus Application Firewall Module. Reports can suggest additional optimizations, flag up rulesets that are too restrictive, and the exported records assist in complying with any contractural or legal obligations.

    For a permanent record of security incidents and activity, Zeus Application Firewall Module can generate a PDF-formatted report.

    These reports can be generated manually, or can be automatically created and emailed on a daily, weekly or monthly basis. They describe the current configuration of the application, an audit log of configuration changes, a consolidated log file analysis and a comprehensive report of site activity.
     
  • Rule suggestions:

    The Suggest Rules Wizard and Parameter Ruleset Creation Wizard can automatically create custom security configuration rules for your specific web application. They analyse site activity from access logs and make recommendations of legitimate transaction paths and parameters. You can review these suggestions, and test them out in detection mode before deploying them in active protection mode.
     

Contact Us Now

Call Zeus

EMEA: +44 1223 525000
US: 1-888-ZEUS-INC

Staying in touch

Email usZeus BlogZeus KnowledgeHub

Share with a friend

Email this page to a friend

 

© Zeus Technology Ltd