The widespread use of web-based applications in the (digital) value creation process is increasingly making them a target for cyber criminals, intelligence services and unscrupulous competitors. It is not uncommon for poorly maintained and insufficiently securely configured web applications to be the first gateway into the corporate network for attackers. ModSecurity can provide a remedy here.
Advantages of ModSecurity
ModSecurity is a cross-platform, expandable open source web application firewall (WAF) module that enables rule-based inspection, blocking and recording of HTTP(S)-based web communication. ModSecurity is not only characterized by its highly configurable logic engine.
Instead, the standard rule set made freely available by the Open Web Application Security Project (OWASP) is its greatest strength. The so-called OWASP ModSecurity Core Rule Set (CRS) is used to detect common generic, but also specialized web attacks. Using sophisticated rules and in conjunction with ModSecurity’s “Anomaly Scoring” mode, the CRS makes it possible to achieve the fine art of “pattern matching”, i.e. to generate as few “false positives” as possible.
The fine line between correct operation and optimum safety
The difficulty in using a pattern-based protection mechanism such as ModSecurity is finding the balance between being “sufficiently” restrictive (ensuring the best possible security) and “sufficiently” permeable (not affecting the correct use of the application).
The best possible level of protection can only be achieved if the protection mechanisms evolve in step with the applications.
ModSecurity and the USP Secure Entry Server® – the Swiss solution
ModSecurity’s first-class, pattern-based attack detection, together with the OWASP CRS, is also available in the USP Secure Entry Server® as the “Secure Profile Management” module to protect your web applications. Extensive expert knowledge is required to successfully implement a customized configuration of ModSecurity and the CRS for the application to be protected.
Analyzing the log data also requires a lot of resources, as this is typically done manually and the resulting rule adjustments have to be entered for each application.
The Swiss solution from United Security Providers significantly reduces this effort: Thanks to “Automatic Learning”, the use of the powerful set of rules is considerably simplified. Based on log data, potential false positives can be identified and resolved with a single click. The resulting application profiles can be easily managed and reused for similar applications.
Support from United Security Providers
Are you planning to replace your self-developed ModSecurity solution with a proven, standardized product? Should this solution not only make your daily routine work easier, but also provide WAF functions that go beyond “simple”, rule-based pattern recognition? Find out more about ModSecurity and its interaction with the USP Secure Entry Server® in our white paper.
Download ModSecurity whitepaper