On September 9, Fortinet's WAF (Web Application Firewall) appliance "FortiWeb" was upgraded. Not only defense but also diagnosis and recovery became possible, and the product lineup was expanded. We asked Fortinet Japan about the appeal of the product.
Fortinet Japan Sales Engineering Department Senior Consulting SE Yasuhiko Narita, Marketing Product Management Director Masato Negishi
WAF is a dedicated firewall that prevents attacks on web applications, and can prevent websites from attacks such as SQL injection and cross-site scripting that are rampant these days. It is also attracting attention because it is obligatory to introduce it under the security standard "PCI DSS" of credit card companies.
FortiWeb is one of these WAF products, and it is said that about 80% of the Web attacks delivered by IPA will be prevented by the signature and user-defined filters provided by Fortinet. "People who find it difficult to secure the website itself in terms of cost and time, or who cannot stop the site even if it is vulnerable, are considering WAF." (Fortinet Japan Marketing Product Management Director Masato Negishi) That is. The software installed in this FortiWeb has recently been upgraded to 4.0MR1, and the functions have been expanded beyond the conventional WAF, which mainly focuses on defense.
First, the diagnostic function of the Web application was added. The PCI DSS mentioned above requires regular inspection of system vulnerabilities. In contrast, FortiWeb can perform vulnerability diagnostics on a regular basis and report the status of vulnerabilities.
Regularly reports the status of the vulnerability
Register the site to be protected in advance for tampering detection
Another major improvement is that it has become possible to detect falsification of Web content. It monitors the status of files on a regular basis, like Tripwire. "It is difficult to completely block attacks such as Gumblar that deprive the administrator of the web server and tamper with it. Therefore, register the website you want to protect in advance and regularly check whether the file has been tampered with. It is more realistic to check it in detail "(Yasuhiko Narita, Senior Consulting SE, Sales Engineering Department), which is also effective as a measure against Gumblar. It can also automatically revert to the original file if changes are made.
The major improvement of FortiWeb 4.0 MR1 is that it enables not only defense but also diagnosis and recovery.
In addition, the policy settings have been devised. A wizard with check boxes as the main is prepared so that even non-expert users can set it, and an automatic learning mode is also prepared. On the contrary, it has become possible to customize for professionals in great detail. "You can incorporate the unique know-how of MSSP (Managed Security Service Provider) who sets up and operates WAF into the signature" (Mr. Narita), and the type of input value and the number of digits. In addition to setting in detail, it is said that regular expressions can also be used.
Generate custom signatures and incorporate MSSP's unique know-how
At the same time, two new hardware platforms, the 1U "FortiWeb-1000C" and the 2U "FortiWeb-3000C", have been introduced.
FortiWeb-3000C with up to 6TB of storage as standard
The entry model FortiWeb-400B had a throughput of 100Mbps, but all new models are equipped with a content scrutiny processor called "CP7", which is also used in FortiGate, and the throughput has improved significantly. The 3000C achieved 1Gbps throughput and HTTP 40,000 transactions / second. In addition to a bypass mechanism in the event of a failure, an SSL accelerator is installed as standard. It is said that the 400B in the 2 million yen range will be used by entry users, and the 3000C in the 12 million yen range is expected to be introduced in MSSP.
To List
Display format: PC ⁄ smartphone