Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines.
In January 2019 alone, 1.76 billion records were leaked, and according to IBM's Data Breach study, the average cost of each lost or stolen record has reached about $148.
Most of these data leaks are because of malicious attacks, where exploitation of web application vulnerabilities is one of the most common cyber attack vectors.
An application security breach is a problem facing one and all, and no matter what's the size of your company, your web applications are prone to cyber attacks.
Hackers breach sites for a variety of reasons—some do it for fame, some to get competitive information, whereas some do it just for financial gains. No matter what the reason is, the cost of a security breach is always higher than the cost of protection, leading to loss of data, substantial financial losses, and most importantly, loss of customers' trust.
If you are a small or mid-size company beginning to make your mark, such data breaches can be fatal.
What is more worrisome is that the cost of a data breach and extent of breaches are growing exponentially year on year, and all these points that the existing solutions are ineffective.
When it comes to application security—WAF (Web Application Firewall) is one of the best-known defences.
While most of the existing solutions fail to protect your organization from such attacks, as they take "one size fits all cookie-cutter" approach, WAF generally comes with standard out of the box rules without understanding specific application needs.
Perils of such an approach are:
All this leads to bad implementation of website security, and right vulnerabilities remain undetectable, where WAF is more often deployed in monitor mode in fear of FP's.
AppTrana is Indusface's revolutionary solution that has been built specifically to address such shortcomings in existing cloud security solutions.
AppTrana provides a completely managed, highly reliable, extremely affordable SaaS solution for securing web applications.
With AppTrana, organizations can get:
Using AppTrana, organizations can concentrate on business without worrying about security, speed, and availability of their website.
Indusface approaches the problem of application security differently from traditional vendors.
With AppTrana, organizations can identify the vulnerabilities in the application through its automated and premium (manual penetration testing done by experts) scans. This guarantees that an organization understands the risk posture of their application upfront.
AppTrana's advance scanner works seamlessly with new-age JS-based heavy sites and is built bottom-up with the integration of WAF in mind, providing it with the ability to learn from WAF traffic insights as well as feeding back the vulnerability status to WAF for protection.
AppTrana enables organizations to provide immediate website protection through virtual patching with its WAF module.
For this, AppTrana provides:
With this approach, AppTrana ensures that security is tuned to meet specific application needs guaranteeing zero false positives.
Also, AppTrana provides around the clock monitoring and expert support to mitigate sophisticated application DDOS attacks, ensuring the availability of your site.
Typical customer journey looks like follows:
With the tightly integrated WAF and Scanner modules, AppTrana ensures that there is constant learning, which is shared across both, improving the efficacy of detection and protection.
For example, deep learning in WAF allows AppTrana to provide a context of application to the scanner that ensures better crawling and detection.
Such integration provides AppTrana unfair advantage that allows Indusface to provide superior protection to its customers.
You can choose any of the below-listed plans to start the AppTrana Journey.
If your organization is interested, you can sign up for AppTrana protection at any point at apptrana.com, and entire onboarding can be done with zero downtime.
You will be requested to provide the domain you would like to protect and then would be asked to verify the configuration; you can choose to enable CDN now or can do the same from settings page later.
Next, you would be requested to provide your SSL certificate, which is required to decrypt and monitor https traffic for attacks. Indusface assures the certificate is encrypted, stored securely, and no one in the company has direct access to customer certificates.
Alternately, your organization can choose to use LetsEncrypt free certificate in which case AppTrana will automatically generate the certificate for the domain, and the organization need not provide any certificate.
Your organization can also choose to buy an Entrust certificate from Indusface.
That's it, now you will be asked to make CNAME change to have traffic diverted to AppTrana infrastructure and onboarding will be completed, and protection will start immediately.
Customers journey starts from the point they make their DNS change. Once the protection starts, a few things happen:
Once the site is moved to the Premium rules, Manual penetration testing is done, and all vulnerabilities are protected, the onboarding journey is complete, and the site is completely secured.
As you can see, the entire journey is managed by Indusface team as promised, and there is very little activity that is expected from the customers' except requesting certain action based on their needs.
Now, the site moves to a continuous monitoring state. Rules are fine-tuned by Indusface's Managed Service team continuously based on need. Additional rules are added continuously by Indusface team without any action required from the customers.
Customers are encouraged to start automated scans at least once a month to be up to date on their Risk profile.
Even if changes are not made to site as new signatures are added continuously to the scanner, there is a high probability that new vulnerabilities may be found. Customer can monitor the effectiveness of rules from Protect page.
Being a completely managed solution, Indusface team is always on standby 24*7 to help its customers thwart any sophisticated Layer 7 DDOS attacks as the need arises.
If you are an SME or MSE and are looking for an application security solution that works, then you need not look further.
With a tightly integrated scanner, WAF, and CDN modules, AppTrana is one of the effective solutions in the industry that can guarantee comprehensive protections.
The features explained here are just the tip of the iceberg. We would strongly urge you to sign up for a free trial and explore AppTrana's capabilities firsthand.