05/05/2008

WhiteHat Security, a leading provider of website security services, and Breach Security, the leader in Web application security, today announced that they have joined forces to offer a solution for more comprehensive Web site security.

ebizQ received the following:

The offering combines WhiteHat’s intelligent Web application vulnerability assessment technology with Breach Security’s automated, real-time protection against application-level threats. Available now, the new solution closes the gap between accurately identifying vulnerabilities and blocking targeted Web attacks.

"Web application security is increasingly becoming a concern for many organizations, as reflected in compliance requirements such as the PCI Data Security Standard. Unfortunately, many struggle to meet these requirements due to the potentially high costs and complexity of becoming compliant," said Michael Montecillo, security and risk management analyst for Enterprise Management Associates. "These challenges can actually weaken an organization's security posture by creating a gap between exposure and remediation. The Breach Security and WhiteHat Security combined solution detects and defends Web application vulnerabilities much more efficiently, and resolves the disconnect between compliance intentions and actual security."

The joint solution combines Breach Security’s ModSecurity Web application firewall, the most widely deployed application firewall with more than 15,000 commercial and open source deployments worldwide, with the WhiteHat Sentinel Service, the industry’s only SaaS-based Web site vulnerability management solution. WhiteHat Sentinel automatically generates blocking signatures for identified vulnerabilities, mapping a customer’s specific security vulnerabilities to defined ModSecurity rules for the most common forms of attack such as SQL Injection and Cross-Site Scripting.

"The WhiteHat and Breach Security solution is another great stride toward total Web site security," said Stephanie Fohn, chief executive officer, WhiteHat Security. "Our integrated offering allows customers to be proactive against vulnerabilities that pose a great risk to the integrity of a company’s Web sites. There is no doubt that the number and variety of vulnerabilities are on the rise, and we are helping customers effectively protect themselves from attack."

Organizations of all sizes are taking a more proactive approach to protect mission-critical, Web-based business applications. Transitioning from an identification-only to prevention-centric security posture is only possible with a high confidence level in the accuracy of vulnerability data. A Web-based subscription service, WhiteHat Sentinel combines advanced proprietary scanning technology with expert analysis, enabling customers to identify, prioritize, manage and remediate Web site vulnerabilities as they occur. All vulnerabilities discovered by WhiteHat Sentinel are verified and prioritized, virtually eliminating false positives and simplifying remediation.

Available as both a security appliance and open source Web server extension, ModSecurity protects the Web application by detecting and blocking attacks, including those intended to steal sensitive information such as credit card numbers, social security numbers and health records. ModSecurity’s Enhanced and Payment Card Industry (PCI) rule sets deliver the broad-based coverage required to thwart all known attacks, as well as tailored protection for applications handling PCI-regulated cardholder information.

"Breach Security is pleased to offer our technology with WhiteHat Security’s Sentinel Service and to extend our thought leadership in application security," said Mike Pierce, chief executive officer, Breach Security, Inc. "Our mutual customers will benefit from increased confidence in ModSecurity attack detection and prevention and further automation leading to a lower total cost of ownership."

Current ModSecurity customers that also subscribe to WhiteHat Sentinel will receive the integration free-of-charge. For more information about ModSecurity, contact Breach Security at sales@breach.com or call +1 760 448 2051. To subscribe to WhiteHat Sentinel, please contact sales@whitehatsec.com or call +1 408 343 8300.