Indusface, a primary and award winning total application Security Company, announced the general availability of IndusGuard WAF, the industry’s first SECaaS (security as a service) Web Application Firewall and Fully Managed Application DDoS (distributed denial-of-service) solution. IndusGuard WAF makes available out-of-the-box, plug and play, real-time monitoring and protection for critical web applications in the cloud besides on premise and arrives as the industry’s first to guarantee zero WAF false positive.

Usually, the threat of false positive, that is to say the obstruction of legitimate traffic that creates service interruptions has hindered the wide scale adoption of WAFs. Indusface is the first company to be able to guarantee zero WAF false positive with respect to fixing of the known vulnerabilities as well as ensure that no valid web traffic is affected. IndusGuard’s guarantee of zero WAF false positive has directed to a positive upwelling in its espousal all through the beta stage courtesy; its BFSI customer segment.

IndusGuard WAF from its part applies a set of rules to HTTP conversations to be able to shield web-based applications by way of combining human intelligence based expert tuning along with application profiling that continually updates by means of fresh rules to be able to keep up with application updates as well as newly emerging threats. It defends against OWASP2 Top 10 and WASC3 TC v2.0 (security susceptibilities as delineated by these industry initiatives), with PCI DSS4 compliance assurance.

“Given the increase in the number of cyber-attacks on web applications and the sophisticated methods being employed to bypass defenses, IndusGuard WAF along with the DDoS solution is the industry’s first to provide in-depth detection, defense and protection to mission critical web applications. IndusGuard’s guarantee of zero WAF false positive is a game changer to the adoption of WAFs globally. With changes taking place so frequently on web applications, it is extremely difficult for security teams to stay ahead of them, whilst ensuring vulnerabilities are kept at bay. IndusGuard WAF offers an excellent line of defense for such applications and provides protection against a wide range of attack vectors”, alleged Ashish Tandon, Chairman  & CEO, Indusface.

Fresh Gartner5 findings shore up Indusface’s introduction:

Gartner from its corresponding end puts emphasis on the fact that 75% of cyber-attacks take place at the web application layer. It observes that WAFs are poles apart from next-generation firewalls (NGFWs) as well as intrusion prevention systems (IPSs). WAFs shield, at a granular level, the enterprise’s custom Web applications in contrast to Web attacks and is most often the only technology that inspects encrypted and unencrypted inbound Web traffic. It furthermore observes that circumventing false alerts (“false positives”), precisely, entails particular attention.

Gartner from its quarter recommends that security leaders assess the need for WAFs, based on the business impact of each Web application — public facing, partner facing or internal. Additionally, it vouches that WAF technology should be arrayed in combination with application security testing.

“IndusGuard WAF checks off on all boxes and more vis-à-vis Gartner recommendations. Our legacy in application testing, which is recognized by Gartner in their 2013 Magic Quadrant, combined with the launch of our WAF, which provides protection at the application layer with zero WAF false positive guarantee – is not only an industry first but also a winning combination for customers”, added Ashish Tandon.

The rising dependence on Web in their operation set up is fueling companies – That includes both large and SMBs, to be able to deploy a WAF. Vertical segments as for instance BFSI, and e-commerce are leading this adoption braced with retail, followed by heath care, education, transportation and government. The global WAF market is projected to be USD 1.2 Billion by 2017, according to Frost & Sullivan.

IndusGuard WAF features - 

• Zero WAF false positives – guarantees that the product rules for known vulnerabilities will never block legitimate traffic.
• Continuous application defense –comprises of comprehensive learning, profiling as well as protection against new application susceptibilities.
• Managed Application DDoS Mitigation – a combination of specialized DDoS mitigation rules for most application layer DDoS attacks, combined with 24×7 monitoring from application security experts.
• 24×7 expert monitoring by certified security experts – certified security analysts provide round the clock testing, along with expert analysis and alerts when necessary.
• Intelligent application profiling – performs in-depth application profiling to understand the application’s logic in detail.
• Centralized portal & real-time reporting in a SAS 70 certified data center – A central dashboard makes available unique insights into the geographic distribution of attacks on an organizations applications, that enables forensics on past attack patterns and allows the development of new mitigation strategies.
• Custom rules to shield against business logic vulnerabilities – IndusGuard WAF affords customized threat protection which is unique to each application depending on logic for data validation, error handling etc.
• Pay as you go model – that helps patrons to manage their security investments within the framework required by their business units to implement a WAF.
• Compliance Support – IndusGuard WAF provides protection against OWASP Top 10 and WASC TC v2.0 and supports compliance for PCI DSS requirements.