NT OBJECTives, Inc.'s Web Application Security Software Blocks Approximately 95% of Application Vulnerabilities Through Sourcefire's IPS and ModSecurity's WAF

NTODefend's Virtual Patching Solutions Now 30% More Effective Than Previous Version; Protects Application During Wait for Developer Code Patches

Jul 25, 2013, 09:20 ET from NT OBJECTives

IRVINE, Calif., July 25, 2013 /PRNewswire/ -- NT OBJECTives, Inc., provider of the most automated, comprehensive and accurate web application security software, services and SaaS, announced today that its NTODefend solution now more effectively blocks application vulnerabilities by approximately 30% more than the previous version. As a result, NTODefend's virtual patching solutions now automatically block an average of 95% of an application's vulnerabilities when leveraged with intrusion detection and prevention technology based on Snort®, like Sourcefire's Next Gen Intrusion Prevention System (IPS) or ModSecurity's Web Application Firewall (WAF).

(Logo: http://photos.prnewswire.com/prnh/20121025/PH00003LOGO-b)

"Few enterprise security teams actually have time to properly train their WAFs to provide the necessary protection, leaving applications and enterprises vulnerable to an ever-changing landscape of threats," said Dan Kuykendall, co-CEO and Chief Technology Officer of NT OBJECTives, Inc. "By strengthening our solution with more accurate rules, we are able to save security teams time, improve the effectiveness of their WAF or IPS, and better protect their web applications from attacks."

Most types of web application security software offer virtual patching solutions that merely turn on the default rules packaged with the WAF or IPS; however, in many cases, custom rules are necessary and critical in order to more effectively block discovered vulnerabilities without blocking desirable traffic. NTODefend automatically leverages knowledge of the application with information about the vulnerability that instantly creates a custom rule to block the vulnerability. The impact of this custom rule is significant. According to a 2011 study by Larry Suto, web application firewalls become up to 39% more effective in blocking web application vulnerabilities when layered with Dynamic Application Security Testing (DAST) solutions.

NTODefend is the first web application security software solution that enables enterprise security teams to quickly and automatically create custom rules to patch Web Application Firewalls (WAF) or Intrusion Prevention System (IPS) against vulnerabilities discovered in automated NTOSpider scans. With NTODefend, security professionals are able to patch web application vulnerabilities immediately, expediting the days or weeks it can take to build a custom rule for a WAF or IPS, or the time it takes to deliver a source code patch. This provides developers with the time they need to identify the root cause of the problem and fix it in the code.

Users simply take the results of their NTOSpider web application security software scan, import them into NTODefend, and generate strong customized rules that target the application's vulnerabilities, which increases the WAF's accuracy and ability to protect WAF/IPS. These filters are able to pinpoint vulnerabilities without blocking desirable traffic.

The improved rules enhancement enables an almost 47% increase in the application vulnerabilities blocked using NTODefend and Sourcefire or ModSecurity. 

NTODefend Product Features:

  • Automated Custom Rule Generation for WAF/IPS – NTODefend's web application security software can quickly and easily generate custom rules, and if needed, can modify these rules to patch application vulnerabilities on WAF/IPS by using the results from NTOSpider scans.
  • Vulnerability Report Selection – Users can quickly select which vulnerabilities to patch and can automatically generate the highly-targeted filters for the user's particular WAF/IPS solution.
  • Integration with More WAF/IPS Appliances – NTODefend integrates with all market-leading WAFs, including Sourcefire Snort®, DenyAll, Imperva, ModSecurity and Nitro SNORT, with Citrix, F5 and Barracuda coming soon. NTODefend automatically generates rules for each WAF/IPS that are highly-targeted to the specific vulnerabilities, reducing the risk of false-positives.
  • Re-Scan Ability to Confirm Effectiveness – NTODefend enables security teams to conduct a quick re-scan of applications to confirm the trained WAF/IPS effectiveness. Now, teams can quickly confirm that target application vulnerabilities are patched and that safe traffic can continue to flow through as expected, eliminating the risk of false positives and negatives and dramatically reducing QA time.

NTODefend's virtual patching solutions integrate with market-leading WAFs, including ModSecurity, DenyAll and Imperva, as well as market-leading IPS solutions from Sourcefire and Nitro Security. To learn more about NTODefend or to find out more about NT OBJECTives, Inc.'s suite of web application security software, please visit www.ntobjectives.com or call 1-877-NTO-WEBS (1-877-686-9327).

Click to Tweet: @ntobjectives #NTODefend improved rules block over 95% of application #vulns through @Sourcefire IPS and @ModSecurity #WAF

About NT OBJECTives, Inc.

NT OBJECTives, Inc. (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO's customizable suite of solutions includes application security testing, SaaS scanning and in-depth consulting services to help companies build the most comprehensive, efficient and accurate web application security program. NT OBJECTives is privately held with headquarters in Irvine, CA. For more information, visit www.ntobjectives.com or follow us on Twitter at @ntobjectives or @dan_kuykendall.