Deep Security for Web Apps was developed to address complex threat environment, providing a complete suite of security capabilities to detect threats and vulnerabilities, and protect web applications in a single integrated solution.
Deep Security for Web Apps is delivered as a Security as a Service offering to allow for fast setup and easy management. All detection and protection functions are managed through a single cloud-based console with role-based administration to ease the effort to manage web app security. The easy to use dashboard delivers information from both automatic and manual scanning, giving organizations a single view of their web application security posture.
- Application Vulnerability Scanning
- Expert Business Logic Testing
- Platform Scanning
- Automatic Protection
- Cost-Effective SSL Security
Complete Intelligent Application Scanning
- Application vulnerability scanning that looks for OWASP vulnerabilities and WASC testing criteria.
- Comprehensive vulnerability platform scanning (operating system and server) with over 50,000 checks.
- DEEP SECURITY for WEB APPS logic testing by security experts to detect vulnerabilities that automatic testing alone can’t catch.
- Expert vetting of scanning results to eliminate false positives and prioritization of issues to focus mitigation resources.
- Leveraging Trend Micro’s Smart Protection Network and proven security engines, comprehensive malware scanning of web applications and linked external URLs to alert on malware presence.
- Monitoring of web application reputation to ensure reputation and categorization issues are identified and dealt with.
Integrated Detection and Protection
- Protection against known and zero-day attacks by shielding discovered platform vulnerabilities from exploits before code and configuration fixes can be completed.
- Out-of-the-box vulnerability platform protection for all major operating systems.
- Based on discovered application vulnerabilities, deliver Web App Firewall (WAF) rules to defend against application exploits before code and configuration fixes can be completed.
- Support for rule export in native format for WAF like Citrix, Imperva, AlertLogic, and ModSecurity.
- Deploy unlimited SSL certificates at dramatic savings versus traditional SSL suppliers. This includes Extended Validation (EV) certificates indicated by a green bar in the browser and enable higher levels of trust.
- Ubiquitous customer reach with coverage across over 99+% of browsers and support for key certificate capabilities like SAN and Universal Communication Certificates (UCC.)
- Integrated SSL health check to uncover potential configuration vulnerabilities and any certificate-expiry risks.
- Direct delivery of SSL certificates - not through third party Local Registration Authorities like traditional vendors.
Single Integrated Management Console
- All detection and protection functions are managed through a single cloud-based console with role-based administration to ease management of web app security.
- Scanning can be done on-demand or can be run continuously to fit security needs.
- Dashboard delivers information from both automatic and manual scanning, giving organizations a single view of their web application security posture.
- Unlike other solutions, platform and application testing is performed with a single centralized configuration including logging and reporting to substantially simplify operation.