Latest News

ACCOLADES

ThreatSentry Wins Web Application Security Category!
ThreatSentry Wins Web Application Firewall Category!
ThreatSentry Wins Network Products Guide Award!

Privacyware Enhances SQL Injection Attack Defense with Latest Release of ThreatSentry Web Application Firewall

September 3, 2014

NEW ALBANY, OH, September 3, 2014 – Privacyware, developer of the leading software–based Web Application Firewall and Host IPS for Microsoft Internet Information Services (IIS), announced today an update to its ThreatSentry Web Application Firewall and Intrusion Prevention solution. The new release features enhanced protection from SQL Injection attacks, improved system performance and expanded database and configuration options.

"The combined impact of the most recent series of hacker-related data breaches, affecting consumers of product and services ranging from banking to healthcare. utilities, groceries, restaurants and more makes clear the urgency for stronger, more flexible web application and database security capabilities," said Greg Salvato, CEO of Privacyware. "The product enhancements provided in our latest ThreatSentry Web Application Firewall enable our customers to design and employ multi-layered security policies that deliver deep, proactive protection at the moment of attack or any suspicious behavior."

ThreatSentry is the leading software–based Web Application Firewall and Host IPS for Microsoft Internet Information Services (IIS). Utilizing three distinct and fully integrated Web application security technologies, ThreatSentry identifies and blocks web application threats such as Structured Query Language (SQL) Injection, DDoS, Cross Site Request Forgery (CSRF/XSRF), Cross-Site Scripting (XSS) and other types of attacks. ThreatSentry defense capabilities are based on the OWASP Top Ten Project and helps system administrators comply with regulatory demands such as Section 6.6 of the Payment Card Industry Data Security Standard (PCI DSS).

The new release offers the following key new features and enhancements:

Performance and Stability:

  • Re-factored multi-threaded components for IIS6 and later to address race and other related conditions.
  • Optimized NDIS driver (port/network-level firewall) communication.
  • Added Boost (C++ libraries) to improve internal processing of RegEx-based request filtering.

Security and Defense:

  • Enhanced filter options for large request parameters.
  • Expanded/tuned default rule set specifically to reinforce protection against SQL Injection attacks.

Database support:

  • Added support for MySQL open source database (community and commercial editions).
  • Enhanced support for remote SQL Server on Azure.

Configuration:

  • Added “Redirect Blocked Requests to” url/page option.
  • Added IP Address notification exclusion option.
  • Added task bar notification to display ThreatSentry operating issues, i.e. service stopped, license expire/fail, SAL size, SQL server issues, etc.
  • Enhanced central management options.


ThreatSentry delivers proactive defense to secure IIS and prevents attacks from exploiting web application vulnerabilities through a complementary set of integrated components.

  • State-of-the-art Web Application Firewall: Provides configurable rules-based control over HTTP/HTTPS request methods (OPTIONS, GET, POST, HEAD), URL Paths, URL Query String length, Parameters, and HTTP Request Headers, rule-specific URL/s exclusion capabilities, URI Encoding support, Regular Expression support for parameter rules/filtering, etc.
  • Fully integrated Firewall: Proprietary NDIS driver delivers flexible network IP blocking (featuring white list, black list and duration control) at TCP/IP and UDP layers for all ports.
  • ehavior-based Intrusion Prevention: Adaptive, behavior-based engine (with sensitivity control) analyzes Web traffic patterns to detect new threats and behavioral anomalies and deviations.
  • AntiDos/DDoS: onfigurable request frequency monitor blocks successive requests to individual or all site pages to reduce the risk of DoS and DDoS attacks.

Pricing and Availability

ThreatSentry is available for purchase or 30-day trial download via the Privacyware web site: www.privacyware.com or through business partners worldwide. Starting at just $649 per server, ThreatSentry is priced to maximize constrained IT budgets and supports Microsoft Windows Server 2012/R2, 2008/R2, 2003, 2000 and Internet Information Services (IIS) versions 8/8.5, 7, 6, and 5. For more information, including special plans for data centers and Web hosting providers, please contact Privacyware directly or visit us online.


About Privacyware

Privacyware (www.privacyware.com) develops the leading software–based Web Application Firewall and Host IPS for Microsoft Internet Information Services (IIS). Privacyware products leverage conventional and advanced analytics technologies to help systems administrators, IT security and compliance personnel more effectively identify, understand and prevent malicious, unauthorized and/or deviant computing system activity. Privacyware is a member of the Microsoft Partner Network with a Silver Application Development competency.

Privacyware and ThreatSentry are registered trademarks of PWI, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. ©2020 PWI, Inc. All rights reserved.

Have questions? Contact Us Today