Network Appliance comes with web application firewall.

Press Release Summary:

Incorporating ModSecurity(TM) v2.0 open source web application firewall, ModSecurity Pro(TM) M1000 appliance includes rule sets for compliance with Payment Card Industry v1.1, as well as protection for Microsoft(TM) Outlook Web Access (OWA). Hardened appliance is built with secure configurations of OS and Apache web server, and uses SSL encryption module to provide network encryption. It also has capability to run antivirus applications to scan uploaded files.

Original Press Release:

Breach Security Releases First Appliance with ModSecurity(TM) v2.0 Open Source Web Application Firewall

Affordable Appliance Features Rule Sets for Payment Card Initiative and Microsoft(TM) Outlook Web Access Plus a Management Console

CARLSBAD, Calif., Nov. 14 /-- Breach Security, Inc. the leader in web application security, today announced the release of the ModSecurity version 2.0 open source web application firewall on an appliance delivering the lowest cost commercial web application firewall available. The ModSecurity Pro(TM) M1000 appliance is easy to deploy and manage with rules sets for compliance with Payment Card Initiative v1.1, as well as protection for Microsoft(TM) Outlook Web Access (OWA).

"We have listened to the community and taken the ModSecurity open source project to an entirely new level -- with an appliance that delivers web application security immediately. It is ideal for small-to-medium businesses or large organizations needing just-in-time virtual patching," said Ivan Ristic, chief evangelist, Breach Security. "The M1000 is easy to install and provides an affordable, essential layer of proven security, along with the PCI rule set that addresses important security vulnerabilities."

With increasing amounts of customer data flooding complex networks, the risk of stolen or lost information continues to rise. The Payment Card Industry (PCI) Data Security Standard v1.0 was adopted in December 2004 by major credit card companies including Visa, MasterCard, American Express, and Discover. It is designed to prevent fraud and protect consumer privacy when sensitive data is transmitted to a financial institution, merchant or vendor over the web and stored on their network. Released in June 2006, PCI v1.1 calls for source code review or deployment of a web application firewall by mid-2008.

The ModSecurity PCI rule set provides the following measures for compliance:

o Build and maintain a secure network: The M1000 is a hardened appliance
and is built with secure configurations of the OS and Apache web

o Protect cardholder data: The PCI rule set identifies inbound credit
card data and obfuscates this information in the audit log file.
Furthermore, the PCI rule set will identify and block data if full
credit card numbers are being sent to the client. The M1000 uses an
SSL encryption module to provide network encryption and is configured
to only use strong encryption/ciphers.

o Maintain a vulnerability management program: Has the capability to run
antivirus applications to scan uploaded files. The M1000 will be
continuously updated with new signature rule sets and addresses the
OWASP Top 10 with the ModSecurity Core rule set.

o Regularly monitor and test networks: the M1000 Audit Engine logs
complete HTTP transactions. The Console can be used to search for
transactions of interest and will include PCI template reports.

The ModSecurity M1000 also includes the OWA rule set providing web application security for organizations enabling remote employee access to Microsoft® Outlook over the internet. A component of the Microsoft® Office suite of products, Outlook is the most broadly used corporate personal information manager in the world.

Along with the PCI and OWA rule sets, the M1000 appliance will include the ModSecurity v2.0 web application firewall, a management console and an enhanced rule set. ModSecurity v2.0 is a highly flexible web application firewall that can be used for a wide range of functions including web application monitoring, web intrusion detection and prevention, as well as just-in-time patching of known vulnerabilities. Released in October, ModSecurity version 2.0 provides greater flexibility, enhanced attack detection, and support for XML and Web Services.

"Our stated goal has been to deliver effective web application security for any size organization, and we have delivered on that promise with our first ModSecurity Pro appliance," said Marc Shinbrood, CEO, Breach Security, Inc. "The appliance brings to market all of the advantages of the open source ModSecurity web application firewall in an easy-to-deploy package that includes protection for PCI compliance and enterprise-level support."

The ModSecurity M1000 appliance is available at the list price of $5,995.00US. First year professional support and maintenance is included at no additional charge. The PCI rule set is available with the M1000 at no additional charge for a limited time. The OWA rule set is offered for an additional cost. For more information please visit or call 866 393 0907.

About Breach Security, Inc.

Breach Security, Inc. is the leading provider of next-generation web application security that protects sensitive web-based information. Breach effectively protects web applications from Internet hacking attacks and provides an effective solution for emerging security challenges such as identity theft, information leakage, and insecurely coded applications. Breach Security's solutions also support regulatory compliance requirements for security. Founded in 2004, Breach Security is headquartered in Carlsbad, Calif. For more information, please visit:

Source: Breach Security, Inc.

Web site:

All Topics