Application Defender

App Defender

Minimize Risks, Stop Attacks in an Instant

Minimize Risks, Stop Attacks in an Instant

Many attacks target the application. Network security remains an important layer of defense, but signature-based defenses rely on filters to look for known exploits. A well-known exploit for these solutions is to bypass filters and inject SQL code using comments, capital letters, or encoding, among other techniques. Network defenses that monitor the OSI layers will see parts of the malicious query. Only within the application is the entire query constructed into its fully executable form. Because Application Defender has the complete context from within the application, it can see the full and final query to determine if it is malicious.

Application defender tour Benefit

What is a Risk Group?

Risk groups allow you to quickly manage protection settings for multiple application instances. Your selections to monitor, protect and suppress are applied to all agents in the group.

What is an Agent?

The Fortify runtime analysis technology, also used in WebInspect and ArcSight Application View, monitors API calls to common core libraries as it assesses application flow, data flow and logic for potential threats.

Sample Threat Scenarios

Sample Threat Scenarios

Application Defender is configured with rule packs that analyze actions by users, data anomalies and logic flow to defend vulnerabilities only visible from within the application. Some of the most critical use cases involve cross-site scripting and injection issues. The SANS Institute compared how Runtime Application Self-protection (RASP) detects these threats versus Web Application Firewalls (WAF). Read the SANS report or watch the SANS webinar replay to learn more.

  • XSS

    Applications that fail to validate user input create vulnerabilities, allowing malicious code to be passed to the application. HP App Defender can identify this exploit and terminate the user's session.

  • Auto Scanner Blocking

    Automated scanners can scan your applications looking for vulnerabilities. HP App Defender can detect these scans and block them, effectively shutting them down.

    SANS Institute paper RASP vs WAF

  • SQLi

    Only by seeing the complete query, constructed within the application, can it be accurately determined if the query is legitimate or malicious. This capability is particularly necessary to identify second-order SQL injections, which are constructed in multiple steps and tend to be more targeted and potentially more damaging.

    SANS Institute webinar RASP vs WAF

Ready to Get Started?

  • Can you afford not to?

    Changing production applications to address new and existing threats takes time – often weeks or months. In the meantime, compensating controls are needed. Network security, such as Web Application Firewall is a popular choice, but filters can be circumvented without complete context from within the application. With a low monthly fee, cloud or on-premise management, and pre-configuration, you can quickly and easily add this line of defense to critical applications, using a proven technology from an established application security leader.

    Solution brief to share with IT Ops

  • Designed with performance in mind

    Analysts expect application self-protection to grow substantially because it solves an important problem. As you consider solutions that are right for you, it is critical to understand how production applications are defended. Application Defender does not require recompiling code, nor does it change the application code; and, it does not add overhead on the network. It monitors API calls to core libraries, with minimal performance impact.

    Performance Metrics - Java (White Paper)

  • Pricing

    Application Defender offers a low monthly price for each application instance that is defended via SaaS.

    SaaS Pricing Details

    For on-premise pricing, contact your HPE Account Manager.