PCI DSS - Traditional's approach limits

WAF the best answer to comply

Traditional Approach's Limits

Deny All Web Application Firewalls

How to buy ?

"Implementing Deny All Web Application Firewall was the most efficient and cost effective solution to comply with the PCI DSS Standard and to secure our growing number of web applications. Deny All WAF solution was the easiest to deploy, configure and replicate of the solutions we looked at. "

Petri Vuontela, Director, Customer systems at Aktia

Want to make your Web Applications PCI DSS-Compliant ?

Join our PCI DSS Expert for an educational webinar about WAF benefits and customer best practices.

LIMITS OF CODE REVIEWS

Costly and Time Consuming

The Code Review option includes line-by-line review of code, which is time consuming and can be prohibitively expensive to an IT organization. To make the code review process successful, organizations will also need to understand the source code and/or web application itself, know how to evaluate each for vulnerabilities, and understand the findings.

Questionable Accuracy

Web Applications are dynamic and constantly changing. Unfortunately, a code review process often fails to anticipate future threats due to its "snapshot in time" approach, and must be done again and again in order to stay current. The Deny All WAF solution is automatically updated with new signatures, insuring customers of an ongoing protection process. Once the solution is implemented, the web application environment will have the latest, state of the art protection and will be PCI DSS compliant.

LIMITS OF NETWORK FIREWALLS

Typical network firewalls are implemented at the perimeter of the network or between network segments (zones) and provide the first line of defense against many types of attacks. However, they must allow messages to reach the web applications when an organization chooses to expose the application to the public Internet.

Network firewalls usually are not designed to inspect, evaluate, and react to the parts of an Internet Protocol (IP) message (packet) consumed by web applications, and therefore public applications frequently receive uninspected input.

As a result, a new logical security perimeter is created- the web application itself -and security best practices call for messages to be inspected when they cross from an untrusted source into a trusted environment.