NTODefend enables security professionals to patch vulnerabilities immediately – in a matter of minutes instead of the days or weeks it can take to build a custom rule for a WAF or IPS or the time it takes to deliver a source code patch. This gives developers time to identify the root cause of the problem and fix it in the code.
Users simply take the results of their NTOSpider scan, import them into NTODefend and generate custom rules that protect the web application from attacks on these vulnerabilities.
Custom rules can leverage NTOSpider’s knowledge of the application to create strong, safe rules. NTODefend takes the NTOSpider results and generates strong customized rules that target the application’s specific vulnerabilities which increases the WAF’s accuracy and ability to protect WAF/IPS. These filters are able to pinpoint vulnerabilities without blocking desirable traffic.
As a safeguard, NTODefend’s performs as a good/bad data QuickScan to test only the areas that are vulnerable and test for false positives.
NTODefend allows users to optimally configure a WAF or to leverage their investment in their IPS device to block web application vulnerabilities.
PCI Compliance 6.6 requires a WAF, dynamic analysis tools, source code reviews or static analysis tools.
Users of NTOSpider can leverage the results of application scans to quickly and easily generate custom rules to patch vulnerabilities on their WAF/IPS.
After a simple import from NTOSpider, the user is able to review the vulnerability report and quickly select which vulnerabilities to patch and automatically generate the highly targeted filters for their WAF/IPS solution.
NTODefend integrates with market leading WAFs including: Citrix F5, DenyAll, Imperva SecureSphere, ModSecurity, & Baracuda. NTO automatically generates rules for each WAF/IPS that are highly targeted to the specific vulnerabilities which reduces the risk of false-positives.
The NTO solution enables security teams to conduct a quick re-scan applications to confirm the trained WAF/IPS effectiveness. Now, teams can quickly confirm that target vulnerabilities are patched and that good traffic can continue to flow through as expected eliminating the risk of false positives & false negatives and dramatically reducing or eliminating QA time.
NTODefend includes more integrations with WAF and IPS than any other solution available.