Advanced Behavioral Learning Web Application Firewall

Immediate Protection for your IIS Server

Block HTTP, IIS, Windows & Application Attack Signatures

ServerDefender Artificial Intelligence (AI) Web application firewall is designed to provide immediate protection for Web sites and applications running on the Microsoft IIS Web server by blocking known HTTP, IIS, Windows, and application attack signatures:

• HTTP methods
• URL characters and request elements
• URL query strings
• POST data
• Specific HTTP request headers.

Go Beyond Blacklisting

ServerDefender AI goes beyond mere signature blacklisting by learning, from your Web logs or by monitoring traffic with your guidance, exactly what is legitimate traffic for your site and blocking anything else:

1. An advanced behavioral engine organizes IIS server requests into a multi-dimensional baseline of normal system activity.
2. Each server connection and request is scrutinized by the rule-set configured in ServerDefender AI and also by the behavioral baseline to identify and take action against any activity falling outside trusted parameters.
3. ServerDefender's anomaly detection and intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from Web administrators.

Thwarts Hacker Attacks

The software analyzes, detects and responds to suspicious activity, accurately differentiating between trusted and untrusted behavior to thwart hacker attacks such as:

• SQL injection
• cross-site scripting (XSS)
• request forgery (CSRF)
• buffer overflows
• directory traversal
• zero-day
• brute force
• dictionary

Combining attack countermeasures -- ranging from 404 error presentation, robust IP blocking to IIS shut-down -- with reporting and real time alerts (via e-mail, SMS/text message, and instant messaging services), ServerDefender AI is the complete solution.

In short, only safe, trusted requests are allowed to the application and database layers of your Web site or app.

ServerDefender AI adds its own external layer to protect application source code and database layers from attack with no additional hardware infrastructure, no single point of failure, and low overhead. This Web app firewall leverages your existing IIS Web server resources to stop unauthorized access or remote control of your network, site defacement, and loss of data.

Support and Upgrades

• Free technical support during trial evaluation period.
• 60 day Standard Support included with purchase.
• Extended Standard & Premium support plans available.
• Major version updates have a fee of 35% (learn more)
• Minor version updates are provided free to current support plan holders
• Request a quote for your major version upgrade discount

Protects Against Known
& New Attacks

Attack signature and behavioral learning Web application firewall protects against known and new Web hacking attacks against Microsoft IIS Web servers, Windows operating systems, and popular Web application platforms like ASP.NET, ColdFusion, Java/JSP/J2EE, Perl, PHP, Python, Ruby -- and now, even Ajax and JavaScript.

Event Classifications

Configurable, predefined HTTP/HTTPS request event classifications offer signature-based defense, with specific rule enforcement by:

• HTTP Methods (OPTIONS, GET, POST, HEAD, and all possible HTTP methods/operations)
  • New! Supports local proxy servers using the XFF (X-Forwarded-For) request header
• URL Paths (Any characters, extensions or symbols possible in a request URL)
  • Request Throttling: Special Request Frequency feature in URL Path rules allows for control of requests per second to a given URL to avoid automated attacks on key entry points
• URL Query Strings (Length of variables + Signature rules for detecting SQL injection and XSS)
• HTTP Request Headers
• IP addresses and address ranges (Whitelist/blacklist with duration control and included WHOIS lookup for accuracy)

Intelligent Training Mode

Artificial intelligence (AI)-based behavioral engine in Training Mode reviews Web traffic patterns to establish a baseline of Trusted and Untrusted Events.

• New requests are screened against the baseline to determine if request should be trusted based on previous request history and training database
• Offers both supervised and self-learning capabilities
• Adjustable sensitivity levels and percentage of requests to be analyzed
• Requires periodic event review, classification and retraining of database for maximum effectiveness

Threat Management

Extensive Threat Management Options when a request falls outside of an allowed or trusted profile, including:

• Block request by serving HTTP 404 File Not Found response
• Block IP for subsequent HTTP requests
• Deny all ports for IP requests with Network IP Blocking feature
  • Advanced Network IP Blocking via NDIS driver provides performant blocking at TCP/IP and UDP layers for all ports so hacker requests never get to IIS!
• Stop Microsoft IIS Web services

Monitoring Mode

Inactive monitoring mode allows for easy testing of ServerDefender AI without interrupting production Web serving.

Real-Time Alerts

Multiple, configurable notification alert options for blocked requests in real-time via:

• Pager
• E-mail
• SMS or text message
• MS Messenger service
• On-screen/audio security alert notification on Web server's desktop

Web Based Reporting & Log Files

HTML reporting on most frequently requested URLs and request IP addresses. Full consolidated logging of events and request event details (with exportable log files).

Easy-to-use Interface

Microsoft Management Console (MMC)-based UI Settings Manager with settings stored in Windows registry.

Cross Platform Compatible

Compatible with IIS Lockdown, URLScan, major third party server-side scripting platforms like ASP, ASP.NET, PHP, JSP, ColdFusion, and Perl.

Supports FrontPage publishing, Outlook Web Access (OWA), and other Microsoft platforms running on the IIS Web server.

User Friendly

Quick and easy installation and configuration; adjust settings without an IIS restart.

Multiple Server Management

Remote Deployment and Management to install, manage and monitor Web app security on multiple servers (settings applied across server, not by individual virtual server or site).

ISAPI Compatible

Super-fast, stable ISAPI filter with no noticeable server performance impact.