Compliance in eCommerce, FinTech, HealthTech and other industries means rigorously protecting user data and APIs, implementing compensating controls, and monitoring for attempted violations. Wallarm solution is fundamental In protecting apps & APIs from attacks and building vigorous security processes.
SOC or “system and organization controls,” is a system of controls and procedures that proves a cloud service provider safeguards the data entrusted to them by the users. A SOC-certification means the controls have been audited by an independent third party.
Wallarm helps satisfying many of the common criteria requirements:
Monitoring activities (CC4) is accomplished with the scanner, pentesting service and on-going monitoring for attacks
Logical and Physical Access Controls (CC6) is strengthened with Wallarm WAF protecting APIs in real-time, Wallarm DAST discovering application vulnerabilities and Wallarm FAST CI/CD integrated security testing
System Operations (CC7) relies on Wallarm FAST finding security flaws before the apps are released, virtual patches and risk assessment with Active Threat Verification
Processing Integrity (PI) is ensured with protection from API logic bomb and advance detection of insufficient input and output validation.
The General Data Protection Regulation (GDPR) became enforceable as of May 25, 2018, replacing the EU Data Protection Directive, also known as Directive 95/46/EC. It aims to apply a single data protection standard to all states and citizens of Europe to enforce high-level data protection consistency throughout the EU.
Wallarm helps satisfying many of GDPR requirements:
Protection from unauthorized access (Articles 24, 32) is addressed by WAF protection from OWASP Top 10 threats and protection from credential stuffing
Faster breach detection and monitoring (Articles 30, 33) is helped with advanced incident detection and SIEM-integrated event logging
Improved risk assessment (Articles 34, 35) are the features delivered by Active Threat Verification where attacks are matched with possible vulnerabilities in the APIs/ Apps
All entities that store, process or transmit cardholder data and/or sensitive authentication data must comply with the core standard called PCI Data Security Standard (PCI DSS). Guidance in the PCI DSS mainly addresses the security of merchant payment environments but was recently extended with the PCI Software Security Framework.
Wallarm helps satisfying many of PCI DSS requirements:
Password management (PCI DSS 2) is helped with credential stuffing protection and scanning for the use of default passwords
Protect cardholder data (PCI DSS 3) is assisted with Wallarm WAF detection of information disclosure and privilege escalation that can potentially result in leaks of sensitive data
Secure Systems and Applications (PCI DSS 6) is where Wallarm contributes the most to PCI compliance. Wallarm contributes to secure coding practices, Layer 7 protection, risk assessment with active threat verification, vulnerability discovery and more.
Full API for SIEM integration and Events reporting
The environment is very dynamic, and there are a lot of applications and APIs to protect, so we needed a solution that is automated, self-tuning, and centrally managed.
We tried to use mod_security, but there was a lot of pain with the complicated rules / signatures and non-stop false positives.
Wallarm was able to profile the normal operation the web infrastructure and identify the application-layer (L7) DDoS attack.
AI-Powered Application Security
Wallarm security platform automates application protection and security testing. Hundreds of customers already rely on Wallarm to secure websites, microservices and APIs running on private and public clouds. Wallarm AI enables application-specific dynamic WAF rules, proactively tests for vulnerabilities, and creates feedback loop to improve detection accuracy.