Security Experts:

Qualys Web Application Firewall 2.0 Brings Virtual Patching, Event Response

Qualys today announced the availability of version 2.0 of the company’s Web Application Firewall (WAF). The latest version of the solution comes with several new features designed to help organizations address web application security issues.

Qualys WAF is a cloud-based service designed to block website attacks in real time. The solution is capable of handling web server vulnerabilities, application framework issues, improper configurations, and coding faults.

Fully integrated with the Qualys Web Application Scanning (WAS) solution, Qualys WAF 2.0 enables companies to create “virtual patch” rules based on vulnerability information delivered by WAS. This virtual patching feature helps Qualys customers fine-tune their security policies, customize WAF security rules for web applications, and quickly remove false positives.

In an effort to help organizations with prioritizing and mitigating vulnerabilities, Qualys WAF 2.0 introduces customizable event response capabilities. This functionality allows customers to create exceptions to certain types of web events.

Qualys WAF is easy to deploy and configure even without a dedicated security staff, Qualys said. The Qualys console allows customers to centrally manage the web application firewall from any location.

“Many organizations are struggling to find a balance between identifying and effectively addressing vulnerabilities fast enough to avoid falling victim to large-scale breaches,” noted Philippe Courtot, chairman and CEO of Qualys. “By integrating security rules and policies from our WAF solution with Qualys WAS data, we are providing significant value to our customers with the flexibility and automation needed to tackle web application security threats. It’s a giant step towards complete automation of web application security.”

Pricing for an annual subscription for Qualys Web Application Firewall starts at $1,995 for small businesses and $9,995 for larger enterprises, depending on the number of web apps and virtual appliances they have. Organizations can also register for a free trial.

At the RSA Conference, Qualys also unveiled its Cloud Agent Platform (CAP). The solution is designed to help companies assess and resolve the security and compliance of IT assets on mobile endpoints, on-premise, and in cloud environments.

Qualys CAP is currently available for trial on the Windows platform. The company says the service will go live on May 15 for Windows, and in the third quarter for Unix and OS X.

Qualys also announced today the expansion of the Qualys Continuous Monitoring solution with internal monitoring capabilities. According to the security firm, the new feature enables organizations to proactively identify potential threats, and accelerate incident response time.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.