https://store-images.s-microsoft.com/image/apps.50181.80707676-ee7e-4e66-b1cd-4519e56bc089.a8402486-491e-4437-adca-276f5c4d684e.bc870edd-5bb8-4b25-8c82-c233ca59f549
Insight For Web Server (IWS) - Defacement & Information Leakage Protection
Infotect Security Pte Ltd
Insight For Web Server (IWS) - Defacement & Information Leakage Protection
Infotect Security Pte Ltd
Insight For Web Server (IWS) - Defacement & Information Leakage Protection
Infotect Security Pte Ltd
IWS provides websites with dynamic, real time protection from defacement and leakage of sensitive data.
A web security solution that functions as a reverse proxy response scanner for HTTP/HTTPS endpoints that protects against:
- Public disclosure of defaced web servers
- Information leakage due to compromised web servers via internal sources
- Transmission of malicious code to visitors
- Data leakage due to application vulnerabilities
- Information leakage due to server errors or misconfiguration
- Information leakage due to malicious or accidental uploads
Comparison with existing security solutions
| Type of Defacement | INFOTECT IWS | Other Solutions | ||
|---|---|---|---|---|
| File Integrity Solutions | Defacement Scanners | Pure Human Monitoring Services | ||
| Defacement content stored in files on web site, such as HTML, JSP, ASPX, PHP, etc. | Yes | Yes, however alerts are generated even with legitimate content changes. | Yes | Yes |
| Defacement content is stored in database used by content management systems, such as Sharepoint, Sitecore, Joomla, Wordpress and etc. | Yes | No | Yes | Yes |
| Defacement content is shown conditionally, such as shown to search engines only, referrals from search engines, mobile users and etc. | Yes | Only when the defacement occurs in the files, not in the content stored in the database. | No | No |
| Defaced content in newly added files, without links from any existing pages, which constitutes the No. 1 type of defacements on Zone-H. | Yes | Only when the solution is configured to monitor new files, not just existing files. | No | No |
| Transient cross-site techniques using scripts, layers, frames to display defaced content from external sites, for e.g. SG PMO and Istana defacement in 2013. | Yes | No | No | No |
| Transient reflected defacement where defacement input is reflected in the response page from the vulnerable website. | Yes | No | No | No |
| Real-time protection to block defaced content from being shown or display the last known good copy even after the web page is defaced in less than 5 seconds. | Yes | No | No | No |
| Restore the display of acceptable content and preserve forensics evidence on the affected web, app or database servers without restoring content automatically, hence preserving admissible court evidence for legal proceedings. | Yes | No. If auto-remediation or auto-restore is enabled, it will remove admissible evidence. | No | No |
| Protect post-authenticated pages, such as dashboards. | Yes | Yes, unless defaced content is stored in the database | No | Yes |
| Protect non-HTML content, such as Restful API, SOAP XML and others, which are commonly used to support mobile applications. | Yes | No | No | No |
IWS can help comply with:
- Payment Card Industry Data Security Standard Version 3 (PCI-DSS v3)
- Personal Data Protection Act - Singapore 2012
- Monetary Authority of Singapore Technology Risk Management 4.0 Notice
- Personal Data Protection Act - Malaysia 2010
- OWASP Top 10 Risks
- NIST SP 800-53r4 AC-22
Click "Get It Now" To Try IWS Free Today!
Contact & Resources
Resources & PatchesContact support@infotectsecurity.com for technical enquiries.