This blog post continues our series introducing the great features you can look forward to in the upcoming UTM Accelerated (9.2) release. I’ll explain how we’re making the web application firewall safer, all in the name of keeping your web services safe from hackers.
A web application firewall (WAF) is a critical defense against the ballooning problem of web-based malware. Hackers are taking over legitimate websites and services at an unprecedented pace to host botnets or distribute malware. Where do you think they find all these websites and services that are ripe for exploitation? I hate to say this, but it’s not always “the other guy’s company” that gets hacked.
If you’re hosting any kind of web-facing server or service that can be accessed by users, partners, or the Internet public, you really need a WAF to protect it (you also need secure coding practices). The good news is, if you have a Sophos UTM, you’re only a few clicks away from gaining some much needed protection.
If you’re already using the WAF in your UTM to protect your Internet facing web applications and services, that’s great, because we’ve got a few enhancements in this new release you’ll want to hear about.
Web Application Firewall Engine Enhancements
In UTM Accelerated (9.2) we made a number of enhancements to the WAF engine. We added a variety of new threat protection patterns in new categories that go well beyond SQL Injection detection. For example, the WAF can now identify and block attempts to use protocol violations and cross-site scripting techniques to hack your servers. The full list of new threat categories is shown in the screen-shot from the UTM console below. And starting with UTM Accelerated (9.2), SophosLabs will provide ongoing updates to the attack patterns, so you always have the latest threat intelligence at your WAF gateway.
Reverse Proxy Authentication
We’ve also added new reverse proxy authentication capabilities, also known as “Authentication Offloading.” This allows your Internet users to securely authenticate against the UTM and have the credentials forwarded to back-end services like Exchange Outlook Web Access. It adds a layer of security between the Internet and your DMZ servers to prevent them from being directly exposed to attack.
Maybe you’ve been using Microsoft Forefront TMG for this? Well now you have a great upgrade replacement that integrates with the rest of your network security. It offers both customizable forms-based authentication as well as basic browser-based authentication.
To accommodate ever increasing storage and file size limits, we’ve also taken this opportunity to extend the file size limit on uploads to company servers to 1GB. There’s also been a number of other minor user interface tweaks and improvements to make working with the Web Application Firewall simpler and easier.
Check out our other posts in this series to get insights on all the great new features in UTM Accelerated (9.2). And, as usual, should you have any questions, we’re only an email or a phone call away.
If you’re currently using Microsoft Forefront TMG, see how Sophos UTM can be the ideal upgrade for this discontinued firewall product.