Injection attacks, malware attacks, manipulative bot access, and more: Online services today are exposed to a wide range of threats that need to be effectively addressed. As an upstream protective barrier, Myra Website Application Security protects the web applications of companies and government agencies from all these types of attacks.
Digital attacks, sabotage, and data theft cause losses to the German economy totaling more than 100 billion euros a year and rising. The responsibility for this is shared by an increasing number of harmful programs and malicious bots circulating on the internet that target vulnerable online services. Thanks to the ongoing digitization of the economy, industry, government, and society, the virtual attack surface for cybercriminals is also increasing in size.
Preparing online services for online risks
Companies are responding to the growing threat with tighter security specifications for software, development, and personnel. However, this does not completely rule out errors and vulnerabilities in the code – especially since the trend toward agile development methods with short development sprints makes it difficult to secure software consistently. Furthermore, companies can only indirectly prepare themselves for some threats. Automated account hijacking through credential stuffing or brute force is aimed at weak or leaked passwords – it is primarily the user’s responsibility to ensure protection. In order to address such weaknesses themselves, security solutions specially tailored to the requirements of modern web services are required.
Upstream protective barrier for online services
Myra Security provides such a solution with its Web Application Security, which secures content and web applications on your websites fully automatically and in real time. The solution includes a Hyperscale WAF (web application firewall), Bot Management, and a Malware Multiscan as an upstream protective barrier. Together, the tools provide universal protection against the most common threats on the net – as a cloud service with no purchase of additional software or hardware required.
Myra’s WAF solution protects applications from unauthorized or potentially harmful requests from the web. In the default configuration, the tool set includes predefined rule sets based on the OWASP Top 10. This ensures that the solution provides reliable protection against XSS, CSRF, SQL injection, or directory traversal. Extensions to existing WAF rule sets can also be imported and configured using rule management for pre- and post-origin traffic.
Meanwhile, Deep Bot Management gives companies the ability to granularly control automated traffic on their websites. Using proprietary fingerprinting technology, Myra reliably identifies incoming bot requests and automatically blocks aggressive scrapers and other malicious bots. Implementation of the solution also reduces traffic on origin servers, resulting in lower operating costs. The tool also enables targeted management of benign bots and search engines to ensure top performance for regular visitors.
Myra Malware Multiscan provides protection against infected user files. The highly scalable solution uses multiple antivirus engines to scan and filter incoming files for malware. This enables the solution to proactively block malicious content, protecting the underlying web servers.
Facts and figures: Myra Web Application Security
- HTTP/S requests: Instantly scalable filtering of HTTP/S requests
- Inclusion of your own rule sets: Extendable with your own existing rule sets
- Rule management: Rule management for pre- and post-origin traffic
- API: Fully configurable via API
- Header rewriting: Header/response rewriting with no changes to the application
- Custom error pages: Custom error pages for your own corporate design.
- Myra default rule sets: Myra default rule sets for all common CMS and shop systems.
Deep Bot Management
- Granular management: Blocking, forwarding, whitelisting, or delaying of requests.
- Alternate origin: If needed, you can forward requests to alternative origin servers to protect the main infrastructure.
- Automation tool detection: The system reliably detects automation tools such as Selenium and PhantomJS.
- Myra passive fingerprinting: Myra reliably and unambiguously detects when bot software is used – independent of IPs, ASN, and UserAgent.
- Behavioral analytics: Myra automatically identifies unusual access patterns.
- Variable configuration: Detection rates can be seamlessly increased by adding two or more antivirus engines of your choice.
- Plug & Play: No changes to web forms necessary.
- Universal: Can be used for upload (FORM POST) and download scenarios.
- BDSG and GDPR-compliant: Immediate deletion of files after Multiscan data processing has been completed.
- Informative monitoring: Status notification and inspection report at each form submission.
Myra Web Application Security secures website content and applications from malicious access, tampering and sabotage attempts, malware, and more. The individual tools of the protection solution work seamlessly with existing infrastructure and CMS programs. No purchase of additional hardware or software is required.