Entercept Web Server Edition (WSE) installs 'shielding' functionality and HTTP protection giving dedicated Web server protection. The agent installs adjacent to the operating system (see diagram below) and is able to intercept and validate software calls made into the different layers of the OS and kernel. Calls are matched to a constantly updated dictionary of both defined, and generic attack behaviors. If an attack is found, pre-emptive action is automatically taken to protect the system by referencing a policy customized to the environment. Actions ranging from 'Log Event' to 'Terminate Process' are taken. Key to the value of Entercept WSE is the fact that all activity on the host is seen, and is not impaired by encryption, switched data or reliance on system log information.

Entercept WSE includes the following types of attack recognition capability:

• Shielding
  Offers security specifically for the Web server, and is designed to protect the application and its files, including data. The shield is installed after an 'adaptive auditing' process is run, automatically, to determine the configuration of the server. The shield then provides a protective envelope of operation for the application that prevents outside activity penetrating the envelope. This results in prevention of both known and unknown attacks targeted specifically against the Web server application or files. e.g. for IIS Web Server - Web pages cannot be changed or defaced by the use of any other application or any unauthorized user.

• HTTP protection
  Gives protection against attacks directed against Web applications via the HTTP protocol. Protection is given by a parsing process that checks the HTTP stream coming into an application and determines its intent. Entercept WSE is then able to take preventative action in the case of an attack. The use of HTTP is only one form of attack on applications. Full application protection is only achieved in conjunction with other Entercept WSE defense methodologies, including Shielding.

The policy database ships with a fully configured default template incorporating powerful customization ability for the Administrator, allowing false positives to be virtually eliminated.

The default policy ensures rapid deployment. Agents are deployed per server, and are controlled and updated from a central management console. Agents are completely self-contained protective units and not reliant on the Console to function. This approach is used as it prevents any communication ports from being left open and provides 'Fail Safe' operation. Agents 'pull' updates from the Console including code updates and new attack definitions. Triple DES encryption is used for all communications.

The Console provides full management reporting, including exportable log data. The Console requests and 'pulls' updates from the Entercept Security home servers through 'Entercept Instant Update' using fully encrypted communication.

Entercept WSE features and benefits

• Eliminates loss of business through Web site defacement or penetration
• Creates a secure environment for Web servers and applications
• Ensures maximum uptime for valuable corporate Web servers
• Prevents Web servers from being compromised from unknown and known attacks
• Gives protection behind the firewall
• Minimizes the need for dedicated security expertise
• Eliminates the need for constant monitoring of the console
• Automatic update mechanism ensures the best protection
• Time savings through reduction in false positives

Entercept is a trademark of Entercept Security Technologies Inc.