Data Sheet
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6
Cisco ACE Web Application Firewall
Product Overview
The Cisco
®
ACE Web Application Firewall (Figure 1) is the newest component of the Cisco
Application Control Engine (ACE) family of products.
Many organizations are looking to increase efficiency and profitability through the implementation
of new Web-based applications, Web 2.0 and SOA solutions. These new Web-based services
provide greater flexibility and interactivity to customers, employees, and partners. At the same
time, criminals have seized on exploiting these new, and often poorly secured services for such
things as financial fraud, identity and data theft, denial of service attacks, and the spread of
malware and remote-controlled agent software.
According to privacyrights.org, nearly a quarter of a billion records have been breached since 2005
in the US alone. In response, new and emerging regulatory requirements, like Sarbanes-Oxley,
Graham-Leach-Bliley, HIPAA, PCI, Basel II, EU Data Privacy Regulation, J-SOX, and PIPEDA, in
virtually every country and region in the world, place a special emphasis on protecting the access
to, transmission of, and storage of sensitive information, such as the personal and financial
information of customers and employees.
Of special interest is the protection of consumer financial and personal information. In response to
increased identity theft incidents and security breaches, major credit card companies have
collaborated to create the Payment Card Industry (PCI) Data Security Standard (DSS), which is a
series of requirements to streamline and standardize how companies store and access credit card
information.
The Cisco ACE Web Application Firewall helps organizations that store, process, and transmit
credit card data to comply with the PCI DSS requirements. Because of its unique blend of HTML
and XML security, the Cisco ACE Web Application Firewall provides a full compliance solution for
the PCI DSS version 1.1’s requirements in sections 6.5 and 6.6.
Section 6.6 in particular mandates that any organization handling, processing, or storing credit
card information must install a Web application firewall by June 30, 2008 to protect applications
against the OWASP Top 10 attacks (
http://www.owasp.org/index.php/Top_10_2007.)
The Cisco ACE Web Application Firewall provides full compliance with the latest PCI requirements
by combining deep Web application analysis with high-performance XML inspection and
management to truly address the full range of threats associated with all new Web application
services. It secures and protects Web applications from common attacks, such as identity theft,
data theft, application disruption, fraud and targeted attacks. These attacks may include cross-site
scripting (XSS) attacks, SQL and command injection, privilege escalation, cross-site request
forgeries (CSRF), buffer overflows, cookie tampering, and Denial of Service (DoS) attacks.
The Cisco ACE Web Application Firewall’s integrated Extensible Markup Language (XML) firewall
capabilities extend protection for traditional HTML-based Web applications to modern XML-
enabled Web services applications. The security for XML data includes XML threat mitigation such
资源评论
jml_10041022015-07-29不错正是我想要的 啊
