NEC System Technologies Ltd. has launched a Web application firewall called SiteShell to protect Web applications and data from vulnerability attacks such as personal information leaks and Web site tampering caused by unauthorized access to Web sites. In addition, Siteshell provides protection for Web applications operating on application servers, without any modification of the application.
SiteShell only requires installation on an existing application servers to protect Web applications from attacks such as SQL injection, and it can improve the Web application security level by continuously protecting against newly found security vulnerabilities with the update service. SiteShell can be used as an application layer firewall, which will be required to be compliant with PCI Data Security Standard (PCIDSS).
One feature of SiteShell is its new generation blacklisting method. Since NEC Systems Technologies will provide the blacklist, users will not need to think about the cost of creating or operating blacklists. The latest vulnerability information is collected in real time through NEC Systems Technologies’ connection with overseas vulnerability investigation companies. Vulnerability countermeasure levels can be flexibly changed through adjustments and configuration of blacklists.
SiteShell also reduces future vulnerabilities through updates. By subscribing to the annual maintenance update service, programs addressing newly found vulnerabilities are continuously provided after installation, enabling timely updating services without stopping the system.
SiteShell requires no Web application modifications and supports various application servers and Web servers. The product complies with Servlet standard specifications, and can be used widely without limitations on the type of Web servers.
SiteShell will be sold by NEC Systems Technologies channel partners in the United States, and will be available by summer 2009. Pricing will be announced at that time.