As hacker attacks become more sophisticated, businesses of all sizes are struggling to protect their Web-based applications. With Verizon Business’ new Application Vulnerability Scanning (AVS) solutions, however, businesses can better understand, identify and mitigate potential Web-based, application-security threats.
Immediately available in the U.S., Canada and 13 countries in Europe and Asia-Pacific regions, AVS is offered on an annual subscription basis via the software as a service (SaaS) model. This enables customers to purchase individual applications of the service. Three different solutions – baseline, standard and premium – offer service levels based on the size, complexity and profile of the customer’s Web site. A complementary service allows customers to remediate risks using Web application firewalls that Verizon Business can monitor and manage.
AVS is a key component in Verizon’s Application Security Program, which provides a programmatic approach to enterprise application security. The new AVS solutions offer companies a systematic way of safeguarding applications through a comprehensive three-pronged approach focusing on visibility (the ability to clearly see all applications at risk), flexibility (the ability to accurately prioritize assessments within tight budgets), and control (ensuring that managed Web application security processes are using mature, repeatable and consistent methods).
"Protection of Web-based applications tops our customers’ security wish list, and rightly so as more companies Web-enable their corporate applications," said Dr. Peter Tippett, vice president of innovation and technology at Verizon Business. "With our new AVS service, Verizon Business is providing an enterprise-class solution that can easily and reliably be deployed without the need for expensive custom testing programs."
New Services Target Vulnerabilities Where it Counts
According to industry experts, nine out of 10 Web sites have at least one serious vulnerability that leaves them susceptible to being hacked. The Verizon Business "2009 Data Breach Investigations Report" found that of the 285 million compromised records from the 90 confirmed breaches studied, 79 percent were compromised via Web applications. The report also demonstrated that online data accounted for 99.9 percent of breached records.
Verizon Business’ new AVS services deliver accurate, customizable Web site vulnerability information through an online dashboard that identifies and verifies customer threats and severity ratings using an advanced assessment methodology that virtually eliminates false positives. AVS also helps customers meet the PCI DSS (Payment Card Industry Data Security Standard) application-security testing requirements.
All three AVS solutions leverage WhiteHat Security’s leading application vulnerability management SaaS platform.
Verizon Business uses its Web application firewall (WAF) capability to provide the company’s complementary service to remediate risk. Once AVS has identified potential application security risks, Verizon Business can translate these risks into rules that are applied to the customer’s application firewall to immediately block attacks. Customers can choose to manage their own WAF, or outsource it to Verizon Business.
Verizon Cybertrust Security
The Verizon Application Vulnerability Scanning service is part of Verizon Business’ industry-leading portfolio of security solutions, aimed at helping enterprises and government agencies manage security risk and protect critical company assets. The portfolio includes governance risk and compliance solutions, data loss and prevention solutions, identity management solutions, and managed security services. The company’s more than 1,100 security professionals around the globe deliver these offerings through a range of managed services, professional services and technologies, based on what best suits the customer.