BUSINESS APPLICATION PROTECTION
When organizing the protection of a business application, an integrated approach is required, covering all areas and components of the operation of such an application.
Web application protection. The web interface is almost always a “window” for the application to interact with an external client. As a rule, this client is located in an untrusted environment (Internet) and may be malicious. Web application protection tools refer to Web Applications Firewall (hereinafter referred to as WAF). The WAF sits in front of the main web application and analyzes the incoming traffic. It decides in real time whether to grant or deny access to the user.
Internal business application. An area in which access is granted to qualified personnel of the company and the greatest threat is posed by an insider, including personnel with privileged authority in the information system. To protect this area, the most independent systems for registering user access events at the data level and analyzing these events are used.
Database management systems (hereinafter – DBMS). A class of programs that requires a specific approach to security. Specialized programs that solve the problems of ensuring the information security of the DBMS – Database Activity Monitors (hereinafter – DAM). DAMs operate in sniffer mode, and some products also operate in inline mode if blocking functionality is required.
Integration platforms are software and hardware infrastructure that provides data exchange between distributed applications and information systems to support, monitor, and manage the enterprise’s composite business processes. The tasks of ensuring information security are to prevent malformed or deliberately false data, send a message from an unauthorized source, and implement attacks specific to the exchange protocols used. The class of programs that solve these problems is XML Gateway.
Currently, some products can ensure the secure use of business applications. The security system will provide real-time violation detection and the possibility of investigating information security incidents.