Array Networks has announced that WAF on AVX and ASF has earned the ICSA Labs Web Application Firewall Certification. Array Networks WAF provides a wide range of protection against vulnerabilities, zero-day attacks and internet attack types recognized by OWASP and WASC, including SQLi, XSS, and XXE, as well as against HTTP Request Splitting, Click jacking, and complicated client-side attacks (DOM-based XSS). It ensures continuous security for applications, APIs, users, and infrastructure while supporting compliance with security standards including PCI DSS.
The ICSA Labs Web Application Firewall Certification Testing Criteria v.2.1 confirms that the Array Networks WAF (ASF) on AVX 7800 was not susceptible to attacks targeting the product. In addition, the services being targeted were similarly unharmed. In fact, Array Networks WAF (ASF) on AVX 7800 allowed the applications to function as expected while maintaining the integrity and confidentiality of the data. In terms of installation and administration, the documentation was adequate and accurate and no violations were found in this area throughout testing. The WAF product is required to provide an extensive logging capability. In practice, this degree of logging may not be enabled at all times or by default, however, Array Networks WAF (ASF) on AVX 7800 has the ability to store logs on either the product itself or to send any logged data to a remote device.
“ICSA Labs is one of the most respected security technology testing organizations that helps enterprises, service providers and others in protecting their networks. In ICSA Labs Web Application Firewall (WAF) security certification testing, ICSA Labs determines through a mix of hands-on and automated testing whether or not the security vendor’s product properly implements security policy enforcement for the protection of HTTP and HTTPS web-based applications. Products are commonly tested against the ICSA Labs Web Application Firewall Certification Criteria. This WAF testing criteria standard was developed in conjunction with ongoing efforts in the WAF industry to provide security managers, application developers and others deploying web-based applications with confidence in the products organizations use to secure vital web application services from attack and exploitation over the Internet. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance,” said Shibu Paul, Vice President – International Sales at Array Networks.
ICSA Labs, an independent division of Verizon, develops and performs comprehensive, unbiased, third-party security certification testing. ICSA Labs tested the WAF (ASF) running on Array Networks’ AVX7800 hardware. Designed with the managed service provider and enterprises in mind, Array Networks 2U dual power AVX 7800 network functions platform enables data center consolidation without sacrificing the agility of cloud and virtualization or the performance of dedicated appliances. The AVX 7800 delivers guaranteed performance in shared environments. It can host two large, four medium, eight small or sixteen entry virtual appliances (VAs) that are fully independent with up to 80Gbps throughput per system. The AVX 7800 provides guaranteed resources – including SSL processing resources – to help ensure the performance of critical security functions including NGFW, IDS/IPS, DDoS protection, and WAF.