A ModSec answer to the void after Trustwave ends new features and eventual support for ModSecurity Rules
As you may have read, on August 21, 2021, Trustwave, a longtime support mechanism for ModSecurity implementations, announced the end of support and development for ModSecurity Rules and WAF solutions.
This departure leaves a potential gap in technical support for organizations or individual security developers wanting to continue to use the ModSecurity foundation and a commercially supported ModSec WAF rule set. Atomicorp, a ModSec market leader, is committed to supporting security teams using ModSecurity and continuing to provide commercial ModSecurity support and rules for as long as they use them.
Atomicorp has served the ModSecurity community since 2002, and is committed to continue to do so. ModSecurity, sometimes referred to as ModSec, is an open-source web security framework that when combined with rules allows users to build WAFs for free. Atomicorp has been supporting ModSecurity for so long it’s the best versed in the opportunities, challenges, and DevSecOps requirements facing security engineers using ModSecurity, while helping business leaders to understand if ModSec is a part of the security architecture they’re building.
Maybe you’re a web hosting company that wants to continue to use ModSecurity in hosting multi-tenant environments, such as with cPanel and/or Plesk. Or you need additional security integration or consultant support to secure your users using Drupal, WordPress and other popular web applications.
Or maybe you’re a midsize or large enterprise that wants a deeper look into web application security, what is targeting the perimeter, your applications, and what you are doing to protect deeper penetration into enterprise databases (where malicious actors launch lateral movement attacks, deploy backdoors, mine for customer financial information, credentials, and gain control). The reality of a possible cyberattack carries risks, and you want more flexible and easier to use data-driven visualization of security coverage and performance for management decisions, reporting and compliance.
Atomicorp fully supports ModSecurity and offers three convenient solutions for your ModSecurity and WAF needs, ranging from free ModSecurity rules to commercial turnkey WAF virtual appliances.
Free ModSecurity Rules
Next generation Free ModSecurity Rules from Atomicorp give you a boost with hundreds of web application security rules with a single install, plus:
- Advanced threat detection and response
- Regular updates of detection for new attacks, support for new applications, and other security enhancements
- Custom exceptions/acceptance lists
- 24x7x365 protection
- Community support
Atomic ModSecurity Rules
Customers that want total protection for their web applications should evaluate the commercial Atomic ModSecurity Rules version.
With this offering, they can more easily tackle the challenges of implementing modern WAF protection over disparate Web applications. Atomicorp provides strong security support for all commercial and open source web applications, including popular platforms such as WordPress, full support for web hosting panels, such as cPanel and Plesk, modern containers and containerized ModSecurity, and today’s complex web APIs. These rules protect everything.
Whether you’re a security architect at a large enterprise or web hosting company, or someone who just likes using ModSecurity for protecting web applications, it enables your security team to engineer security into the application layer easily and simply. Using our commercial ModSecurity Rules, security engineers can modify the rules as needed, tap into Atomicorp’s expertise to develop new rules, support myriad Web applications and roll out WAF protection across cloud access points and virtual server instantiations, such as containers. Harness the powerful Atomic ModSecurity rule set and its virtual patching to protect your web servers and applications.
As with any Atomicorp commercial product, defense-in-depth, or multi-layered security, is built into the web application security solution.
Atomic ModSecurity Rules provide:
- Thousands of web application firewall rules to protect your web servers and traffic.
- Real-Time Threat Intelligence powered by Atomicorp: Utilizing our global network of sensors, and our massive user base across the globe, your system will be protected from advanced threats that defeat typical WAFs.
- Machine Learning of zero day threats.
- Expert 24x7x365 support in ModSecurity Rules-based WAF implementation. Atomicorp has supported ModSecurity and our rules since 2002.
- Our No False Positive guarantee: If you find a false positive in our rules, we’ll resolve it the same business day it’s reported, for free.
- Total Control: Unlike with Trustwave and other vendors, you get the source code for our rules. Be able to fine-tune ModSecurity Rules for your needs, or ask our experts; we’re here 24/7 for your security needs.
- One-Step automated install and management: Easy one-step installation to get you up and running, and our software will keep your system up to date with the latest rules from Atomicorp.
- Minimization of administrative overhead associated with tuning your ModSecurity installation while still enjoying the benefits of strong protection.
- Defense-in-depth web protection. Get web application firewall (WAF) rules that have evolved to thwart hostile traffic targeting your web data architecture, operational systems, and control. Atomic ModSecurity Rules provide advanced layers of security for zero day threats, ransomware, DoS attacks, brute force, code injection, and all other web attacks.
Atomic WAF for Securely Managing Enterprise Web Assets
Enterprises crave the ability to visualize security performance at a high level but also be able to drill into the events. Atomic WAF, powered by Atomic ModSecurity Rules, provides a flexible WAF management console and graphical user interface (GUI), delivering graphs, charts, and analytical and reporting tools helpful for management decisions, audits and compliance.
Atomic WAF enables security and management stakeholders to:
- Deploy a WAF software appliance that brings a helpful and intuitive management console and GUI, while, under the hood, our commercial Atomic ModSecurity Rules and enhanced engine protects your web entities and those of your customers.
- Visualize, report, and meet compliance requirements. The Atomic WAF management console and GUI facilitate compliance, security performance management, and reporting.
- Display images such as event logs, charts, security response highlights and more, for high-level observability as well as ‘granular,’ where you can drill into the security event data.
- Be able to show artifacts from the event log to continuously monitor and enhance security performance and better comply with industry and government standards and regulations.
Visit our ModSecurity solutions page.
Learn more about Atomic ModSecurity Rules.
See our ModSecurity Rules in action: https://atomicrbl.com/globe2/
Discover Atomic WAF for visualizations of security performance and challenges.
Read the Press Release.