ModSecurity Continues Despite Trustwave ModSecurity EOL - Atomicorp - Unified Security Built on OSSEC

Trustwave ModSecurity EOL Ended a Product, Not ModSecurity in General

Enduring Support for Trustwave ModSecurity EOL and ModSec Customers

ModSecurity, a popular open-source web application firewall (WAF) for Apache, Nginx, and Microsoft IIS servers, Kubernetes containers, and many web content platforms, has endured both the test of time and false rumors of its demise.

As early as August 2021, many in the cybersecurity media and industry pronounced or assumed ModSecurity was dead after Trustwave announced it would discontinue ModSecurity development and support, handing stewardship of ModSecurity over to the open source community. Trustwave ModSecurity product and ModSec support effectively ends July 1, 2024. 

However, this Trustwave ModSecurity end of life (EOL) and end of support (EOS) cutoff can also represent a new beginning for ModSecurity enthusiasts. ModSecurity isn’t abandonware, it’s still available as open source or as an advanced commercial package. Users who want to continue to employ ModSecurity can select from the market’s most advanced yet affordable ModSecurity solutions from Atomicorp. 

Atomicorp has used ModSecurity in its products since 2007, continuously enhancing ModSecurity and ModSecurity Rules against the latest web-based attacks. We’ve been active at it the longest and also offer an enterprise WAF to enable customers to direct internet security and APIs from a management console and GUI. 

Atomicorp offers several ModSecurity offerings to help organizations, federal agencies, and web hosting providers defend their web servers, websites, and web applications from cyberattacks and malware. 

Visit our ModSecurity Rules and ModSecurity WAF solutions page.

Why ModSecurity for Web Application Firewalls (WAF)

ModSecurity is deployed in myriad web security and inline intrusion prevention use cases, chiefly as a way to prevent remote attackers from breaking into and gaining control over your networks, applications, web servers, websites, and multi-tenant environments. These attackers employ methods such as denial of service, credential stuffing, cookie poisoning, cross site forgery, and scanning your endpoints for software vulnerabilities and backdoors. 

Atomic ModSecurity counters with military-grade, defense-in-depth web server and application security to stop cyber-adversaries from doing what they do: vulnerability identification and exploitation, website defacements, spying, espionage, site spoofing, credit card data exfiltration, user account compromise, and spreading malware to site visitors or connected systems.

Atomic ModSecurity Rules and Atomic WAF provide:

  • Thousands of web application security rules
  • Real-time global threat intelligence from Atomicorp and the ModSec community
  • Exploit and vulnerability scanner blocking
  • Advanced attack blocking, such as SQLi, XSS, SSRF, and XXE
  • Proxy server abuse protection
  • Brute force protection
  • Layer 7 DoS protection
  • Real-time malware protection and malware removal
  • Virtual patching, to analyze and block exploits without reactively making changes to your applications or source code 
  • Content scraping protection
  • Secure Search Engine automatic whitelisting, which protects page ranking and SEO without making you vulnerable to attackers spoofing search engine requests 
  • Geoblocking
  • Credential theft prevention
  • Data loss prevention
  • Antispam protection

Atomic ModSecurity Rules also come with:

  • Same-day rapid support to reduce false positives and false negatives
  • Third-party real-time blackhole list (RBL) integration to easily block attackers
  • Daily updates
  • Enterprise-level professional support
  • Support for custom rule development
  • And a management console, role-based GUI, MFA SSO, management and compliance reports, and Cloudflare integration, available in our Atomic WAF solution.

Learn more by visiting the Atomic OSSEC ModSecurity solutions page.

Atomic ModSecurity Rules are also available as an easy monthly hosted service.

Check out Atomic ModSecurity Rules – Remote on our ModSecurity Rules product page.

Atomic ModSecurity Rules and WAF for Apache, Nginx, IIS, and Kubernetes Containers 

ModSecurity works across Apache, Ngnix, LiteSpeed, HAProxy, Varnish, and Windows IIS, as well as container environments including Kubernetes.

ModSecurity for Nginx

Monitor HTTP traffic and protect Nginx web servers with preconfigured ModSecurity firewall rules and proactive security including web intrusion detection and prevention, AV/antimalware, data loss protection, and more. The web application security ruleset from Atomicorp extends into Layer 7 API gateways and the application itself to protect your virtual business operations, endpoints, end users, and customer web applications. These features are available in the following web servers and applications as well . . .

ModSecurity for Apache

Atomic ModSecurity Rules and Atomic WAF are used to harden Apache web server security as well, and protect APIs and applications running on these servers. Whether it’s Apache, Nginx, or IIS, the cybersecurity solutions work across single page, front-end, server-side, back end, and modular microservice cloud-derived applications in your architecture. 

ModSecurity for Windows IIS

Internet Information Services (IIS) for Windows Server enables organizations and agencies to leverage the connectivity of the web through a variety of internet protocols. Bolster the security of this connective environment with our simple drop-in ModSecurity module for IIS, which combined with our easy-to-use rules and other safeguards, goes beyond default settings to prevent web-based attacks that take advantage of this global openness, while providing secure ports and access to authentic server and site users. 

ModSecurity for Kubernetes

Activate ModSecurity Rules for Kubernetes containers and modern web applications. Atomicorp ModSecurity Rules provide advanced web application protection for containers and Kubernetes ModSecurity APIs. Leverage advanced ModSecurity Rules into a next-generation container firewall. (We support Docker environments, too.) Be able to block malicious connections at container ingresses, and secure egresses to protect sensitive data from being exfiltrated. 

ModSecurity for WordPress

ModSecurity remains a popular option for protecting web content and web hosting environments as well. Atomic ModSecurity Rules were built for WordPress and provide an easy plug-in for WordPress web application deployments, protecting the server, web API, and site properties from vulnerabilities, spam, tampering, credential theft, denial of service (DoS), and brute force attacks. Protects Drupal and other web content management environments as well.

ModSecurity for Plesk and cPanel

Implement and manage ModSecurity Rules to protect websites, web domains, and multi-tenant server environments from malicious files in real time. Protect web hosting control panels such as Plesk, where ModSecurity is built in, cPanel, and other website and server management environments with Atomic ModSecurity Rules.

Bring military-grade web application firewall (WAF) capabilities to bear against the latest web attacks and species of malware. Atomic ModSecurity solutions include our real-time, cloud-based threat intelligence system that blocks known attackers out of the box and monitors HTTP traffic for malicious files, as well as system vulnerabilities. 

Atomic ModSecurity Rules are available as an on-premise or remote software service or as an enterprise WAF solution known as Atomic WAF.   

Learn more about Atomic ModSecurity Rules.

Compare flexible Atomic ModSecurity solutions here.

Deploy a military-grade web application firewall (WAF) with a GUI and management console.

Check out Atomic WAF.