WhiteHat Security and F5 partner for website security

March 10, 2008
WhiteHat Sentinel and F5 BIG-IP application security manager integrate via F5's iControl API

LONDON, MARCH 10, 2008 – WhiteHat Security and F5 Networks, Inc. today announced a partnership agreement. The partnership yields a uniquely powerful and efficient solution that provides organisations with a new means of combating the onslaught of website attacks that place customer and corporate data at risk. F5's open iControl API provides the integration between WhiteHat Sentinel, the industry-leading website vulnerability management solution, and the award-winning F5 BIG-IP Application Security Manager (ASM) web application firewall. As part of this agreement, WhiteHat has also joined F5's Technology Alliance Program.

"The integrated solution brings the entire industry to a new level of website protection—with extreme accuracy and efficiency," said Stephanie Fohn, Chief Executive Officer at WhiteHat Security. "Customers have been waiting for a solution that delivers rapid identification and immediate repair of vulnerabilities. The F5-WhiteHat alliance makes complete website security simpler than ever for the end-user."

The Solution Elements

A web-based subscription service, WhiteHat Sentinel combines advanced proprietary scanning technology with expert analysis, enabling customers to identify, prioritise, manage, and remediate website vulnerabilities as they occur. F5's ASM provides proactive network and application-layer protection from generalised and targeted attacks by understanding the user interaction with the application. Through the F5 iControl API, WhiteHat Sentinel will be able to directly configure policies on F5's ASM to protect against vulnerability exploits (e.g., cross-site scripting, parameter tampering, SQL injection) found during the scanning process.

Achieving PCI Compliance 6.6

The combined solution from WhiteHat Security and F5 fully meets requirement No. 6.6 (Develop and maintain secure systems and applications) of the PCI compliance standards developed by VISA, MasterCard, and other major credit card companies. According to the standard, an organisation must do at least one of the following to meet this requirement:

• Undergo application scanning and code review by an application security specialist -OR-
• Install a web application firewall in front of the web-facing applications

This partnership enables customers to achieve both requirements in just one step.

Existing customers of both WhiteHat and F5 will benefit from the partnership immediately through the ability to leverage their investments with the added security and automation of the combined solution. The Sentinel-ASM integration simplifies and speeds vulnerability remediation by finding the problem, and then fixing it through "virtual patching." Developers also gain more time to fix code without leaving applications exposed. Customers will benefit through:

• Increased protection via WhiteHat Sentinel's rapid identification of web application vulnerabilities, with minimal false positives
• Highly targeted vulnerability remediation (virtual patching) via ASM
• Simplified management: Data is continuously filtered and validated to provide only actionable results
• Ease of operation: A simple interface with one-click remediation

"Our partnership with WhiteHat elevates ASM, allowing us to offer a more comprehensive website security solution using trusted data from an industry leader," said Ken Salchow, Senior Technical Marketing Manager at F5. "ASM's integration with Sentinel offers our customers immediate time and cost savings. With the ability to apply a 'virtual patch' to their sites, they can effectively mitigate the most pressing risks with confidence and address the root issues as time and budgets allow. That type of flexibility and security assurance is quite rare in this industry."

Availability

The F5 ASM and WhiteHat Sentinel integration will be generally available in CYQ2 2008. Existing customers who have both WhiteHat Sentinel Service and F5 ASM with an active maintenance contract will receive integration automatically. F5 ASM customers will need to subscribe to the Sentinel Service. All WhiteHat customers will have access to F5 ASM integration capabilities as a new feature in both Sentinel SE and PE, but will need to purchase F5 ASM to take advantage of the integration.