Return to Events

IIJ to Offer IIJ WAF Solution to Block Attacks on Web Applications

dl button PDF [362 KB] 17 September 2014

TOKYO-September 17, 2014-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that it will begin offering IIJ WAF Solution on October 1, 2014. This product will act to counter malignant web-based attacks that exploit vulnerabilities in web applications.

WAF is a firewall for web applications that prevents unauthorized access and website defacement from outside the network by managing and analyzing traffic at the application level. IIJ WAF Solution will defend web applications against attacks, including SQL injections (*1) and cross-site scripting (XSS) (*2), thus maintaining customers' websites secured. IIJ WAF Solution will be offered through a partnership between IIJ and NRI SecureTechnologies, Ltd. (NRI Secure).

Deploying the top-selling advanced appliance

With IIJ WAF Solution, SecureSpheres—advanced appliances produced by Imperva Inc. that boast the highest market share in Japan- will be installed in customers' systems. IIJ and NRI Secure will then provide remote monitoring, operating, and support. SecureSphere combines a proprietary security engine and a cyber-attack detection feature to accurately pinpoint and guard against attacks on web applications. The SecureSphere product line offers advanced appliances capable of being deployed on systems of any size. Furthermore, SecureSphere doesn't require modifications to the configuration of existing network as a transparent access gateway.

High-quality security monitoring and operating support

IIJ's experienced engineers will provide everything necessary to meet customers' system requirements: design, construction, operation, support and installation consulting. In addition, IIJ and NRI Secure will monitor and analyze traffic logs 24/7, to detect and rapidly respond to warning signs and occurrences of security incidents. This around-the-clock support will include security policy tuning and updates with the latest threat signatures. By partnering with NRI Secure who has advanced career of WAF services, IIJ will help customers achieve stable website operations.

Cyber-attacks have become more sophisticated and varied in recent years. Therefore, to protect corporate systems, a variety of measures are required at all levels-from the network itself to the application. In addition to WAF, IIJ offers a wide range of security services, including firewalls that control traffic to and from company networks, IPS/IDS that detect and block unauthorized access, and anti-DDoS services to defend systems from large-scale attacks attempting to disrupt service. Customers can mix and match these products and services to achieve higher levels of security under a one-stop operational system.

(*1) SQL injection: An exploit in which an attacker accesses a web server and inputs invalid SQL commands to control databases linked to that system. Attackers can view and modify parts of databases for which they do not have permissions, thus obtaining confidential data, overwriting web content, or engaging in other mischief.

(*2) Cross-site scripting (XSS): An attack that exploits vulnerabilities in web pages, such as bulletin board services, that accept user input for producing HTML pages dynamically. The attack executes malicious scripts on users' web browsers. These scripts have the potential to allow attackers to steal cookie data and then impersonate the unwary users, or to display false pages in place of legitimate websites for use in phishing scams.