eMARA

The Application Delivery Controller

The Application Delivery Controller combining Single Sign-On, load balancing, SSL offloading, application layer security, content acceleration and integrated Web Application Firewall.

If your company provides B2B-, B2C-, online-, Intranet-portals or web applications in general, you need technology that can provide security, confidentiality, authentication, flexibility, high performance, and availability. eMARA is the integrated front-end solution that provides all of those functions in one box.

eMARA's Benefits

Compliance

Many companies are affected by regulations such as the Payment Card Industry DSS standard. Compliance often implies a solution that controls both incoming (Web Application Firewall) and outgoing (Data Leakage Prevention) traffic.

Comprehensive Solution

eMARA as a single solution with fully integrated functionality including rich firewalling-, networking-, and proxying features combined with application-layer security makes other purchases obsolete.

Performance

Content acceleration by caching and SSL offloading/termination reduce the load on the backends dramatically. The high performance firewall avoids throughput bottlenecks in complex scenarios.

Scalability

The advanced networking features of eMARA allow even complex scenarios and are flexible to support growing and/or changing environments. With load balancing, arbitrary many servers may be used as backends.

Unified Access Control

The authentication framework brings a simple all-in-one solution supporting e.g. SSL client certificates, cookies, LDAP and Single Sign-On. Granular and context-aware policies allow an easy and secure management.

Features

Authentication

Central Single-Sign-On portal for all backend applications. All access control is centrally managed and supports for example LDAP, Active Directory, client certificates, and third-party cookie-based authentication mechanisms.

Content Acceleration

Caching, compression, load balancing, and SSL offloading minimizes backend load and improves the quality of service.

Reverse Proxy

Secure, confidential, fine-grained and efficient management of portals and applications that require various proxy features, such as custom URL-, header- or content-rewrite with High-Availability-Cluster and IPv6-gateway support.

Web Application Firewall

Protection against information leakage and most common attacks such as various injections, HTTP response splitting, XSS, CSRF, and session hijacking by using cookie encryption, anti-virus scanning, and fine-grained WAF rulesets.

Frequently Asked Questions

What are the advantages of a Web Application Firewall (WAF)?

Besides Data Leakage Prevention, a Web Application Firewall enhances security by means of guarding from common web-based application threats.

In order to detect application-layer attacks (for example Injection, Cross-Site Scripting, Cross-Site Request Forgery or session/cookie-based flaws in general) and prevent them even before they reach the application itself, the HTTP-traffic (layer 7) gets interpreted and monitored. This allows checking requests (or at least responses) for suspicious activity or known weaknesses that have not been fixed by the maintainer so far on the basis of included signatures or custom rulesets.

This global approach as "Single Point of Detection", combined with a fine-grained control, ensures protection of several systems without the need of touching the existing applications and helps meeting the PCI DSS requirements. The use of cookie-encryption improves the protection against several common threats once more significantly.

Unlike normal firewalls, the Web Application Firewall feature allows eMARA to detect malicious but harmless-looking HTTP-Traffic - an SQL-Injection scenario is only one single example under the plenitude of threats where restricting direct database access is not enough.

Often confused with and mistaken for an Intrusion Detection or -Prevention System, a Web Application Firewall provides security tailored for a web application's needs: In contrast to common IDS/IPS, it comprises inspectable HTTPS, authentication with Single Sign-On, session hijacking etc. protection, request/response manipulation, application-based logging/reporting, and many more HTTP-layer features.

Network Appliances - Securing Your Freedom