DenyAll product refresh focuses on automation

DenyAll announces a refresh of its entire product line. New features address the needs of DevOps teams by simplifying and automating tasks associated with testing and protecting web applications, web services and APIs.

Continuous integration and delivery is the name of the game for any business looking at digital transformation as a competitive differentiation opportunity and breaking organizational silos to achieve greater agility. Application security tools can be of great help, assuming they embrace the automation paradigm. DevOps teams can use them to create applications that are secure by design, continuously tested for vulnerabilities and protected from automated attacks.
The need for automation and ease of administration is at the heart of innovations built into DenyAll’s latest appliances and cloud services, namely:

  • Web Application Firewall (WAF) version 6.3 and its associated modules, Web Services Firewall (WSF) and Web Access Manager (WAM), shipping this week,
  • Vulnerability Manager 6.5, shipping at the end of the month,
  • Cloud Protector, the company’s fully automated, WAF-as-a-Service.
New automation features

The new products and services include the following automation-related features, which aim at optimizing administration time and security effectiveness:

  1. Configuration cloning: administrators can clone tunnels in DenyAll WAF without any pre-configured HA, so tunnel configuration is automatically synchronized when a third party load balancer is positioned in front of the WAF. The new orchestration API helps automate other similarly repetitive management tasks.
  2. Application learning: the revamped sitemap function in DenyAll WAF automatically learns HTTP/REST apps and APIs from developer or preproduction traffic logs, or Open API/Swagger files. It automatically learns paths, methods and parameters, saving valuable time.
  3. False positive management: a new token concept in DenyAll WAF simplifies false positive resolution, by allowing 1-click resolve on alerts generated by the platform’s several, complementary security engines, which leverage negative, positive, normalization, heuristics, grammar analysis and user behavior analysis techniques.
  4. Vulnerability checking & virtual patching: Vulnerability Manager can read Swagger files written by developers, or generated by DenyAll WAF, to speed the process of detecting application vulnerabilities, using the new automatic web crawler and semi-automatic proxy mode for authenticated pages. It can update the initial descriptor and pass it on to DenyAll WAF for automatic validation and virtual patching.
  5. Monitoring & Reporting: deep diving into the WAF’s comprehensive log data is made easier with DenyAll WAF’s configurable security dashboard based on Elastic Search and Kibana. Some teams may prefer Cloud Protector’s simplified, multi-tenant and customizable role-based alerting system which offers similar visibility into their web applications’ traffic.
  6. Global delivery & caching: the automated WAF-as-a-Service has evolved, based on the input of the large and mid-size customers who have adopted it. To make web administrators’ life even easier, it now features Content Delivery Network (CDN) features, combined with granular policy configuration and customization options.
Chaining engines for higher security effectiveness

DenyAll WAF now embeds several security engines initially created within DenyAll rWeb, the company’s historical WAF. In addition to a normalization engine which can helps prevent WAF evasion attempts, administrators can take advantage of the Scoring List’s heuristics engine to identify zero-day attacks and two advanced detection engines, SQLi Sec and PathSec, which use grammatical analysis to identify more advanced attacks. Chaining these with the product’s core negative and positive security engine helps achieve greater security effectiveness, useful for most critical web applications and web services. As a result, DenyAll WAF 6.3 is a solid version for rWeb customers to transition to.

Upcoming live demonstration webinar

Join our webinar on March 30, 2017 at 11h CET for a live demonstration of these new features and a taste of the benefits they will bring to your DevOps teams once they adopt them.

Customer and partner registration

About DenyAll
A Rohde & Schwarz Cybersecurity company. DenyAll helps organizations go digital by ensuring user interactions are seamless, yet secure. DenyAll’s cloud services and appliances simplify the job of security and DevOps teams throughout the software development lifecycle, as they seek to deliver a safe digital environment. They help identify, prioritize and patch vulnerabilities. They simplify and strengthen user access to applications, wherever people connect from and wherever applications are located. They also block attacks targeting web applications, the APIs and web services powering mobile apps, by evaluating user behavior in context to respond appropriately. With DenyAll’s next generation application security tools, ensure your users enjoy a secure digital experience. Go to and to find out how.

About Rohde & Schwarz Cybersecurity
Rohde & Schwarz Cybersecurity is an IT security company that protects companies and public institutions around the world against cyberattacks. The company develops and produces technologically leading solutions for information and network security, including highly secure encryption solutions, next generation firewalls and software for network analysis and endpoint security. The multiple award-winning IT security solutions range from compact, all-in-one products to customized solutions for critical infrastructures. The trusted IT solutions are developed based on the new security-by-design approach for preventing cyberattacks proactively instead of reactively. Around 450 employees work at the current locations in Berlin, Bochum, Darmstadt, Hamburg, Leipzig, Munich, Saarbrücken, Paris and Montpeller.

Press contact DenyAll:

Stéphane de Saint Albin
Tél. : +33 1 46 20 96 21


Call Back