Overview

Armor, formerly known as “firehost” has raised the bar across the Web hosting industry by offering fully integrated, best-of-breed Web application security as a standard part of its managed hosting service. Cost-effective, compliance-ready Web hosting services set Armor apart from its peers and provide the foundation for its well-known security-focused brand. With all aspects of its virtualized infrastructure locked down, Armor helps protect its customers from external cyber attacks and stringent access controls help prevent insider abuse. The company’s secure servers are cloaked by redundant firewalls, multi-level intrusion prevention, DDoS mitigation defenses, and many other protective measures.

Armor’s Hardened, Secure Servers Extend Protection to Web Applications

Armor security engineers identified application-layer attacks to be among the most dangerous threats for their customers’ applications. A Web Application Firewall would help fill the gap and play a key role in Armor’s security infrastructure Before evaluating potential Web Application Firewall solutions, the Armor security team established the following product requirements:

  • Accurate protection with an extremely low rate of false positives— Companies choose Armor as their Web hosting provider because it offers enterprise-grade security. To maintain the company’s brand and to safeguard customers’ applications, the Web Application Firewall had to stop all Web-based threats without blocking legitimate traffic.
  • Centralized management manage – Armor needed to be able to centrally configure, and monitor multiple Web Application Firewalls from a single location.
  • Granular security policies—Multi-tenant features, like hierarchical management, were essential. In addition, security engineers needed to be able to fine-tune policies based on specific application requirements
  • Ultra high performance—For Armor, scalability was paramount. The company
    needed a solution that could scale to multi-gigabit throughput to protect tens of
    thousands of Web applications.

Armor conducted an in-depth evaluation of several leading Web Application Firewalls, and security engineers subjected the products to a battery of penetration tests, including manual and automated application attacks. Engineers also examined product performance and latency. In terms of security accuracy and policy flexibility, the Imperva SecureSphere Web Application Firewall far surpassed alternative solutions. In addition, CEO Chris Drake says that several of the other solutions “just couldn’t handle the throughput or the number of IP addresses required for our deployment.”

Powerful Policy Control, Detailed Protection Reports for Armor’s ‘Security View’

Armor deployed the SecureSphere Web Application Firewall to protect its own proprietary Web applications as well as to protect customers’ hosted applications. SecureSphere offers several unique features to streamline setup and configuration. First, SecureSphere provides completely centralized management, so all policy configuration, web application profile management, signature updates and monitoring and alerting functions may be managed from a single dashboard. This capability accelerates deployment and it allows Armor to easily add more SecureSphere appliances to their infrastructure over time—the SecureSphere MX server will automatically apply security policies to these new appliances.

Armor also required multi-tenancy features in order to protect multiple customers using a single SecureSphere appliance. Leveraging hierarchical management, Armor was able to apply policies globally, to individual groups and specific application. Since many Armor customers use packaged applications like WordPress, MODx, Magento, and Drupal, Armor has created group policies to protect these Web application. Specific rules can be defined to accommodate unique application. Armor configures individual security polices for clients with custom web applications.

For Chris Drake, it is important to transparently demonstrate the level of protection Armor provides. Powered by the SecureSphere Web Application Firewall, Security View, a real-time dashboard of cyber attack blocks, makes Drake’s vision a reality. “Most companies don’t realize how many attacks their websites receive on a daily basis. Security View exposes the reality of cybercrime and lets our customers know we’re really
looking out for them,” said Drake.

Ironclad Web Application Protection Helps Armor Prevent Cyber Attacks

Armor’s secure, managed hosting helps businesses address PCI, HIPAA, and SOX compliance requirements and safeguard their sensitive data. Many well-known companies, including Internet security companies, healthcare organizations, and financial companies, have selected Armor because maintaining a secure brand is essential to their success. Other clients rely on Armor Secure Servers to help rebuild their reputation after damaging cyber attacks. As the backbone of Armor’s secure managed hosting services, the Imperva SecureSphere Web Application Firewall helps protect tens of thousands of web-based applications from cyber attacks every day.