BURLINGAME, Calif.(BUSINESS WIRE) Mykonos Software, developers of Web application security technology, today announced a new release of their flagship product, the Mykonos Security Appliance, aimed at preventing Web application abuse. Targeted at organizations with significant web properties such as e-commerce sites, SaaS providers, and consumer on-line services, the Mykonos Security Appliance prevents malicious automation abuse, data theft and fraudulent transactions from occurring through vulnerabilities in Web applications.
"Every day we hear about security incidents even though firewalls and network layer security are widespread," said David Koretz, President and CEO of Mykonos Software. "The reason incidents are so prevalent is because the primary security threat for businesses now comes through a browser. Every company with a Web application has opened a door for many threats to enter."
The Mykonos Security Appliance helps companies prevent their Web applications from being asked to perform tasks they were never intended to perform. The product has three key features. First, it helps organizations gain real-time detection of Web application introspection before the damage is done. Second, it allows companies to respond to introspections with policy-based countermeasures that are designed to discourage abuse. Third, it identifies attackers (not IP addresses, but the actual attacker) and builds a profile of their behavior so that their methods can be analyzed and future counter-measures can be tailored.
The Mykonos Security Appliance works by inserting variable and random detection points into the code as it is delivered to the browser. If an attacker abuses these code-level traps and honey-pots they identify themselves, with no chance of a false positive. The Mykonos Security Appliance identifies the person, not an IP address, and gives the attacker a name, so that future intrusion attempts can be highlighted as repeat visits and thwarted appropriately.
Early detection of an attack is important because it saves IT security departments significant time and money because the cheapest attack is the one that is never completed and requires no response.