Web application is one of the top three attack patterns and the number one source of data breach for financial services firms.
2019 Data Breach Investigations Report, Verizon, April 2019
How Wallarm works
Unlike default cloud WAFs, Wallarm automates protection for apps and APIs with no manual tuning and investments into ongoing maintenance allowing the team to focus on different tasks. It scales. It works.
Watch our quick demo videos
Wallarm Protects Leading Financial Services Companies
Now, the market continues to grow. In-game purchases are a niche form of in-app purchases. Xsolla has also grown into a global company working with more than 2,000 game project developers and publishers worldwide. Xsolla operates:
As Merchant and Seller of Record and Seller for major gaming entities like Valve, Twitch, Ubisoft, Epic Games, PUBG, and more.
In 200+ geographies and 20+ languages
With 700+ payment methods and 130+ currencies
Automatic transactions that are 100% PCI DSS compliant
Compliance with regional laws, taxations, and transaction-related fees
Localized UI, multilingual support
415 Brannan St, San Francisco, CA 94107 (415)940-7077 request@wallarm.com
Christian Folini is a security engineer and open source enthusiast. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the second edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the "Swiss Cyber Storm" conference.
Kavya is an award-winning cybersecurity professional with a deep interest in immersive and emerging technologies. She is also the founder of a non-profit, XR Safety Initiative (XRSI). Kavya is constantly exploring new technologies to solve current cybersecurity challenges. She has been named one of the Top Cybersecurity influencers for two consecutive years 2018-2019 by IFSEC Global.
Christian Folini
Partner & Consultant at Netnea.com. Cyber Security expert. Program chair of the Swiss Cyber Storm conference
Kavya Pearlman
Global Cybersecurity Strategist, Wallarm
Dashboard overview
Dissecting one attack
API Deep Request Inspection
Scanning the attack surface
Speakers
1. Modern AppSec challenges for Financial organizations
Besides OWASP Top 10 and other threats that web-apps typically face, fintech also sees different kinds of API Abuse, fraud, and credential stuffing (ATO).
2. How to protect assets in a multi-cloud environment
Infrastructures distributed across different CDNs and apps hosted in multiple regions/clouds create a whole new set of challenges for security leaders and practitioners.
3. Why legacy security tools fail modern threats
Massive loads of traffic. A high velocity of development. Strict requirements for latency and false positives. A new setting makes traditional tools both inefficient and harmful for business.
In addition to traditional challenges, evolving landscape of threats, massive shifts in the the tech stack add a few more pains to DevOps and security teams. Wallarm helps gain real-time insight and control over all of their digital assets that operate at the web layer while maintaining compliance with the Payment Card Industry (PCI) Data Security Standard (DSS).
I need to protect both legacy apps and modern APIs that we're moving from private cloud to public cloud providers.
Our apps suffer from account takeovers and different kinds of automated API abuse.
My old WAF constantly requires tedious tuning and team resources. Still, I can’t really use it in a blocking mode.
Parts of my business need isolated consoles to manage WAF for their assets.
I need to find a product that my DevOps / Infrastructure team would vet for usage in our cloud native environment and massive load.
I need to stay in compliance with PCI regulations.
Wallarm offers a single source of control for the security of websites, applications, and APIs, hosted across multiple cloud environments and Kubernetes clusters.
Unlike traditional WAFs, Wallarm doesn’t need manual tuning and investments into ongoing maintenance to minimize false positives. It just works.
Wallarm protects against credential stuffing and API abuse.
Give every team a level of visibility and control over the protection of their assets while keeping an option to manage the entire portfolio from a single dashboard.
DevOps teams like Wallarm as they can automate deployment, updates and monitoring with their existing tools such as Terraform and Ansible. It also meets the strictest requirements for added latency.
Wallarm strengthens security posture and keeps the traffic on premises while helping to meet PCI compliance. Wallarm is SOC2 Type II compliant.
Key pains and benefits
Wallarm vs Traditional WAFs
Webinar May 28th at 10 am GMT+1 / 11 am CET
Modern Security challenges for European Financial organizations
Sign Up for Webinar
☝️Limited seats available
Addressing Modern Security challenges for FinTech with OWASP
Webinar | May 7th | 11:00am PST (2:00 pm EST)
1. Modern AppSec challenges for the FinTech companies
Besides OWASP Top 10 and other threats that web-apps typically face, fintech also see a lot of specific trouble due to different kinds of API Abuse, fraud, and credential stuffing (ATO).
2. How to protect assets in multi-cloud environment
Infrastructures distributed across different CDNs and apps hosted in multiple regions/clouds create a whole new set of challenges for security leaders and practitioners.
3. Why do legacy security tools fail modern threats
Massive loads of traffic. A high velocity of development. Strict requirements for latency and false positives. A new setting makes traditional tools not only inefficient but sometimes harmful for business.
Share:
Talks with OWASP series
Wallarm helped Xsolla to up their security game without reinventing the wheel. It provided the ease of use they needed with intelligent threat-detection and critically helped them with compliance.
Xsolla is able to extend security to its customers with a 100% guarantee of liability for player payments in any country and currency it serves. With Wallarm deployed and people trained across Xsolla's custom applications and distributed infrastructure, Xsolla is able to satisfy PCI DSS compliance requirements confidently.
The biggest takeaway for Xsolla was that Wallarm is an incredibly easy-to-use product. No sacrifice with its comprehensive security. They love the machine learning aspect, which allows them to focus on growth. The interface is truly clear and intuitive, and there were no problems training anyone at their company. Switching to Wallarm's enterprise solution with support meant minimal resource allocation from Xsolla. Once tuned initially, it just worked. Instant security upgrade.
As a fintech company in the gaming space, one of Xsolla’s most important priorities is protecting its customers’ funds and safeguarding its customers’ data loyalty.
Webinar May 28th at 10 am GMT+1 / 11 am CET
Register for the webinar to learn more about Modern Security challenges for Financial organizations
Scaling E-Commerce Security for the Video Game Business Engine Speaks To Scaling Any Fintech Security
Xsolla
Ian Johnson
Security Solutions Architect, Wallarm
Ian has spent the last ten years working at the market-leading vendors in the application delivery and vulnerability detection. Helping customers with the protection of their web applications and APIs using scanning tools and a variety of Web Application Firewalls
Wallarm is an Enterprise solution with full support and doesn't require continuous attention. Once the system is turned on, all we do is look at the reports, review any rare false positives, and feed the information back into the system. Each of our custom self-written applications have their own loads and traffic profiles.
Konstantin Golubitsky, Xsolla CTO
Traditional WAF
Wallarm
Blocking mode with near-zero false positives for the apps that update every day
Scalable deployment in multi-cloud and cloud-native / Kubernetes environments
Robust API protection for JSON/XML based APIs, websockets, gRPC, graphQL