BinarySEC provides Web application firewall functionality for the Apache Web server on Linux boxes. It is designed as an Apache module, with the ability to intercept, analyze, and if necessary block malicious transactions leveled against the Apache server.

The key feature of BinarySEC is its behavioral-based analysis algorithms (no signature updates required); which the vendor states enables it to prevent such attacks as XSS, SQL injection, PHP code inclusion, directory traversal, etc. The product operates in a three step fashion; intercepting the HTTP request, forwarding it to a baselining/analysis engine for enrichment of the baseline and/or identification of abnormality, and then, if the transaction is deemed abnormal, blocking the transaction and returning an error message to the end user. The vendor states that the product requires a learning period of "a few days," during which the administrator can configure the product to monitor and alert on potential attacks only (no blocking). Following the learning period, the administrator may then switch the product to apply inline blocking of the suspect transactions if they desire. Alerts can be recategorized by the administrator via a one-click process in the event of false positives; a process that the vendor states may commonly occur during the learning phase and immediately following functional changes to the Web application or the Web site.

The vendor notes that the module itself takes up 128 MB RAM and consumes about 2% of the CPU on an average machine. Installation requires no network changes.

Other features include support for the analysis of SSL traffic without decryption; a GUI installer; a traffic and alerts display tool; an administration GUI (with support for the monitoring of multiple servers, sites, and domains); and forensic identification features.

BinarySEC is available now. Pricing starts at $890 for the protection of two sites; with volume discounts available.

A free trial version can also be downloaded for unlimited-time usage on a single Web site; the free trial is limited, however, to the analysis of only 5,000 transactions per day (transactions following the 5,000 are not analyzed or blocked).

Contact the vendor for further information.