What is the threat prevention landscape, and how does our solution fit in?
The Cadillac Approach
There are comprehensive solutions to defend against and fight off attacks, which serve as protective walls around your database. The "Cadillac" approach requires the installation of a separate physical hardware box, which serves as a Web Application Firewall (WAF). If you have a dedicated server and a generous budget, you can drop a WAF in front of your server and defend against attacks with a battery of sophisticated defenses. This approach is often found in well funded, high-profile, major businesses and institutions where it is "defend at all costs".
The high-end solution with high-end dollars protects the elite. But for those who do not have a generous budget, there is a more cost-effective alternative. So long as you have administrative control over your server, you can install a Software-based solution that is deployed on the web server itself. SC Magazine recently reviewed one such moderately priced software-based WAF. It can be installed on your web server for the one-time price of $3,900, or alternatively at an annual subscription rate of $1,800 per year! These comprehensive software-based solutions are configured and installed into IIS, which means that you will not have the administrative authority to install it on a Shared Server. So for many users running on shared servers, this is a non-solution.
What if you can't afford a Cadillac?
The only remaining alternatives, which adequately reduce the price-point to address the needs of small business, are 1) solutions that reconfigure your network and reroute your traffic offsite, or 2) SQL Injection Shield™. Even if you have a dedicated server, SQL Injection Shield™ delivers an impressive solution at a much more affordable price.
Collectively, the "Cadillac" Hardware solution and the somewhat less expensive Software-based solutions do not address the needs of small business, and they LEAVE OUT about 90% of websites that need protection against SQL injection attacks. That is where SQL Injection Shield™ steps in!
The SQL Injection Shield™ Answer
SQL Injection Shield™ costs $79 per year! That's it! In addition, it does not require its own Hardware, like the "Cadillac" solution, nor does it require Administrative control over your server in order to install, like the other Software-based solutions. Whereas the "Cadillac" solution is deployed on its own Hardware, and the Software-based solutions are deployed on the web server itself, SQL Injection Shield™ is deployed on the Web Site. As a result, you do not need Administrative control over your server in order to install it or make network configuration changes, like some other solutions that reroute you offsite. This means that even if your are running on a SHARED SERVER, you can install SQL Injection Shield™ as easily as you can install anything else on your website. And as quickly!
Why Are Websites Vulnerable?
Most sites are vulnerable to SQL injection attacks because back doors are left open to databases by poor coding practices that do not adhere to good security standards. Hackers unleash hordes of robots to look for sites that have these coding weaknesses. When they find them, they attack relentlessly to unlock any possible doors into the database. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are completely ineffective against an attack on the Database.
Signature Recognition Doesn't Work!
Signature patterns look for the fingerprints of an attack when it knocks on the door. The reason that SQL Signature evasion is so easy for hackers to pull off is simply because there is so much freedom! Static Signature patterns could never catch all of the creative sidesteps of hackers. If you can't stop the threat at the door via signature recognition, then there is a greater need for a comprehensive combination of tools and approaches to mitigate the statistical odds of success. You bring a suite of tools to the table, to buy insurance. You block suspect IP addresses, try to identify robot farms that send out the invading hordes, etc., and then package it together in a comprehensive bundle.
How Are We Different?
SQL Injection Shield™ does not use static Signature recognition to thwart SQL injection attempts. Instead, we use a powerful proprietary method of identifying attacks when they show up at your door, and then kill them there. The entire battle is in identifying the attack before you let it through to the database engine! SQL Injection Shield™ is effective because hackers cannot so easily side-step our Shield, the way they side-step Signature recognition techniques. We are not alone in this strategy! But we believe we are among the very best, and we are the only one offering it for $79 per year.
How Do We Fit In?
So SQL Injection Shield™ does not offer an all-inclusive suite to thwart other types of attacks. We go after the main bandit, the one that steals your credit cards, business records, and other high-value target data from your database! Although we do not protect against session Hijacking or Denial of Service, we do a GREAT job of stopping SQL Injection attacks!
For those of you who get attacked, buy our Shiled and install it on your website immediately, as an immediate line of defense against the attacks. If you want to find out whether or not you are being attacked now or at any time in the future, install SQL Injection Shield™ for FREE and get free attack notifications forever! You will have it up and running approximately 5 minutes after you download it. Then, if you ever decide you want a more expensive and comprehensive solution, keep SQL Injection Shield™ up and running as your last line of defense. You might be surprised by how you find out about subsequent attacks.
Where Did We Come From?
SQL Injection Shield™ was first installed in 2009, in exactly that way! To stop attacks against the vital business data at a service provider for multiple Fortune 500 companies. It was installed in a panic, surprise, crash mode, as an immediate line of defense. SQL Injection Shield™ is still protecting these websites today, and no "comprehensive" package was ever purchased. Thousands of SQL Injection attacks have been thwarted over the last four years, and no attacks have ever been successful!