WebAlarm is an enterprise-grade data integrity monitoring and recovery system. Its main functionality includes:

For more information on WebAlarm, click here.

WebAlarm plays a different role compared to the firewall.

A firewall is good as a network gateway that controls what network traffic is allowed to pass through it. Firewalls are important to filter unnecessary traffic and some common network-based attacks. However, many web attacks are embedded within the web traffic that is allowed by the firewalls.

That's where WebAlarm comes into the picture to function as an additional layer of defense against unauthorized data changes. WebAlarm, even though will not prevent the attacks, will immediately detect any successful data change caused by these attacks and will take the necessary actions. WebAlarm is there to clean up the mess when all other preventive measures have failed.

WebAlarm monitors the web data, detects unauthorized changes and performs automatic recovery.

WebAlarm does not prevent the hacking activities, but will play an important role after any successful hacking to recover the web content to its original state.

WebAlarm is not a preventive system (like firewalls), but a data change detection and recovery system.

Dynamic web content is generated by a web application where the output of the web application is changing based on either user input, system time, or data in the database.

WebAlarm can protect dynamic content by firstly monitoring the web application program files that generates the content. Next, WebAlarm can be used to monitor selected data in the database by using custom SQL scripts.

The database files are controlled directly by the database management system (such as Oracle, SQL server, etc). These files are not suitable to be monitored directly by WebAlarm.

However, database query scripts can be written to select critical data within the database and to output the query results to text files that can be monitored by WebAlarm. The scripts can be scheduled to run periodically to generate the output data.

In this case, WebAlarm will only detect changes, but will not perform automatic recovery.

WebAlarm is a detection and recovery system. It does not prevent web attacks such as cross-site-scripting or SQL injection.

However, if such web attacks have modified any of the data monitored by WebAlarm, it will trigger data violation alerts and performs the necessary data recovery where possible.

WebAlarm will complement web application firewalls in defending against such attacks.

WebAlarm provides the most comprehensive data update management options, including on-demand updates, scheduled updates, and also automated update detetion and publishing using the WebAlarm UMA component.

For on-demand and scheduled updates, WebAlarm only accepts changes during the speficied time period.

For automated update using UMA, WebAlarm only accepts changes sent from the UMA.

WebAlarm runs as a background process on the server. During each file scan cycle, WebAlarm will consume some CPU and I/O resources but will not introduce much delays to the server, typically less than 10% of the server resources. When WebAlarm is not scanning, no resource is consumed.

WebAlarm configuration allows administrator to throttle WebAlarm scanning speed to reduce system resource usage.

WebAlarm on the Windows OS has a special feature using the OS file event triggers to detect file changes, which does not use any system resources.

WebAlarm can be configured to send SNMP events to any network management system (such as HP OpenView, IBM Tivoli, CA Unicenter, OpenNMS, etc).

The administrator will see the WebAlarm data integrity violation alerts within the network management console.

By using the WebAlarm Update Management Agent (UMA), WebAlarm should work with various types of content management systems.

In this case, the content management system should be configured to publish any content change to a folder monitored by the WebAlarm UMA. The UMA will then propagate the updates to the live web servers.