1 / 34

CLOUDy WAF

CLOUDy WAF. Agenda. What, Where, Why and When? Introducing CLOUDy WAF Key Features, Business Benefits and Differentiation CLOUDy WAF M anagement Model Offering and Technical Specifications Summary. Slide 2. What, Where, Why and When?. Who?. Why?.

noam
Download Presentation

CLOUDy WAF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CLOUDy WAF

  2. Agenda • What, Where, Why and When? • Introducing CLOUDy WAF • Key Features, Business Benefits and Differentiation • CLOUDy WAF Management • Model Offering and Technical Specifications • Summary Slide 2

  3. What, Where, Why and When?

  4. Who?

  5. Why? Prevent credit card fraud through increased controls around data and its exposure to compromise Applies to all organizations which hold, process, or pass cardholder information

  6. What?

  7. When?

  8. Why do you care?

  9. Few Companies Feel Fully Compliant

  10. Why Web Application Firewall?

  11. Why Web Application Firewall?

  12. Why Web Application Firewall?

  13. Web Applications Security Threats Statistics Most prevalent vulnerabilities http://www.webappsec.org/projects/statistics/, 2007

  14. Common Web Application Threats SQL injection Cross-site scripting Parameter tampering Hidden field manipulation Session manipulation Cookie poisoning Stealth commanding Backdoor and debug options Application buffer overflow attacks Brute force attacks Data encoding Unauthorized navigation Gateway circumvention Web server reconnaissance SOAP and Web services manipulation

  15. Web Applications Facts A Web Application consists of several sub Web Applications Each sub Web Application is a large collection of Web Pages Web Applications are complex, some parts are more complex than others parts Web applications are: Exposed to virtually everyone Easy to exploit: all you need is a Web browser

  16. Web Applications FactsWhat does they mean? Not all sub-Web Applications are vulnerable to the same threats Detecting wide range of vulnerabilities on Web Applications is a CPU/Memory demanding task Web Application complexity implies complex WAF configuration

  17. What does WAF do? Mitigate brute force attacks Maintain parameters validity Ensures users walk through a legitimate path Secure users sessions Detects unauthorized content in outbound reply messages

  18. Introducing Radware AppWall Slide 19

  19. Radware AppWall AppWall is a Web Application Firewall (WAF) AppWall secures Web Applications and enables PCI compliance AppWall detects threats, blocks attacks and generates events An integral part of Radware ADC solution Helps organizations meet regulatory requirements Slide 20

  20. AppWall Differentiators Minimal time to protection through out-of-the-box security policies Precise security coverage through fine grain policy control while optimizing resource usage Integral part of Radware ADC solution Standardized on the OnDemand Switch hardware platform Unique, “pay-as-you-grow” scalability by device Automatic protection level escalation When AppWall cluster is deployed When several AppWall devices are deployed is different locations in the organization Slide 22

  21. AppWall Advantages Easy to configure through Learning Mode with Auto Configuration Complete alerting, forensics, and reporting capabilities Integration to leading Enterprise Management Systems Syslog, ODBC, SMTP, OPSEC Highly performing – sub millisecond latency Comprehensive, simplified management Enabling to centrally synchronize the configuration and learned data to all devices Slide 23

  22. Highly Performing WAF Fine grain security enforcement based on Application Paths configuration Define optimized Security Policy Per Application Path Dynamically adapt to the needs of the application, resulting in: Inspection of exactly what is required Optimized application performance Optimized system • No limit on the number of AppWall Cluster members • Performance scalability based on the requirement of the application • Introducing more inspection power with time, controlling costs Slide 24

  23. AppWall Events Dashboard Slide 25

  24. Intuitive Management and Security Logging Slide 26

  25. Events Statistics Slide 27

  26. Negative & Positive Security Models Support Slide 28

  27. Comprehensive Security Filters Coverage Vulnerabilities Security Filter Validates HTTP requests using rule-based validations that detect a variety of application layer security threats (Signatures based). Brute Force Security Filter Protects against Brute Force attacks by creating action rules and blocking IP addresses of potential attackers Database Security Filter Validates HTTP requests parameters by detecting harmful SQL command injections HTTP Methods Security Filter Validates the HTTP request methods are approved Files Upload Security Filter Validates file uploads and uploaded file access methods are approved Safe Reply Security Filter Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers Session Security Filter Prevent remote users from manipulating sessions state information and submitting it to the Web Application Slide 29

  28. Allow List Security Filter Validates that HTTP requests are approved Path-Blocking Security Filter Validates in an HTTP request is forbidden, such as unauthorized attempts to access common files and folders Global Parameters Security Filter Validates HTTP requests parameters values are acceptable according to listed global definitions Parameters Security Filter Validates HTTP requests parameters values are acceptable according to listed definitions Web Services Security Filter Validates that services and operations are approved XML Security Filter Validates post request body XML and parses XML-encapsulated values into parameters for distribution to subsequent Security filters for validation Logging Security Filter Logs HTTP headers and bodies for tracking Comprehensive Security Filters Coverage Slide 30

  29. Model Offering and Technical Specifications • latency < 1 millisecond • deployment mode - reverse proxy • unique possibility in WAF segment • highly granular policies creation per application path • policy modification per application change • Anti-crawler and Anti-scrapper solution • folder access restriction • application mapping • threat analysis

  30. Summary Highly Performing WAF Slide 32

  31. Summary “Pay-as-you-Grow” Scalability through Cluster Support Highly Performing WAF Slide 33

  32. Summary Highly Performing WAF Simple Deployment, Fully Automatic Configuration Slide 34

  33. Summary Comprehensive Web Applications security coverage Highly Performing WAF Simple Deployment, Fully Automatic Configuration Slide 35

  34. Summary Radware AppWall is a Web Application Firewall (WAF) securing Web Applications and enabling PCI compliance offering: Comprehensive Web Applications security coverage Simple deployment and configuration Easy to install – out-of-the-box security deployment Easy to configure – learning mode with auto configuration Integrated with Radware ADC Solution “Pay-as-you-Grow” scalability through cluster support Highly performing WAF Complete alerting, forensics, and reporting Slide 36

More Related