130 likes | 265 Views
NetContinuum The World’s #1 Rated Application Firewall Kim Bookout 214-507-0701 kbookout@netcontinuum.com www.netcontinuum.com. 2005. Introducing NetContinuum. Founded in 1999 Based in Santa Clara, CA. “NetContinuum is the leader in application firewalls.”.
E N D
NetContinuum The World’s #1 Rated Application FirewallKim Bookout 214-507-0701kbookout@netcontinuum.comwww.netcontinuum.com 2005
Introducing NetContinuum Founded in 1999 Based in Santa Clara, CA “NetContinuum is the leader in application firewalls.” Only product to pass rigorous ICSA certification against both application and network attacks
Bank Outstanding Customer Base
NetContinuum Delivers the most Comprehensive Protection Web Application Threats • Cross-Site Scripting • SQL Injection • Command Injection • Cookie/Session Poisoning • Parameter/Form Tampering • Buffer Overflow • Directory Traversal/Forceful Browsing • Cryptographic Interception • Cookie Snooping • Authentication Hijacking • Log Tampering • Error Message Interception • Attack Obfuscation • Application Platform Exploits • DMZ Protocol Exploits • Security Management Attacks • Zero Day Attacks • Network Access Attacks • TCP Fragmentation • Denial of Service • Distributed Denial of Service • All 21 classes of application threats • All application platforms • Both network and application layer attacks • Over 4000 known attacks and countless unknown attacks No Signatures Needed
Why Application Security Matters Customer Confidentiality Data Disclosure Data Theft Identity Theft
External Pressure is Growing Sarbanes-Oxley GLB • Rigorous application audits • Government regulations • Industry regulations • Tough new privacy laws HIPAA CA SB-1386
2nd Problem: No Protection at all for Customized Application Code 75% of Attacks Focused Here (Gartner) Customized Web Applications Customized Packaged Apps Internal and 3rd Party Code Web Servers Application Servers Database Servers Operating Systems Operating Systems Operating Systems Network IDS IPS Network Firewall No signatures no patches Database Servers Customer Info Business Data Transaction Info Confidential Data
Protection Method: Web Address Translation WAT hides web addresses the way NAT hides network addresses What Users See www.acme.com/finance www.acme.com/partners www.acme.com/login NetContinuum Application Security Gateway Internal Addresses finance.hurcules.com/hq partners.acmecorp.com PROBLEM Full visibility into internal DNS names Users www.acme.com/exec/obidos/subst/home/home.html/104-5601216-1952704
Protection Method: Encrypt and Sign Cookies Encrypt and Sign all Cookies PROBLEM Attacker reads or modifies cookies of other users Hacker NetContinuum Application Security Gateway Web Applications Users
Protection Method:Data Theft Protection Web Applications/Services Credit Card XXXX-XXXX-XXXX-3456 MASK Social Security XXX-XX-XXXX MASK Driver’s License A123456 BLOCK Employee ID XXXX MASK Patient ID 134-AR-627 BLOCK Users NetContinuum Application Security Gateway
Protection Method:Bi-Directional Deep Inspection INSPECTS FOR: Malicious Commands Illegal Keywords Hidden Field Tampering Parameter Tampering Altered HTTP Methods Max Length Exceptions Illegitimate URLs WSI Profile Validation XML Schema Validation • Automatically learns applications • Enforces legitimate inputs • Blocks attacks in custom code • Stops even day zero attacks Cross Site Scripting command injection SQL Injection Parameter Tampering Directory Traversal Hidden Field Tampering Buffer Overflow New policies activated first in “passive” mode Watch log files to see the potential impact without blocking any traffic Web Applications/Services PROBLEM Hackers use illegal inputs to trick app and gain access to data Users
Easier Audit Assurance Via AVDL 1 Vulnerability assessment tool scans application AVDL-Compliant Scanner Web Applications 3 NetContinuum generates recommended configuration (set in active or passive mode) 2 Scan generates XML file showing audit violations Application Vulnerability Description Language
World-Class Reporting and Monitoring Forceful Browsing Illegal Method Invalid Command SQL Injection Max Limit Exceeded Security event reporting per app Detailed monitoring and reporting Web logging and usage statistics Flexible alerting capabilities