Академический Документы
Профессиональный Документы
Культура Документы
In-Depth Training
Cloud WAF Service Cloud DDoS Protection Service Cloud Web Acceleration Global CDN Service
Hybrid | Always-On | On-Demand Service
Top 10-2013
The Ten Most Critical Web Application Security Risks
WEB APPLICATION FIREWALL
BEST SECURITY COVEREGE OVER 150 attack vectors covered through auto threat analysis
6
Unique IP-Agnostic Fingerprinting Protection
7
OWASP Top Ten: Biggest Threats on Web Apps
Best Scalability rich request processing rules, TCP/IP/HTTP protocol tuning options
Unified Portal
Cyber DBTool
WAFaaS DDoSaaS CDN Future… *
Intel.
REST / API
Statistics Retrieval
Elastic
Search
PostgresSQL
BIG DATA
Statistics collection & User Model
enrichment
Powered by
* - according to http://trends.builtwith.com/cdns
** - http://blog.streamingmedia.com/2014/07/cdnvendors.html
Cloud WAF Overview
NEW CDN Service
Technical Flows
Cloud Portal Walkthrough
What’s New: SIEM Integration, Reporting, more
Technical Tools
User Flow #1 – Cloud WAF
4b-2
WAFaaS enabled
1
Client
Border Routers
Traffic to origin
server is redirected 4a
to the closest RDWR WAFaaS
POP via DNS/BGP disabled
Radware
Radware
CloudWAF POP
CloudWAF POP
AppWall cluster
mitigates app-level 3
Alteon
attacks
2
AppWall Cluster
(Inline/OOP)
4b-1
… WAFaaS enabled
Radware CloudWAF POPs (for symmetric prot.)
Origin Server
Customer purchases
Radware’s Cloud WAF 19
Protection
User Flow #2 – Cloud WAF and CDN
1
CDN edge
(optional)
2a Client
Border Routers
Alteon
AppWall Cluster
(Inline/OOP)
…
Radware CloudWAF POPs Origin Server
Customer purchases
Radware’s Cloud WAF 20
Protection, using CDN
User Flow #2 – Cloud WAF and CDN
5b-2
WAFaaS enabled
CDN edge
2b (optional)
Client
Border Routers
Logged-in user
Application
Navigation tabs + role
Customer (WAF+DDoS) dropdown list Network
(for WAF widgets)
Global time
dropdown list dropdown list filter
(CloudOps can change, (for DDoS Widgets)
customer can’t)
Widget pool
Cloud WAF
Widgets
Toggle between
WAF and DDoS events
Define complex
criteria to filter
• Subscription Period
• # of Protected Applications / Networks out of total as
purchased
• Throughput Usage
• Protected Hosts
• Transaction Rate
• Onboarding Stage
Cloud WAF Overview
NEW CDN Service
Technical Flows
Cloud Portal Walkthrough
What’s New: SIEM Integration, Reporting, more
Technical Tools
Security
36
Visibility
Reporting
• Provides visibility and insights into security threats to your protected applications and networks
• Easy to read graphical display of WAF and DDoS protection provided
• Reports can be generated manually or automatically, according to configured schedule
• Customers can opt-in at onboarding
• Customers select the report period (week or month), and the email recipient list
Manageability
Improved Onboarding Process
• Onboarding was simplified, to make the user experience easier and more fluent, resulting in faster onboarding
• PCI compliance for the Cloud Services offering – approved !
Visibility
OWASP top 10 Widget
• The OWASP Top 10 project goal is to raise awareness about application security
• Cloud WAF detects, blocks and reports attacks of these categories, to make sure your web site is protected
• New OAWSP Top-10 Distribution attacks, showing the top Web app security risks
• A1 – Injection
• A2 – Broken Authentication and Session Management
• A3 – Cross Site Scripting (XSS)
• A4 – Insecure Direct Object References
• A5 – Security Misconfiguration
• A6 – Sensitive Data Exposure
• A7 – Missing Functional Level Access Control
• A8 – CSRF (Cross-Site Request Forgery)
• A9 – Using Known Vulnerable Components
• A10 – Invalidated Redirects & Forwards
Visibility
OWASP top 10 Widget – Drill Down
• Can drill down by filtering Security Events
Cloud WAF Overview
NEW CDN Service
Technical Flows
Cloud Portal Walkthrough
What’s New: SIEM Integration, Reporting, more
Technical Tools
Additional Information & Tools