Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM
|
|
- Richard Moore
- 5 years ago
- Views:
Transcription
1 Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM c.valencia@f5.com 2017 F5 Networks 1
2 F5 Networks 2
3 2017 F5 Networks 3
4 The Big Picture High Performance DNS DNS DNS / DNS FW Threat Intelligence Feed/IPI Next-Generation Firewall Corporate Users Scanner DDoS Attacker (app attacks) Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Apps Router Network Protection Application Protection Customer Fraud Protection L3/L4 DDoS, DNS, SIP DDoS Application D/DoS ASM DC Apps Partner DDoS Attacker (Volumetric attacks) Cloud Silverline Cloud-Based Platform Volumetric Attacks ISP may provide rudimentary DDoS service L3/L4 Protection Local DDoS ICMP flood, UDP Flood, SYN Flood, TCP-state floods DOS detection using behavioral analysis HTTP DOS: GET Flood, Slowloris/slow POST, recursive POST/GET (DHD Only) DNS DOS: DNS amplification, query flood,dictionary attack, DNS poisoning NGFW IPS/IDS WAF L7 DDoS SSL L5-L7 Protection (CPU Intensive) GET Flood, Slowloris/slow POST, recursive POST/GET, DOS detection using behavioral analysis OWASP Top 10 SQLi/XSS/CSRF/0-day/etc Hybrid SSL DOS: SSL renegotiation, SSL Flood WAF in general 2017 F5 Networks 4
5 Private Cloud Consistent Policies Cloud Portability Top Security Visibility Lowest TCO F5 BIG-IP Direct Connect Cloud Interconnection / Public Cloud Traditional Data Center 2017 F5 Networks 5
6 2017 F5 Networks 6
7 2017 F5 Networks 7
8 90% 28% Firewalls IDS/ IPS DLP SIEM Anti Virus 28% Firewalls IDS/ IPS DLP APT Anti Virus 2017 F5 Networks 8
9 % Firewalls DLP Anti Virus IDS/ IPS SIEM 2017 F5 Networks 9
10 Protection against Web Application vulnerabilities CSRF Cookie manipulation OWASP top 10 Brute force attacks Forceful browsing Buffer overflows Web scraping Parameter tampering SQL injections information leakage Field manipulation Session high jacking Cross-site scripting Zero-day attacks Command injection ClickJacking Bots Business logic flaws WAF 2017 F5 Networks 10
11 Traditional Firewall Intrusion Prevention Systems Examines all traffic for malicious app inputs Primarily uses anomalous and signature-based detection Some stateful protocol analysis capabilities Lacks understanding of L7 protocol logic Doesn t protect against all exploitable app vulnerabilities Layer 7 security is not addressed by traditional IPS & firewall vendors 2017 F5 Networks 11
12 Secures, federates access to any application, anywhere Multi-factor Auth XYZ Corp. Username PW+PIN LOGIN Remote users, mobile users, contractors, etc. Hacker Private Cloud Internet Hybrid Cloud SAML SAML Office 365 Salesforce Other SaaS Apps SaaS Apps Public Cloud Identity Federation Single or Multi- Factor Auth STOP Corporate user Identity Data Center Directory Services App App User/User Group Endpoint Check VDI Network Location Connection Type Corporate (L3/L4) Apps MDM/EMM Device Posture 2017 F5 Networks 12
13 2017 F5 Networks 13
14 F5 Networks F5 Networks 14
15 SSL 2017 F5 Networks 15
16 F5 Networks F5 Networks 16
17 2017 F5 Networks 17
18 Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E- Commerce Subscriber Threat Threat Feed Intelligence Feed Intelligence Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control 2017 F5 Networks 18
19 DDoS approach CLOUD/HOSTED SERVICE STRENGTHS Completely off-premises so DDoS attacks can t reach you Amortized defense across thousands of customers DNS anycast and multiple data centers protect you WEAKNESSES Customers pay, whether attacked or not Bound by terms of service agreement Solutions focus on specific layers (not all layers) ON-PREMISES DEFENSE STRENGTHS Direct control over infrastructure Immediate mitigation with instant response and reporting Solutions can be architected to independently scale of one another WEAKNESSES Many point solutions in market, few comprehensive DDoS solutions Can only mitigate up to max inbound connection size Deployments can be costly and complex 2017 F5 Networks 19
20 Hybrid DDOS Protection Combining the resilience and scale of the cloud with the granularity and alwayson capabilities of on-premise. Signaling Request for Service IP List Management Cloud On-Premise Unified Attack Command Control
21 DDoS Architecture Scrubbing Center Inspection Tools provide input on attacks for Traffic Actioner & SOC Traffic Actioner injects routes and steers traffic Inspection Toolsets Traffic Actioner Route Management Scrubbing Center Inspection Plane Flow Collection Flow collection aggregates attack data from all sources Visibility Portal Portal provides realtime reporting and configuration Cloud Signaling Management Legitimate Users DDoS Copied traffic for inspection BGP signaling Netflow Data Plane Netflow GRE Tunnel Proxy IP Reflection WAF Silverline Switching Routing/ACL Network Mitigation Proxy Mitigation Routing (Customer VRF) L2VPN Customer DDoS Attackers Volumetric DDoS protection, Managed Application firewall service, zero-day threat mitigation with irules Switching mirrors traffic to Inspection Toolsets and Routing layer Ingress Router applies ACLs and filters traffic Network Mitigation removes advanced L4 attacks Proxy Mitigation removes L7 Application attacks Egress Routing returns good traffic back to customer
22 2017 F5 Networks 22
23 APPLICATION LAYER ATTACKS TRADITIONAL DDOS MITIGATION 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 82% 77% 54% 25% 20% HTTP DNS HTTPS SMTP SIP/VoIP IRC Other DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host Reflection attacks against DNS infrastructure Reflect / Amplification attacks DNS Cache Poisoning attempts 6% 9% Cybercrime is a persistent threat in today s world and, despite best efforts, no business is immune. Network Solutions Of the customers that mitigate DDoS attacks, many choose a technique that inhibits the ability of DNS to do its job DNS is based on UDP DNS DDoS often uses spoofed sources Using an ACL block legitimate clients DNS attacks use massive volumes of source addresses, breaking many firewalls F5 Networks 23 60% 50% 40% 30% 20% 10% 0%
24 CONVENTIONAL DNS THINKING Internet External Firewall DNS Load Balancing Array of DNS Servers Internal Firewall Hidden Master DNS Performance = Add DNS boxes Weak DoS/DDoS Protection Firewall is THE bottleneck PARADIGM SHIFT DNS DELIVERY REIMAGINED Internet DNS Master DNS Infrastructure DNS Firewall DNS DDoS Protection Protocol Validation Authoritative DNS Caching Resolver Transparent Caching High Performance DNSSEC DNSSEC Validation Scalable performance over 10M RPS! Strong DoS/DDoS protection Lower CapEx and OpEx Intelligent GSLB 2017 F5 Networks 24
25 Devices DMZ Data Center F5 DNS Firewall Services LDNS Internet DNS DNS Servers Apps DNS DDoS mitigation with DNS Express Protocol inspection and validation DNS record type ACL* Block access to Malicious IPs (DNS Firewall) High performance DNS cache Stateful Never accepts unsolicited responses ICSA Certified - deployment in the DMZ Scale across devices IP Anycast Secure responses DNSSEC DNSSEC responses rate limited Complete DNS control irules & Programmability DDoS threshold alerting* DNS logging and reporting Hardened DNS code 2017 F5 Networks 25
26 2017 F5 Networks 26
27 Secured Data center Customer Browser SIEM WAF HIPS Network firewall Traffic Management NIPS DLP HTTP/HTTPS Manipulating user actions: Social engineering Weak browser settings Malicious data theft Inadvertent data loss Leveraging Browser application behavior Caching content, disk cookies, history Add-ons, Plug-ins Embedding malware: Keyloggers Framegrabbers Data miners MITB / MITM Phishers / Pharmers 2017 F5 Networks 27
28 The malware contains code designed to This insert triggers specific the content malware, to the browser session which when injects the additional user accesses specific sites content to the browser This information is sent to the legitimate The user web requests server as the expected login page for Wells Fargo *wellsfargo* add field *bankofamerica* add button, replace text *chase* add cc#, pin, remove text Generic malware, such *telebank* as send credentials Zeus, infects a user s device *bankquepopulaire* The user enters the requested content and clicks Go This information is sent to the configured drop zone 2017 F5 Networks 28
29 The inclusion of this additional input field due to malware will now trigger an alert HTML Source Integrity is based on the expected number of forms, input fields, and scripts This page is expected to and and 14 six input scripts fields have only four forms 2017 F5 Networks 29
30 This triggers to malware to run The information is encrypted and sent to the web server The victim makes a secure connection to a web site The victim is infected with malware Password revealer icon The victim submits the web form The victim enters data into the web form This content can The be information is also sent stolen by the malware to the drop zone in clear text 2017 F5 Networks 30
31 How HFO Works Field Without Name HFO Obfuscation Data center Web application Sec. Appliance LTM 2017 F5 Networks 31
32 MY BANK.COM My Bank.com Gather client details related to the transaction Run a series of checks to identify suspicious activity Assign risk score to transaction Send alert based on score Apply L7 encryption to all communications between client and server 2017 F5 Networks 32
33 4. Test spoofed site 1. Copy website Web Application Internet 3. Upload copy to spoofed site 2. Save copy to computer Alert at each stage of phishing site development 2017 F5 Networks 33
34 2017 F5 Networks 34
35 MSP Native App Services SaaS Servers Servers Servers Servers Servers Servers Cloud Interconnect Corporate Datacenter(s) With Private Cloud Each Cloud Provides Siloed Native App Services: Basic, Proprietary, and Inconsistent 2017 F5 Networks 35
36 Your cloud strategy should be an extension of your data center strategy: app-centric Enable both network and application security Deliver high application availability; not just infrastructure availability Ensure application performance Centralize management and orchestration of the application Streamline app delivery and security services across on-premises and cloud Defend against attacks Ensure secure user access Deliver app performance Gain traffic visibility Orchestrate tasks centrally Application Application Database Analytics Letting you focus on ensuring availability, security, and performance for each application DNS Identity Website Commerce VPN Load Balancing Storage Mobile 2017 F5 Networks, F5 Inc 36
37 Full control Limited control App-Centric Strategy SaaS apps Packaged apps Apps Mobile apps External websites Dev & test LOB (HR, Acct.) Custom apps ERP, CRM On-premises Public cloud 2017 F5 Networks 37
38 Shared Responsibility in Amazon AWS The idea behind this is to educate customers that they still need to be responsible for a large proportion of the services required to deliver applications in the cloud. AWS Shared Responsibility Model 2017 F5 Networks 38
39 Shared Responsibility in Microsoft Azure The idea behind this is to educate customers that they still need to be responsible for a large proportion of the services required to deliver application in the cloud. Azure Shared Responsibility Model 2017 F5 Networks 39
40 Apps Identity Control Platform Apps Active Directory Apps 2017 F5 Networks 40
41 Use Case Disaster Recovery Seamless global app experience Requirements Application availability and performance L4-L7 Services DNS Orchestration DNS L4-L7 Services Location-based and contextual user access VPN Active-Active deployment for cost efficiency Insight and visibility into application traffic Compute Compute Recommended application delivery services Local and global load balancing DNS SSL VPN or IPSec tunnel Access & identity Consistent DevOps + Management Tools Storage Storage Data Center Cloud Provider Key benefits: Seamless customer experience Secured and optimized site to site connectivity Advanced application health monitoring 2017 F5 Networks 41
42 Traditional New On-Premises Cloud Interconnection Public/Private Cloud Servers Servers Servers Strategic Control Point Distributed Strategic Control Points Application Services Application Services Virtual Edition Hardware aas Containers 2017 F5 Networks 42
43
Comprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationHerding Cats. Carl Brothers, F5 Field Systems Engineer
Herding Cats Carl Brothers, F5 Field Systems Engineer Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks,
More informationF5 Synthesis Information Session. April, 2014
F5 Synthesis Information Session April, 2014 Agenda Welcome and Introduction to Customer Technology Challenges Software Defined Application Services Reference Architectures for Today s Customer Challenges
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationWhat s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics
What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics Vision: Everything as a service Speed Scalability Speed to Market
More informationADC im Cloud - Zeitalter
ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH Some of the Public Cloud Related Questions You May Have.. It s
More informationA different approach to Application Security
雲端時代企業應用的安全與挑戰 A different approach to Application Security Protecting your most critical business assets APPLICATION ACCESS APPLICATION PROTECTION F5 Networks, Inc 2 F5 s Comprehensive Security Solutions
More informationSilverline DDoS Protection. Filip Verlaeckt
Silverline DDoS Protection Filip Verlaeckt f.verlaeckt@f5.com The evolution of attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out of business. January 2008
More informationSecuring and Accelerating the InteropNOC with F5 Networks
Securing and Accelerating the InteropNOC with F5 Networks Joe Wojcik - Consultant II - J.Wojcik@F5.com Ken Bocchino - Principal Systems Architect KB@F5.com Agenda Overview of F5 SPDY (Pronounced Speedy
More informationArchitecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal
Architecture: Consolidated Platform Eddie Augustine Major Accounts Manager: Federal Current DoD Situation Stovepipes of Technology icontrol Customization irules Solutions Security Access Availability Load
More informationDATACENTER SECURITY. Paul Deakin System Engineer, F5 Networks
DATACENTER SECURITY Paul Deakin System Engineer, F5 Networks Datacenter Security Needs To scale To secure To simplify Scale for a work-anywhere / SSL everywhere world. Security for applications and data
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationRETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education
RETHINKING DATA CENTER SECURITY Reed Shipley r.shipley@f5.com Field Systems Engineer, CISSP State / Local Government & Education http://gcn.com/blogs/cybereye/2013/10/it-professionals-survey.aspx September
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationKEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer
KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN Paul Deakin Federal Field Systems Engineer F5 MISSION Deliver the most secure, fast, and reliable applications to anyone anywhere at any time. F5
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationSichere Applikations- dienste
Sichere Applikations- dienste Innovate, Expand, Deliver Manny Rivelo Für SaaS und traditionelle Service-Modelle EVP, Strategic Solutions Carsten Langerbein Field Systems Engineer c.langerbein@f5.com Es
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationThe DNS of Things. A. 2001:19b8:10 1:2::f5f5:1d Q. WHERE IS Peter Silva Sr. Technical Marketing
The DNS of Things Peter Silva Sr. Technical Marketing Manager @psilvas Q. WHERE IS WWW.F5.COM? A. 2001:19b8:10 1:2::f5f5:1d Advanced threats Software defined everything SDDC/Cloud Internet of Things Mobility
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationBIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III
BIG-IP V11.3: PRODUCT UPDATE David Perodin Field Systems Engineer III Contents V11.3 Product Update 1. BIG-IP v.11.3.0 (Local Traffic Manager & Access Policy Manager) 2. Advanced Firewall Module (AFM)
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationDDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud
SSL Orchestrator DDoS Hybrid Defender All-in-one solution designed to deliver increased visibility into encrypted traffic Comprehensive DDoS protection, tightly-integrated on-premises and cloud Converts
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationSecurity for the Cloud Era
Security for the Cloud Era Make the Most Out of Your Cloud Journey Fadhly Hassim Sales Engineer South East Asia & Korea Barracuda Networks Current Weather Situation Customer Provisions & Manage On-Premises
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More information86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013
Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationA10 DDOS PROTECTION CLOUD
DATA SHEET A10 DDOS PROTECTION CLOUD A10 Networks provides full spectrum DDoS defenses. This includes multi-vector protection from attacks of any type to ensure the availability of enterprise business
More informationSaaS. Public Cloud. Co-located SaaS Containers. Cloud
SaaS On-prem Private Cloud Public Cloud Co-located SaaS Containers APP SERVICES ACCESS TLS/SSL DNS NETWORK WAF LOAD BALANCING DNS ACCESS CONTROL SECURITY POLICIES F5 Beside the Cloud Why Get Closer to
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationAdvanced Techniques for DDoS Mitigation and Web Application Defense
Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, 2017 2017, Amazon Web Services, Inc. or
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationSAS and F5 integration at F5 Networks. Updates for Version 11.6
SAS and F5 integration at F5 Networks Updates for Version 11.6 Managing access based on Identity Employees Partner Customer Administrator IT challenges: Control access based on user-type and role Unify
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationWeb Application Firewall Subscription on Cyberoam UTM appliances
On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationCato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.
Cato Cloud Global SD-WAN with Built-in Network Security Solution Brief 1 Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The rise of cloud applications and mobile workforces
More informationKey Considerations in Choosing a Web Application Firewall
Key Considerations in Choosing a Web Application Firewall Today, enterprises are extending their businesses by using more web-based and cloud-hosted applications, so a robust and agile web application
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationWeb Applications Security. Radovan Gibala F5 Networks
Applications Security Radovan Gibala F5 Networks How does the current situation look like? Application Trends and Drivers ification of applications Intelligent browsers and applications Increasing regulatory
More informationRadware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
SHARE THIS WHITEPAPER Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Understanding the Threat
More information68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.
PRESENTED BY: Credit Theft 68% DDoS 63% Web Fraud 50% Cross-site Scripting SQL Injection Clickjack Cross-site Request Forgery 25% 24% 20% 17% Other 2% F5 Ponemon Survey -Me East-West Traffic Flows App
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationA10 Lightning Application Delivery Service
Datasheet A10 Lightning Application Delivery Service Application Traffic Management, Security and Analytics in Public, Private & Hybrid Clouds Overview The A10 Lightning Application Delivery Service (ADS)
More informationIdentiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks
Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect
More informationWeb Application Firewall
Web Application Firewall Take chances with innovation, not security. HaltDos Web Application Firewall offers unmatched security capabilities, customization options and reporting analytics for the most
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationLarge FSI DDoS Protection Reference Architecture
Large FSI DDoS Protection Reference Architecture Customers ISPa Tier 1: Protecting L3-4 and DNS Network Firewall Services + Simple Load Balancing to Tier 2 Tier 2: Protecting L7 Web Application Firewall
More informationEnabling Public Cloud Interconnect Services F5 Application Connector
Enabling Public Cloud Interconnect Services F5 Application Connector Crystal Bong, Product Manager Emergence of Cloud Interconnect These common services are hard to replicate, control, and do not run cheaply
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationEFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE
SOLUTION BRIEF EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE Building effective, affordable and scalable DDoS defense, then monetizing investments with value added scrubbing
More informationNETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING
NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationCopyright 2011 Trend Micro Inc.
Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationA GUIDE TO DDoS PROTECTION
HTTP CACHE BYPASS FLOOD THINK APP SECURITY FIRST CHOOSING THE RIGHT MODEL A GUIDE TO DDoS PROTECTION DNS AMPLIFICATION INTRODUCTION By thinking proactively about DDoS defense, organizations can build a
More informationState of Cloud Adoption. Cloud usage is over 90%, are you ready?
State of Cloud Adoption Cloud usage is over 90%, are you ready? State of Cloud Adoption Cloud hardware, software and services are capturing 60% of IT market growth, mostly in the public cloud space Trust
More informationSecuring the Next Generation Data Center
Securing the Next Generation Data Center Petr Kadrmas SE Eastern Europe 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED]
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationOverview. Application security - the never-ending story
RIVERBED STINGRAY APPLICATION FIREWALL Securing Cloud Applications with a Distributed Web Application Firewall Overview Responsibility over IT security is moving away from the network and IT infrastructure
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationNetwork. Arcstar Universal One
Network Universal One ARCSTAR UNIVERSAL ONE Universal One Enterprise Network NTT Communications' Universal One is a highly reliable, premium-quality network service, delivered and operated in more than
More information