Contents. Background. Use Cases. Product Introduction. Product Value

Transcription

1 Bluedon-WAF 1

2 Contents Background Product Introduction Product Value Use Cases 2

3 Product Portfolio Application security products Bluedon-WAF Bluedon webpage defacement prevention system 3

4 Background 4

5 Background Data breach Hacker attack Exploitation of a third-party vulnerability SQL injection Resources and financial loss DDOS attack, CC attack Hot link crawler Reputation loss to enterprises/institutions Webpage defacement XSS/CSRF attack clients Malicious code attack clients APT attack Control server to intrude into intranet Stealing sensitive data Web security threats

6 Product Introduction Web Application Firewall that can realize self-learning dynamic modeling 6

7 Definition Bluedon Web Application Firewall Web application firewall: Ø Comprehensive security monitoring Ø Self-learning security policy Ø Multidimensional security protection system Ø Availability guaranteeing Comprehensive security monitoring Flexible and automatic security policy Multidimensional security protection system Availability guaranteeing 7

8 Multidimensional security protection system Multidimensional security protection system Establish protection means from dimensions including Network Layer, HTTP protocol layer, Web Sever layer and Web application layer and form an integrated prevention system. HTTP protocol compliance check Self-learning dynamic modeling HTTP protocol Web application Over 2000 web attack prevention rules Defend against web attacks like SQL injection and XSS. Network Layer: anti-ddos attack, web access control; HTTP protocol layer: HTTP protocol compliance check and self-learning modeling; Multidimensional Protection Web Server layer: server information hiding, crawler prevention, vulnerability scanning; Web application layer: over 2000 web attack rules, SQL injection, XSS etc. Anti-DDOS attack Web access control Network Layer Web server Server information hiding Hot link and crawler prevention Vulnerability scanning

9 Automatic security policy and self-learning dynamic modeling Self-learning dynamic modeling Adopt dynamic assessment technology to create a security model for access behaviors of legal users to Web and Web service application. By comparing security model and users practical behavior, the system can intelligently detect and block abnormal behavior. Meanwhile, positive rule and misjudgment-preventing rule will also be automatically generated based on selflearning results. Positive rule Misjudgment-preventing rule Generate rules Access behavior model Normal access behavior data Build model Normal behavior Abnormal behavior 9

10 Flexible security policy and its hierarchical configuration Hierarchical configuration of security policy Security policies are configured based on 3 levels: Device level policy, which applies to the whole WAF device; Site group level policy, which applies to certain site group; Website level policy, which applies to certain website; Rules can be inherited among different levels; Rules can be detailed for specific website. Website policy Site group A Windows, SQL Server, IIS, PHP Site group B Linux, Mysql, Apache, Python Device level policy Security policy Make adjustment according to business characteristics(for example, reduce SQL injection detect for financial website) HTTP protocol compliance Basic protection policy1 Sensitive information filtering rule Customized security policy 1 HTTP FLOOD Advanced protection policy 1 Anti hot link and crawler policy 1 Basic protection policy 2 Common Web attack prevention (lack of policy) 10

11 Availability guaranteeing and collaborative defense against DDOS Collaborative defense against DDOS attack Apart from using rule and threshold value to defend against DDOS, Bluedon-WAF also collaborates with CloudFence and deploys 20 nodes across the country to prevent DDOS. Traffic is directed into Bluedon CloudFence for cleanout Bluedon CloudFence Launch DDOS attack Internet Bluedon- WAF Website server A Website server B Website server C Website server I Website server J Website server 11

12 Security monitoring Security monitoring Comprehensive security monitoring helps users get to know web security condition and service quality in real time: Real-time monitoring of Web security events Monitoring of Web traffic Monitoring of device s resources Monitoring of outgoing connections Monitoring of website service quality Security monitor ing Device resources 12

13 Basic functions Security protection Web attack prevention Self-learning modeling Webpage defacement prevention Sensitive information filtration Server information hiding Abnormal traffic detection HTTP protocol compliance Web access control Delivery capability Security protection Bluedon WAF Security monitoring Real-time monitoring of security events 双向内容检测 Connections and traffic state of 关注服务器外发内容的安全风险 web application Usage of device resources Monitoring of outgoing connections Security Monitoring of website service monitoring quality Delivery capability Cache acceleration Automatic load balancing Inspection of server state Hot Standby Availability guaranteeing Availability guaranteeing DDOS attack prevention Web vulnerability scanning Monitoring of server state Crawler and hot link prevention Website access statistics 13

14 Advantages Comprehensive and intelligent security protection Multidimensional security protection system to comprehensively defend against common web attacks; Self-learning modeling technology to quickly identify abnormal access behavior; Flexible multilevel policy management to achieve fine-grained policy configuration. Comprehensive deliverability Utilize Cache technology to accelerate access to web applications; Load balancing technology to ensure service quality; Inspect server state to avoid business interruption. Bluedon-WAF High availability guaranteeing Collaborate with Bludedon CloudFence to defend against DDOS attack; Prevent hot link and crawler to protect website resources; Web vulnerability scanning to avoid remote control. Real-time monitoring and intuitive presentation Real-time monitoring and alert of security events; Real-time monitoring of network traffic and connections to timelyknow network state; Real-time monitoring of website service quality and server condition to ensure users to know about business operation in time. 14

15 Deployment (bridging mode) Website server A Website server B Website server C Website server D Bridge pattern Web application security protection DDOS attack prevention Server load balancing to ensure service quality Physical terminal Virtual terminal 15

16 Deployment (reverse proxy) Reverse proxy pattern Web application security protection Web access control Server load balancing to ensure service quality Office area Internet Exit and entrance firewall China Mobile China Unicom China Telecom Bluedon WAF Business website 16

17 Deployment (cloud platform) Web application protection in cloud platform Reverse proxy vswitch vwaf vfw VM Business website Central router Exit and entrance firewall vswitch vfw VM vfw VM Other application systems 17

18 Product Series BD-M Series BD-G Series BD-T Series 200M~850M Suitable for SMEs 1000M Suitable for medium-sized enterprises 10G Suitable for large enterprises 18

19 Value 19

20 Value Improve website security Comprehensive web attack prevention to defend against common attacks like SQL injection and XSS; Information leakage prevention and strict web access control to prevent clients' information and website sensitive information from being leaked; Exclusive self-learning modeling technology to quickly identify abnormal behavior and automatically generate protection rules. Improve service quality Collaborate with CloudFence to defend against DDOS so as to ensure service availability; Crawler and hot link prevention to prevent occupation of website resources Cache acceleration to improve access speed Load balancing to improve service quality and better user access experience. Real-time security monitoring Real-time monitoring and alert of security events for the convenience of emergency response; Real-time presentation of website s operation status and service quality; Intuitive log report to guarantee easy and better understanding for users. 20

21 Thank you 21