Advanced Techniques for DDoS Mitigation and Web Application Defense

Size: px
Start display at page:

Download "Advanced Techniques for DDoS Mitigation and Web Application Defense"

Transcription

1 Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, , Amazon Web Services, Inc. or its Affiliates. All rights reserved.

2 What to expect from this session Types of Threats AWS Shield AWS WAF AWS VPC

3 Types of Threats

4 Types of Threats DDoS Application Attacks Bad Bots Application Layer HTTP floods SQL injection Social engineering Sensitive data exposure Application exploits Crawlers Content scrapers Scanners & probes Network / Transport Layer Reflection SSL abuse Amplification Slowloris Layer 4 floods

5 DDoS Threats Network / Transport Layer DDoS

6 DDoS Threats Application DDoS Good users Web server Database Bad guys

7 Application Threats Good users Web server Database Bad guys Exploit code XSS SQL injection

8 Bad Bot Threats Good users Web server Database Bad guys Steal premium content

9 AWS Shield

10 Types of Threats AWS Shield DDoS Application Layer HTTP floods Network / Transport Layer Reflection SSL abuse Amplification Slowloris Layer 4 floods

11 AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional protections, features and benefits.

12 Benefits of AWS Shield AWS Integration DDoS protection without infrastructure changes Always-On Detection and Mitigation Minimize impact on application latency Affordable Don t force unnecessary trade-offs between cost and availability Flexible Customize protections for your applications

13 AWS Shield Standard Layer 3/4 protection ü Automatic detection & mitigation ü Protection from most common attacks (SYN/UDP Floods, Reflection Attacks, etc.) Layer 7 protection ü AWS WAF for Layer 7 DDoS attack mitigation ü Self-service & pay-as-you-go ü Built into AWS services Automatic Protection against 96% of Layer 3/4 attacks Available globally on all internet-facing AWS services

14 AWS Shield Advanced Additional Detection & Monitoring Protection Against Large DDoS Attacks Visibility Into Attack Detection & Mitigation AWS WAF at No Additional Cost 24x7 DDoS Response Team Cost Protection (Absorb DDoS Scaling Cost)

15 AWS Shield Advanced DDoS Multi-Layered Mitigation Internet-Layer Mitigations Internet Border Network Effective Against: Large-Scale Attack Network Layer Mitigations AWS Services DDoS Detection DDoS Response Team Web Layer Mitigations Customer Infrastructure

16 AWS Shield Advanced DDoS Multi-Layered Mitigation Internet-Layer Mitigations Internet Border Network Effective Against: SYN Floods Reflection Attacks Suspicious Sources Network Layer Mitigations AWS Services Web Layer Mitigations DDoS Detection DDoS Response Team Customer Infrastructure

17 AWS Shield Advanced DDoS Multi-Layered Mitigation Internet-Layer Mitigations Internet Border Network Effective Against: SSL Attacks Slowloris Malformed HTTP Network Layer Mitigations AWS Services Web Layer Mitigations DDoS Detection DDoS Response Team Customer Infrastructure

18 AWS Shield Advanced DDoS Multi-Layered Mitigation Internet-Layer Mitigations Internet Border Network Effective Against: HTTP Floods Bad Bots Suspicious IPs Network Layer Mitigations AWS Services Web Layer Mitigations DDoS Detection DDoS Response Team Customer Infrastructure

19 AWS Shield Advanced DDoS Multi-Layered Mitigation Internet-Layer Mitigations Internet Border Network Effective Against: Sophisticated Layer 7 attacks Network Layer Mitigations AWS Services DDoS Detection DDoS Response Team Web Layer Mitigations Customer Infrastructure

20 Shield Demo

21 AWS Shield Advanced Available on... Application Load Balancer Classic Load Balancer Amazon CloudFront Amazon Route 53 In the following regions... ü Northern Virginia (us-east-1) ü Oregon (us-west-2) ü Ireland (eu-west-1) ü Tokyo (ap-northeast-1)

22 AWS WAF

23 Types of Threats DDoS AWS WAF Application Attacks Bad Bots Application Layer HTTP floods SQL injection Social engineering Sensitive data exposure Application exploits Crawlers Content scrapers Scanners & probes Network / Transport Layer Reflection SSL abuse Amplification Slowloris Layer 4 floods

24 Challenges of Web Application Firewalls Setup is complex and slow Too many false positives Limited APIs for automation Expensive to implement and maintain

25 AWS WAF A web application firewall designed to help you defend against common web application exploits Fast Incident Response Flexible Rule Language APIs for Automation Preconfigured Protection

26 What is AWS WAF Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning

27 How Does AWS WAF Protect You? Security Automations Preconfigured Protections Highly Flexible Rule Language

28 Highly Flexible Rule Language ü Quick Incident Response ü Mitigations in < ~1 Min ü Inspect Any Part of the Request Security Automations Preconfigured Protections Highly Flexible Rule Language

29 Preconfigured Protections You can get started quickly with built-in rules based on common use-cases. CloudFormation template AWS WAF Configuration Security Automations Preconfigured Protections Highly Flexible Rules Engine

30 Preconfigured Protections Demo

31 Virtual Patching Demo

32 Security Automations Automated anomaly detection that you can take action on using Lambda functions. ü Dynamic Rules Based on Anomaly ü Using Lambda & Service Logs Security Automations Preconfigured Protections Highly Flexible Rules Engine

33 Security Automations Traditional incident response Security Automations Preconfigured Protections Highly Flexible Rules Engine

34 Security Automations Next-generation incident response Security Automations Preconfigured Protections Highly Flexible Rules Engine

35 AWS VPC

36 What customers asked for ü Private IP space in AWS ü Familiar networking model ü Customer-defined networking logic ü Strong security controls ü Private connectivity to their data centers

37 Key Features of VPC Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC

38 VPC Controls /24 SG-ALB Public Subnet /24 SG-Web SG-Web SG-Web Private Subnet (Web Tier) /24 SG-App SG-App SG-App Private Subnet (App Tier)

39 Simple Approach Allow all traffic /24 SG-ALB Public Subnet Allow / /24 SG-Web SG-Web SG-Web Private Subnet (Web Tier) Allow / /24 SG-App SG-App SG-App Private Subnet (App Tier)

40 Secure Approach Allow CloudFront IP Ranges only /24 Allow SG-ALB only SG-ALB Public Subnet /24 Allow SG-Web only SG-Web SG-Web SG-Web Private Subnet (Web Tier) /24 SG-App SG-App SG-App Private Subnet (App Tier)

41 Security Groups + CloudFront IP ranges AWS Lambda Amazon SNS IP-ranges.json SG-ALB Blog Post here ->

42 Thank you!

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect Secure your Web Applications with AWS WAF & AWS Shield James Chiang ( 蔣宗恩 ) AWS Solution Architect www.cloudsec.com What to expect from this session Types of Threats AWS Shield AWS WAF DEMO Real World

More information

Additional Security Services on AWS

Additional Security Services on AWS Additional Security Services on AWS Bertram Dorn Specialized Solutions Architect Security / Compliance / DataProtection AWS EMEA The Landscape The Paths Application Data Path Path Cloud Managed by Customer

More information

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS Building a Self-Defending Border Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS www.cloudsec.com #cloudsec Building A Defending Borders Protect Your Web-facing Workloads

More information

haltdos - Web Application Firewall

haltdos - Web Application Firewall haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection

More information

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.

More information

Elastic Load Balancing

Elastic Load Balancing Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,

More information

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices

More information

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer AWS Web Application Firewall Darren Weiner Cloud Architect/Engineer My journey 20 years in IT 8 years in the cloud Rode the.com wave Web Admin DBA IT Director Cloud Consulting Today s Journey Adoption

More information

Getting started with AWS security

Getting started with AWS security Getting started with AWS security Take a prescriptive approach Stella Lee Manager, Enterprise Business Development $ 2 0 B + R E V E N U E R U N R A T E (Annualized from Q4 2017) 4 5 % Y / Y G R O W T

More information

Accelerating your Business with Security

Accelerating your Business with Security Accelerating your Business with Security Dave Walker, Specialist Solutions Architect, Security and Compliance 31/10/17 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to Expect

More information

Imperva Incapsula Product Overview

Imperva Incapsula Product Overview Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security

More information

Title: Planning AWS Platform Security Assessment?

Title: Planning AWS Platform Security Assessment? Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning

More information

Cloud Security Strategy - Adapt to Changes with Security Automation -

Cloud Security Strategy - Adapt to Changes with Security Automation - SESSION ID: CMI-F03 Cloud Security Strategy - Adapt to Changes with Security Automation - Hayato Kiriyama Security Solutions Architect Amazon Web Services Japan K.K. @hkiriyam1 Agenda New Normal of Security

More information

Getting started with AWS security

Getting started with AWS security Getting started with AWS security Take a prescriptive approach Stephen Quigg Principal Security Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is enterprise

More information

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Herding Cats. Carl Brothers, F5 Field Systems Engineer Herding Cats Carl Brothers, F5 Field Systems Engineer Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks,

More information

Cisco Firepower with Radware DDoS Mitigation

Cisco Firepower with Radware DDoS Mitigation Cisco Firepower with Radware DDoS Mitigation Business Decision Maker Presentation Eric Grubel VP Business development, Radware February 2017 DDoS in the news French hosting firm flooded with 1 Tbps traffic

More information

Comprehensive datacenter protection

Comprehensive datacenter protection Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack

More information

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging

More information

4/4/2018 F5 Government Symposium 2018 AWS and F5 Deep Dive

4/4/2018 F5 Government Symposium 2018 AWS and F5 Deep Dive 4/4/2018 F5 Government Symposium 2018 AWS and F5 Deep Dive Ryan Johnson Federal System Engineer PRO Private Cloud Pros and Cons Strong Security (sensitive data, keys) Full Control (policies & compliance)

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

Creating Your Virtual Data Center

Creating Your Virtual Data Center Creating Your Virtual Data Center VPC Fundamentals and Connectivity Options Giulio Soro, Sr. Solutions Architect AWS Antonio Sglavo, Head of Data Center Transformation - ENEL AWS Summit, 2016 2016, Amazon

More information

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets

More information

Compute - 36 PCPUs (72 vcpus) - Intel Xeon E5 2686 v4 (Broadwell) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vsphere Features - vsphere HA - vmotion - DRS - Elastic DRS Storage - ESXi boot-from-ebs

More information

CogniFit Technical Security Details

CogniFit Technical Security Details Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................

More information

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache

More information

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of

More information

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G Fregata DDoS Mitigation Solution Technical Specifications & Datasheet 1G-5G Amidst fierce competition, your business cannot afford to slow down With HaltDos, you don t have to sacrifice productivity and

More information

Securing Your Amazon Web Services Virtual Networks

Securing Your Amazon Web Services Virtual Networks Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,

More information

Getting Started with AWS Security

Getting Started with AWS Security Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move

More information

Designing Fault-Tolerant Applications

Designing Fault-Tolerant Applications Designing Fault-Tolerant Applications Miles Ward Enterprise Solutions Architect Building Fault-Tolerant Applications on AWS White paper published last year Sharing best practices We d like to hear your

More information

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Security in General Services in Scope Aspects of Services for

More information

Stop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing

Stop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing Stop Cyber Threats With Adaptive Micro-Segmentation Chris Westphal Head Of Product Marketing Agenda Why Are We Here? What Is Adaptive Micro-Segmentation? How Adaptive Micro-Segmentation Is Used Why Visibility

More information

Pulse Secure Application Delivery

Pulse Secure Application Delivery DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,

More information

Imperva Incapsula Website Security

Imperva Incapsula Website Security Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as

More information

THUNDER WEB APPLICATION FIREWALL

THUNDER WEB APPLICATION FIREWALL SOLUTION BRIEF THUNDER WEB APPLICATION FIREWALL STOP WEB ATTACKS TO PREVENT COSTLY DATA BREACHES MOBILE USERS REQUIRE SECURE ALWAYS-ON NETWORK ACCESS Web applications have become the number one battlefield

More information

Check Point DDoS Protector Introduction

Check Point DDoS Protector Introduction Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods

More information

VMware Cloud on AWS The Next Generation Hybrid Cloud Architecture

VMware Cloud on AWS The Next Generation Hybrid Cloud Architecture ware Cloud on AWS The Next Generation Hybrid Cloud Architecture David Lim Head Consulting and MSP Partners, AWS APAC Frank Fan Partner Solution Architect, AWS ANZ Disclaimer This presentation may contain

More information

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su LHC3376BES AWS Native Services Integration with VMware Cloud on AWS Technical Deep Dive Ian Massingham, Worldwide Lead, AWS Technical Evangelism Paul Bockelman, AWS Principal Solutions Architect (WWPS)

More information

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's

More information

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security

More information

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics Vision: Everything as a service Speed Scalability Speed to Market

More information

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business

More information

Srinath Vaddepally.

Srinath Vaddepally. Cloud Computing Srinath Vaddepally CEO & Founder Srinath.Vaddepally@ristcall.com Cell : (816) 728 2134 www.ristcall.com Agenda Automation testing Cloud Computing Motivation factors from Distributed systems

More information

AWS Well Architected Framework

AWS Well Architected Framework AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter AWS Solutions Architect (Associate) Exam Course Manual Enter Linux Academy Keller, Texas United States of America March 31, 2017 To All Linux Academy Students: Welcome to Linux Academy's AWS Certified

More information

A GUIDE TO DDoS PROTECTION

A GUIDE TO DDoS PROTECTION HTTP CACHE BYPASS FLOOD THINK APP SECURITY FIRST CHOOSING THE RIGHT MODEL A GUIDE TO DDoS PROTECTION DNS AMPLIFICATION INTRODUCTION By thinking proactively about DDoS defense, organizations can build a

More information

Intelligent and Secure Network

Intelligent and Secure Network Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence

More information

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service

More information

NGFWv and ASAv in Public Cloud

NGFWv and ASAv in Public Cloud and ASAv in Amazon Web Services (AWS) and Azure Jesper Rathsach jrathsac@cisco.com Consulting cybersecurity systems engineer, Cisco Systems 29 th August 2018 Introduktion til public cloud Overblik over,

More information

Understanding Perimeter Security

Understanding Perimeter Security Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving

More information

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.) We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What

More information

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks WHITE PAPER 2017 DDoS of Things SURVIVAL GUIDE Proven DDoS Defense in the New Era of 1 Tbps Attacks Table of Contents Cyclical Threat Trends...3 Where Threat Actors Target Your Business...4 Network Layer

More information

Vulnerability Assessment with Application Security

Vulnerability Assessment with Application Security Vulnerability Assessment with Application Security Targeted attacks are growing and companies are scrambling to protect critical web applications. Both a vulnerability scanner and a web application firewall

More information

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper SHARE THIS WHITEPAPER Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Understanding the Threat

More information

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware

More information

Accelerating Content, APIs and Applications with Amazon CloudFront and

Accelerating Content, APIs and Applications with Amazon CloudFront and Accelerating Content, APIs and Applications with Amazon CloudFront and Lambda@Edge Lee Atkinson, Solutions Architect, Amazon Web Services Chris West, DevOps Lead, Travelex Ltd. 28 June 2017 2017, Amazon

More information

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution (Layer 3/4 and Layer 7) Delivering best-in-class network and web application security to the modern enterprise

More information

DEVOPS AND THE FUTURE OF ENTERPRISE SECURITY

DEVOPS AND THE FUTURE OF ENTERPRISE SECURITY #RSAC SESSION ID: DEV-F03 DEVOPS AND THE FUTURE OF ENTERPRISE SECURITY Frank Kim Founder ThinkSec @fykim www.frankkim.net Security Perceptions DevOps is just another excuse for developers to have root

More information

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED ECSC - UNRESTRICTED Introduction A Web Application Firewall (WAF) is, in our experience, the most important layer of defence against a wide range of attacks

More information

ALIENVAULT USM FOR AWS SOLUTION GUIDE

ALIENVAULT USM FOR AWS SOLUTION GUIDE ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management

More information

Hackproof Your Cloud Responding to 2016 Threats

Hackproof Your Cloud Responding to 2016 Threats Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving

More information

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud

More information

Ahead in the Cloud. Matt Wood TECHNOLOGY EVANGELIST

Ahead in the Cloud. Matt Wood TECHNOLOGY EVANGELIST Ahead in the Cloud Matt Wood TECHNOLOGY EVANGELIST Hello. Thank you. Don t be afraid to be a bit technical! There Will Be Code 3 1 Building blocks Infrastructure services Compute Storage Databases

More information

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster Protecting highly dynamic AWS resources with a static firewall setup is neither efficient nor economical. A CloudGen Firewall Auto Scaling

More information

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal Architecture: Consolidated Platform Eddie Augustine Major Accounts Manager: Federal Current DoD Situation Stovepipes of Technology icontrol Customization irules Solutions Security Access Availability Load

More information

Remediate the Flag Practical AppSec Training Platform. Andrea Scaduto

Remediate the Flag Practical AppSec Training Platform. Andrea Scaduto Practical AppSec Training Platform Bio Interests: Web / Mobile Apps Pentesting Optimization of costs in addressing security issues Training developers in remediation and secure coding Application Security

More information

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Beyond Blind Defense: Gaining Insights from Proactive App Sec Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks

More information

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats

More information

F5 Synthesis Information Session. April, 2014

F5 Synthesis Information Session. April, 2014 F5 Synthesis Information Session April, 2014 Agenda Welcome and Introduction to Customer Technology Challenges Software Defined Application Services Reference Architectures for Today s Customer Challenges

More information

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto

More information

Securing Your Microsoft Azure Virtual Networks

Securing Your Microsoft Azure Virtual Networks Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up

More information

A10 DDOS PROTECTION CLOUD

A10 DDOS PROTECTION CLOUD DATA SHEET A10 DDOS PROTECTION CLOUD A10 Networks provides full spectrum DDoS defenses. This includes multi-vector protection from attacks of any type to ensure the availability of enterprise business

More information

Framework for Application Security Testing. September 11th, 2018

Framework for Application Security Testing. September 11th, 2018 Framework for Application Security Testing September 11th, 2018 Create thousands of security tests from existing functional tests automatically Wallarm FAST enables secure CI / CD Wallarm FAST has many

More information

Enterprise D/DoS Mitigation Solution offering

Enterprise D/DoS Mitigation Solution offering Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below

More information

Securing Serverless Architectures

Securing Serverless Architectures Securing Serverless Architectures Dave Walker, Specialist Solutions Architect, Security and Compliance Berlin 12/04/16 2016, Web Services, Inc. or its Affiliates. All rights reserved. With Thanks To: Agenda

More information

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,

More information

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI

More information

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of

More information

Minfy MS Workloads Use Case

Minfy MS Workloads Use Case Contents Scope... 3 About Customer... 3 Use Case Description... 3 Technical Stack... 3 AWS Solution... 4 Security... 4 Benefits... 5 Scope This document provides a detailed use case study on Hosting GSP

More information

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja? BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja? Tarmo Mamers Heigo Mansberg Network Firewall Imagery stackexchange.com Network Firewall Functions Network Firewall Traffic OUTSIDE INSIDE INBOUND

More information

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+

More information

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Cloud security 2.0: Joko nyt pilveen voi luottaa? Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland

More information

Introducing Amazon Elastic File System (EFS)

Introducing Amazon Elastic File System (EFS) Introducing Amazon Elastic File System (EFS) Danilo Poccia, Technical Evangelist, AWS @danilop 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Goals and expectations for this session

More information

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud. WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud www.cloudcheckr.com TABLE OF CONTENTS Overview 3 What Is ELB? 3 How ELB Works 4 Classic Load Balancer 5 Application

More information

SECURITY-AS-A-SERVICE BUILT FOR AWS

SECURITY-AS-A-SERVICE BUILT FOR AWS SOLUTION BRIEF: SECURITY-AS-A-SERVICE BUILT FOR AWS Alert Logic Security-as-a-Service solutions integrate cloud-based software, analytics and expert services to assess, detect and block workload threats

More information

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Building Multi-Region Applications Jan Metzner, Solutions Architect Brian Wagner, Solutions Architect 2015, Amazon Web Services,

More information

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should

More information

Security & Compliance in the AWS Cloud. Amazon Web Services

Security & Compliance in the AWS Cloud. Amazon Web Services Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any

More information

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013 Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability

More information

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Application Security through a Hacker s Eyes James Walden Northern Kentucky University Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways

More information

Web Security. Outline

Web Security. Outline Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?

More information

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution Today's security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers

More information

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany

More information

Yuri Gushin & Alex Behar

Yuri Gushin & Alex Behar Yuri Gushin & Alex Behar Ø Introduction Ø DoS Attacks overview & evolution Ø DoS Protection Technology Ø Operational mode Ø Detection Ø Mitigation Ø Performance Ø Wikileaks (LOIC) attack tool analysis

More information

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial

More information

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS

More information

Creating your Virtual Data Centre

Creating your Virtual Data Centre Creating your Virtual Data Centre VPC Fundamentals and Connectivity Options Paul Burne, Senior Technical Account Manager, Enterprise Support - 28 th June 2017 2016, Amazon Web Services, Inc. or its Affiliates.

More information