Maximum Security, Zero Compromise in Availability and Performance

Similar documents
Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

AKAMAI CLOUD SECURITY SOLUTIONS

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Web Applications Security. Radovan Gibala F5 Networks

Comprehensive datacenter protection

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Providing Security and Acceleration for Remote Users

Pulse Secure Application Delivery

SECURE YOUR APPLICATIONS, SIMPLIFY AUTHENTICATION AND CONSOLIDATE YOUR INFRASTRUCTURE

Imperva Incapsula Product Overview

KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

F5 Synthesis Information Session. April, 2014

Securing the Cloud. White Paper by Peter Silva

Sichere Applikations- dienste

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

Security Assessment Checklist

Providing Secure, Fast and Available

Complying with PCI DSS 3.0

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Verizon Software Defined Perimeter (SDP).

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

A different approach to Application Security

CyberP3i Course Module Series

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

Copyright 2011 Trend Micro Inc.

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

GOING WHERE NO WAFS HAVE GONE BEFORE

Check Point Virtual Systems & Identity Awareness

Securing Your Most Sensitive Data

Business Strategy Theatre

Huawei Cloud Fabric Data Center Security and Application Optimization Solution

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Security for the Cloud Era

Security Overview and Cisco ACE Replacement

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

What is an application delivery controller?

The Presence and Future of Web Attacks

Simple and Powerful Security for PCI DSS

Data Center Virtualization Q&A

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Security

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Corrigendum 3. Tender Number: 10/ dated

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

PCI DSS Compliance. White Paper Parallels Remote Application Server

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

PROTECTING INFORMATION ASSETS NETWORK SECURITY

F5 IPv6 Solutions. Ariel Santa Cruz FSE SoLA F5 Networks Inc. F5 Networks, Inc.

Herding Cats. Carl Brothers, F5 Field Systems Engineer

ADC im Cloud - Zeitalter

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Evaluation Criteria for Web Application Firewalls

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Introduction. The Safe-T Solution

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

A Practical Approach to IPv6

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Brocade Application Delivery

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

The F5 Intelligent DNS Scale Reference Architecture

Hybride Cloud Szenarien HHochverfügbar mit KEMP Loadbalancern. Köln am 10.Oktober 2017

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Copyright

Citrix NetScaler AppFirewall and Web App Security Service

Large FSI DDoS Protection Reference Architecture

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

F5 Networks Defence Methodiken auf Transportund Applikationsebene. Specialist SE - Security

Citrix CloudBridge Product Overview

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Never Drop a Call With TecInfo SIP Proxy White Paper

Virtual Dispersive Networking Spread Spectrum IP

Optimizing your network for the cloud-first world

Advanced threats. "Software defined" everything. Internet of Things. SDDC/Cloud. HTTP is the new TCP. Mobile. F5 Networks, Inc 2

The New Net, Edge Computing, and Services. Michael R. Nelson, Ph.D. Tech Strategy, Cloudflare May 2018

Cloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers

DATACENTER SECURITY. Paul Deakin System Engineer, F5 Networks

SoftLayer Security and Compliance:

Seamless Cloud Connectivity. for your business

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Cato Networks. Network Security as a Service

ISG-600 Cloud Gateway

PrecisionAccess Trusted Access Control

Transcription:

Maximum Security, Zero Compromise in Availability and Performance Presented by: Teong Eng Guan MD ASEAN

2 2 Agenda Who is F5 and what to we do? IT Challenges Web Application Security Why & How? Total Defense with F5 Conclusion

3 As of 8 p.m last night

4 F5 is everywhere and in Vietnam! Impacting Everyone!

5 So what do we do? Help you and our customers to provide a better Application Experience Providing Technologies to accelerate the deployment and performance of Applications Offering solutions to secure the access and usage of applications Load balancing and Traffic management comes with the package anyway We make applications work.

6 Let s understand more about Application Delivery Networking (ADN)? Users Applications At Home In the Office On the Road Application Delivery Network SAP Microsoft Oracle/BE A IBM VMWare User Experience ADN provides the best secured user experience optimally and non-intrusively.

7 F5 Understands Businesses We understand Businesses want to be the leaders in their industry Businesses want to meet and exceed their Market Research Index (MRI) Businesses need to bring in more users/subscribers/customers/transactions Businesses have growth concerns Businesses do not have unlimited resources Businesses need to be protected from Security threats We understand that the key factor why organizations succeed is because they provide the Best User Experience to their customers.

Web Application Security The Why and How?

9 Web Application Trends and Technologies Network Load High Traffic Low Traffic Web 1.0 Audio & Video downloads File transfers Basic HTML Flat web pages Web 2.0 SOA SaaS AJAX Silverlight/Flex 3 RIA Audio & Video streaming Less More Application Complexity

The Challenge: Attacks are Moving Up the Stack 10 Network Threats Application Threats 90% of security investment focused here 75% of attacks focused here Source: Gartner

Perimeter Security (Physical World) 11

12 Enterprise Perimeter Security (EPS) Network Access Protection (Layer 1 3) Protocol Access Protection (Layer 4 6) Application Access Protection (Layer 7) IPS Web App Web App Web App Botnet Prevent only network attacks by IP address, port and service number Detect known signatures No application and session awareness No SSL protection Scale for the enterprise Reduce costly development and audit effort Prevent web attacks such as DDoS, SQL Injection, Cross Site Scripting, etc. PCI Compliance

13 Network Firewalls vs. Application Firewalls Network Firewalls Manage network traffic Protection At Network Layer 3 Manage Access to Corporate LAN s Simple Forwarding Of Approved Packets Configured Port 80/443 (HTTP/S) For Open Access Application Firewalls Manage web traffic Protection At Application Layer 7 Monitor HTTP/S & XML Protocols Protect Application & Backend Data From Malicious Attack s & Unauthorized Usage Deep Packet Inspection Of All Traffic To And From The Web Servers Packet Inspection Deep Stream Inspection

14 14 Addressing the Vulnerabilities: Web Application Firewalls, Web Access Gateways Attack Signature mitigation (inspect, generic) Full proxy WAF (proxy, inspect, rewrite) Web Access Gateway ( encrypt, sso, aaa)

15 Improved PCI Compliance Reporting PCI reporting: Details security measures required by PCI DSS 1.2 Compliancy state Steps required to become compliant

16 Layer 7 DDoS Protection DDoS Botnet L7 DDoS Traffic Signature is exactly the same as Good User. F5 intelligent L7 DDoS Blocking Good User Online Payment Service Online Payment Service is unaffected by L7 DDoS Attacks.

17 DNSsec Compliance Securing the DNS Infrastructure, Traditional DNS is insecure DNSsec secured site Recursive Name server www.foo.com DNS Servers Hacker F5 can sign any dynamically generated / load balanced DNS response F5 can transparently sign responses for existing BIND servers

18 SSL 2048 Bit Key Compliance o F5 supports 512 through 4096 bit SSL keys o 1024 bit length keys are considered insecure by NIST as of 12/31/10 o 2048 bit is ~5x more expensive to compute than 1024 bit handshake o 4096 bit is ~6x more expensive to compute than 2048 bit handshake

19 FIPS Compliance Why FIPS? The loss of private keys is considered to be a disaster because they can be used to: decrypt sensitive transactions in flight (Man In The Middle Attack) masquerade as the provider by using the keys to make more authentic phishing sites. Normal Device Host Subsystem TCP Termination HTTP Proxy SSL Processing Add-on Card Sym/Asymmetric Crypto Host Subsystem Key Mgmt. Secret Keys When a FIPS compliant box is tampered, the SSL keys stored in FIPS hardware-secured module will automatically be destroyed, rendering them useless. FIPS-140 compliant Device TCP Termination HTTP Proxy SSL Processing Symmetric Crypto Key Mgmt. Add-on Card Asymmetric Crypto Secret Keys

20 Total Defense Security Architecture Customers DMZ Network Access Application Access 4,000 Users 1,000 Users Employees Internet Internet/ Intranet GeoLocation DNSSec Web App #1 Web App #2 Web App #3 15,000 Corporate Users VPN End Point Security DNS AD/LDAP Datacenter Primary 6,000 Corporate Branch Users Datacenter - Secondary As application become webified, there s a need to address the deficiencies of the HTTP security and introduce new defences (web access management, Web App FW) to product Vulnerable Web applications.

21 21 Secure the Banking Applications Australian Bank - Perimeter control with F5/Oracle > Web Application Firewall Protect from malicious internet traffic such as SQL Injection, XSS, Web Scraping, etc IB etrade > User Authentication & Endpoint Security Check (ASM) > Web protocol threat detection > User data input validation iapply other > SSL Acceleration > Application-layer rate-shaping > Local and Global Traffic Management / load balancing > Geo-location redirection > Web Content Delivery Acceleration (WA) > PCI Data Security Standard Compliance

Security with Performance

23 Accelerate Web Performance China Bank Web Acceleration Province 1 Province 2 BIG-IP WebAccelerator Internet or WAN Province n Beijing Data Center Response time Province 34 Without acceleration With WebAccelerator (asymmetric deployment) Solution Benefits Internal banking service acceleration Infrastructure optimization (seven time more requests per second) User experience improvement (6 (6 times faster page load) Bandwidth savings (10 times higher throughput)

Security with Performance and Availability

Always On Infrastructure 25

26 Internet Banking DC - ICBC ICBC is Largest Bank by Market Capitalization Major Applications: 1. Internet Banking 50 Million Users 42% of total Bank Transactions 40% improvement Web Performance

27 Intranet Banking DC- ICBC 2. Corporate IT 100+ F5 boxes optimizing 40 apps: Core Banking Secure Access Green Terminals ATM Front Server Mainframe Front Servers Branch Office optimization 3. F5 account team is working on optimizing the remaining 198 apps

28 Sysmex America The F5 solution beat out the competition because it promised more functionality for a comparable price, and we saw it as a strategic investment that would support our growth. Art Braune, Manager of Information Technology Sysmex America Sysmex America develops clinical testing devices for the healthcare industry. To ensure business continuity and seamless communication among customers, partners, and employees, Sysmex must keep email systems highly available. The company employed the Application Ready Solution for Microsoft Exchange Server 2010 from F5 Networks and as a result, has surpassed 99.999 percent email uptime. To ensure that the implementation followed best practices, Sysmex s IT department used F5 deployment guidance, jointly developed with Microsoft, and has enjoyed superior support from F5 engineers. The solution provides Sysmex with cost-effective, centralized management and a flexible platform that it will expand to support other key systems. Customer Overview: Sysmex America, based in Mundelein, Illinois, is the United States headquarters of Sysmex Corporation, a Japanese manufacturer of clinical testing devices and solutions for the healthcare industry. Sysmex relies on email to communicate with its customers (hospitals, clinics, test centers, and blood centers), suppliers, and key business partners. F5 Local Traffic Manager and F5 Application Ready Solution for Microsoft Exchange Server 2010 Benefits: Zero downtime for email. 99.999 percent email uptime Ability to perform maintenance without disruption to users High confidence in best practices implementation Cost-effective platform for growth Vertical: Location: Healthcare Mundelein, Illinois Case Study: http://www.f5.com/pdf/case-studies/sysmex-america-cs.pdf

29 F5 Solution for Migration to IPv6 Internet IPv6 Mobile Smart Devices IPv6 IPv4 Set-Top Box PC/Laptop HSPA/HSDPA GGSN/BRAS Destination IPv6 Destination IPv6 Destination IPv4 Destination IPv4 DNS Log AAA F5 NAT64 F5 NAT44 DNS64 HSL Traffic Steering Firewall SDC Destination IPv6 Destination IPv6 Destination IPv4 Destination IPv4 VAS IPv4 VAS IPv6 Internet IPv4

30 F5: A Common & Dynamic Application Services Platform From Enterprise to Cloud Separate Consolidate Aggregate Automate Liberate Test and development Server consolidation Capacity on demand Self-Managing data centres Enterprise computing clouds on and off premise Private Public Enterprise Objective: An IT Services On-Demand Platform

31 How can F5 Application Delivery Solution help your BUSINESS? We provide the Best User Experience solution at a competitive cost. How do we provide better user experience? By Making Transactions Safer to use Eliminates fraud, theft and following security breaches By Making Transactions Faster More revenue in a shorter time span without additions By Ensuring your site is never down 24/7 transaction regardless of peak or failure, prevention of site takedown disrupting business All of the above just lead to a better user experience

32 F5 s Dynamic Application Services Infrastructure Users Resources APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS Private Public Physical Virtual Multi-Site DCs Cloud

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback