Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

Similar documents
Overview. Application security - the never-ending story

Managed Application Security trends and best practices in application security

Security

Pulse Secure Application Delivery

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Security Communications and Awareness

Presentation Overview

Security Communications and Awareness

Application Security. Doug Ashbaugh CISSP, CISA, CSSLP. Solving the Software Quality Puzzle

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Vulnerability Assessment with Application Security

Automating the Top 20 CIS Critical Security Controls

Qualys Cloud Platform

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

epldt Web Builder Security March 2017

Imperva Incapsula Website Security

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Brocade Application Delivery

Delivering Complex Enterprise Applications via Hybrid Clouds

Web Application Firewall

Imperva Incapsula Product Overview

Protecting Your Cloud

Development*Process*for*Secure* So2ware

Security Readiness Assessment

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

CipherCloud CASB+ Connector for ServiceNow

TRUE SECURITY-AS-A-SERVICE

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Solutions Business Manager Web Application Security Assessment

CISO View: Top 4 Major Imperatives for Enterprise Defense

Next-Generation HCI: Fine- Tuned for New Ways of Working

Angela McKay Director, Government Security Policy and Strategy Microsoft

AKAMAI CLOUD SECURITY SOLUTIONS

Cloud Services. Infrastructure-as-a-Service

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

SIEMLESS THREAT MANAGEMENT

Cyber Security in the time of Austerity. Shannon Simpson, CCO CNS Group

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Moving Workloads to the Public Cloud? Don t Forget About Security.

Web Application Threats and Remediation. Terry Labach, IST Security Team

PCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

Aguascalientes Local Chapter. Kickoff

PT Unified Application Security Enforcement. ptsecurity.com

THUNDER WEB APPLICATION FIREWALL

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Shortcut guide to Web application firewall deployment

Brocade Virtual Web Application Firewall

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

The IBM Platform Computing HPC Cloud Service. Solution Overview

Securing Your Microsoft Azure Virtual Networks

Network Security Protection Alternatives for the Cloud

The Nasuni Security Model

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

Securing Your Amazon Web Services Virtual Networks

Least privilege in the data center

What is Penetration Testing?

THE HYBRID CLOUD. Private and Public Clouds Better Together

Go Cloud. VMware vcloud Datacenter Services by BIOS

OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES

Protect Your End-of-Life Windows Server 2003 Operating System

Mitigating Risks with Cloud Computing Dan Reis

Chrome Extension Security Architecture

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

Cloud Security Strategy - Adapt to Changes with Security Automation -

Protect Your End-of-Life Windows Server 2003 Operating System

SYMANTEC DATA CENTER SECURITY

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

Security Best Practices. For DNN Websites

PCI DSS Compliance. White Paper Parallels Remote Application Server

An introductory look. cloud computing in education

Modern Database Architectures Demand Modern Data Security Measures

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Best Practices in Securing a Multicloud World

IT your way - Hybrid IT FAQs

Total Threat Protection. Whitepaper

Securing Cloud Computing

Title: Planning AWS Platform Security Assessment?

Locking Down the Cloud Security is Not a Myth

Security Configuration Assessment (SCA)

Commerce PCI: A Four-Letter Word of E-Commerce

ALIENVAULT USM FOR AWS SOLUTION GUIDE

WHITE PAPER. Title. Managed Services for SAS Technology

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

Application. Security. on line training. Academy. by Appsec Labs

The Evolution of Data Center Security, Risk and Compliance

McAfee Database Security

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

Securing the Cloud Today: How do we get there?

Integrigy Consulting Overview

SoftLayer Security and Compliance:

C1: Define Security Requirements

Transcription:

Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology

Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS INFRASTRUCTURE APPLICATIONS

Cloud Applications Are Exposed to New Threats Designing for dramatically larger number of users shifts focus towards performance and away from security Cloud Cloud applications use off-the-shelf building blocks, in house services, and 3rd party frameworks each with individual vulnerabilities Vulnerabilities exposed when applications designed for in-house data centers migrate to the cloud

There is a Real Cost of Not Securing Applications Global headlines. Real business impact. 3 Months offline $10,000,000 fined for security breach 500,000 replacement credit cards issued $94,000,000 in remediation costs 40,000,000+ credit card details lost

Beyond $$: Other Business Drivers for Application Security Compliance! Regulatory Pressures! PCI DSS, HIPAA, etc.! Data Privacy Act Revenue & Reputation Best Practices! Opportunity cost of remediation! Brand and reputation damage! Loss of income! Security Governance! Cross-business collaboration! Delegation of responsibility! Understand changing risk profiles of your application! Due Diligence

Changing Risk Profiles Make it Harder to Secure Cloud Applications Vulnerable third-party software components Cross-site request forgery (CSRF) Malicious requests (e.g. SQL-injection) Authentication and session attacks Cross-site scripting (XSS) URL manipulation For detailed information on the latest trends in application vulnerabilities, see OWASP Top Ten Projects at https://www.owasp.org/

Traditional Web Application Firewalls are Not Effective in Cloud Environments TRADITIONAL SOLUTION IS INEFFICIENT Dedicated hardware WAF One WAF per deployment Increased capital costs Decreased provisioning agility in a dynamic, virtualized environment Increased management costs without levels of delegation for administration

REQUIRED: A Distributed Web Application Firewall Purpose-built for Cloud Security

The Web Application Firewall Must be Massively Scalable & Portable! Across CPU, computer, server rack and data center boundaries! Across multiple applications at a time (e.g. cloud bursting)! Across private, hybrid or public clouds, and small or large traditional data centers! Available as virtual appliance and a plug-in! Start small, but allow scale up without changes to security solution Public Private Data Center Local Machine

Flexible, Portable Across Platforms Fits into existing infrastructures and processes Can live in a wide variety of components effectively Available as virtual appliance and a plug-in Mixes traditional and virtual technologies

Distributed and Delegated Management Public Private 1 2 3 4 Easy, central management with a simple web-based management UI Granular configuration settings for each application and each customer Proactive Monitoring tuned for each application Multi administrator privileges to handle diverse security policy schemes Fits into any existing or planned application delivery infrastructure.

Securing Cloud Applications with a Distributed Web Application Firewall Download the Complete Whitepaper from www.riverbed.com/s2ngray- appsec Follow Us : www.riverbed.com 2013 2013 Riverbed Technology

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback