Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology
Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS INFRASTRUCTURE APPLICATIONS
Cloud Applications Are Exposed to New Threats Designing for dramatically larger number of users shifts focus towards performance and away from security Cloud Cloud applications use off-the-shelf building blocks, in house services, and 3rd party frameworks each with individual vulnerabilities Vulnerabilities exposed when applications designed for in-house data centers migrate to the cloud
There is a Real Cost of Not Securing Applications Global headlines. Real business impact. 3 Months offline $10,000,000 fined for security breach 500,000 replacement credit cards issued $94,000,000 in remediation costs 40,000,000+ credit card details lost
Beyond $$: Other Business Drivers for Application Security Compliance! Regulatory Pressures! PCI DSS, HIPAA, etc.! Data Privacy Act Revenue & Reputation Best Practices! Opportunity cost of remediation! Brand and reputation damage! Loss of income! Security Governance! Cross-business collaboration! Delegation of responsibility! Understand changing risk profiles of your application! Due Diligence
Changing Risk Profiles Make it Harder to Secure Cloud Applications Vulnerable third-party software components Cross-site request forgery (CSRF) Malicious requests (e.g. SQL-injection) Authentication and session attacks Cross-site scripting (XSS) URL manipulation For detailed information on the latest trends in application vulnerabilities, see OWASP Top Ten Projects at https://www.owasp.org/
Traditional Web Application Firewalls are Not Effective in Cloud Environments TRADITIONAL SOLUTION IS INEFFICIENT Dedicated hardware WAF One WAF per deployment Increased capital costs Decreased provisioning agility in a dynamic, virtualized environment Increased management costs without levels of delegation for administration
REQUIRED: A Distributed Web Application Firewall Purpose-built for Cloud Security
The Web Application Firewall Must be Massively Scalable & Portable! Across CPU, computer, server rack and data center boundaries! Across multiple applications at a time (e.g. cloud bursting)! Across private, hybrid or public clouds, and small or large traditional data centers! Available as virtual appliance and a plug-in! Start small, but allow scale up without changes to security solution Public Private Data Center Local Machine
Flexible, Portable Across Platforms Fits into existing infrastructures and processes Can live in a wide variety of components effectively Available as virtual appliance and a plug-in Mixes traditional and virtual technologies
Distributed and Delegated Management Public Private 1 2 3 4 Easy, central management with a simple web-based management UI Granular configuration settings for each application and each customer Proactive Monitoring tuned for each application Multi administrator privileges to handle diverse security policy schemes Fits into any existing or planned application delivery infrastructure.
Securing Cloud Applications with a Distributed Web Application Firewall Download the Complete Whitepaper from www.riverbed.com/s2ngray- appsec Follow Us : www.riverbed.com 2013 2013 Riverbed Technology