Citrix NetScaler AppFirewall and Web App Security Service

Similar documents
The Top 6 WAF Essentials to Achieve Application Security Efficacy

Citrix NetScaler Make web applications run five times better

A simple, cost-effective way to transition your workloads to the cloud

SAP NetWeaver Server with NetScaler for Load Balancing(SSL offload), Application Firewall and- Integrated Caching

Citrix ADC Web App Firewall Service

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Pulse Secure Application Delivery

Citrix NetScaler Basic and Advanced Administration Bootcamp

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Citrix XenApp and XenDesktop 7.15 LTSR FIPS Sample Deployments

(CNS-301) Citrix NetScaler 11 Advance Implementation

Azure MFA Integration with NetScaler

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Citrix XenApp and XenDesktop 7.6 LTSR FIPS Sample Deployments

NetScaler Management and Analytics System service trial account checklist

Comprehensive Citrix HDX visibility powered by NetScaler Management and Analytics System

Solutions Business Manager Web Application Security Assessment

What is an application delivery controller?

Oracle PeopleSoft 9.2 with NetScaler for Global Server Load Balancing

Imperva Incapsula Website Security

Features. HDX WAN optimization. QoS

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Corrigendum 3. Tender Number: 10/ dated

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

How to buy or cancel the XenDesktop Essentials Service

Citrix NetScaler A foundation for next-generation datacenter security

Mobilize with Enterprise Security and a Productive User Experience

Web Application Firewall

TIBCO Cloud Integration Security Overview

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Citrix Tech Zone Citrix Product Documentation docs.citrix.com November 13, 2018

Design and deliver cloud-based apps and data for flexible, on-demand IT

Citrix Consulting. Guide to Consulting Methodology and Services

Configuring and Delivering Salesforce as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

THUNDER WEB APPLICATION FIREWALL

Evaluation Criteria for Web Application Firewalls

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

SoftLayer Security and Compliance:

Deploying NetScaler with Microsoft Exchange 2016

Cisco ASA 5500 Series IPS Solution

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Web application firewall Delivering must-have protection for web applications

Compare Security Analytics Solutions

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Simple and Powerful Security for PCI DSS

Web Application Firewall Subscription on Cyberoam UTM appliances

Brocade Application Delivery

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

Deployment Guide. Policy Engine (PE) Deployment Guide. A Technical Reference

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

PCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER

WHITE PAPER. Citrix NetScaler VPX. NetScaler VPX: Harness the Power of Virtualized Web App Delivery.

Security

Overview. Application security - the never-ending story

SIEMLESS THREAT MANAGEMENT

Key Considerations in Choosing a Web Application Firewall

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

NetScaler. The world s most advanced cloud network platform

White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device

CSWAE Certified Secure Web Application Engineer

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

BIG-IP Application Security Manager : Getting Started. Version 12.1

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

NetScaler. The world s most advanced cloud network platform

PCI DSS Compliance. White Paper Parallels Remote Application Server

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

XenApp 7.x on Oracle Cloud Infrastructure

Your Adoption Kit for Citrix Workspace Standard

XenApp, XenDesktop and XenMobile Integration

jetnexus Virtual Load Balancer

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

IBM Security Access Manager

Deploying Virtual Apps and Desktops with Citrix Provisioning using Oracle Cloud Infrastructure

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

WHITEPAPER. Security overview. podio.com

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Safeguarding Cardholder Account Data

PCI DSS and VNC Connect

A comprehensive security solution for enhanced mobility and productivity

PANORAMA. Key Security Features

White paper. Keys to Oracle application acceleration: advances in delivery systems.

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Web Application Firewall for Web Environments

Securing the Cloud. White Paper by Peter Silva

Complying with PCI DSS 3.0

jetnexus Virtual Load Balancer

C1: Define Security Requirements

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Installation Guide. Citrix License Server VPX v1.01

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

OWASP TOP OWASP TOP

Transcription:

Data Sheet Citrix NetScaler AppFirewall and Web App Security Service Citrix NetScaler AppFirewall TM is a comprehensive full function ICSA, Common Criteria, FIPS-certified web application firewall that analyzes all bi-directional traffic, including SSL-encrypted communication, to protect against a broad range of security threats. It provides the ability to perform deep-packet inspection of HTTP, HTTPS and XML as well as protection against OWASP top 10. NetScaler AppFirewall threat protection includes and is not limited to SQL injection attacks, cross-site scripting attacks, cookie tampering, form validation and protection, HTTP and XML reply and request format validation, JSON payload inspection, signature and behavior based protections, data loss prevention (DLP) support including the monitoring of traffic for intended and unintended data exposure, DoS protection, authentication, authorization and auditing support and reporting, and policy tools that provide for easier PCI-DSS compliance verification. Delivers PCI-DSS v.3.2 compliance Protects credit and debit card account numbers to comply with the Payment Card Industry Data Security Standards. Prevents data losses for which government regulations require customer notification. Simplifies desktop management. Protects online revenue sources Ensures uptime of web sites and web services by defeating L7 denial of service (DoS) attacks. Application learning ensures protection without false positives. Maintains trust relationship between consumer and vendor by preventing cross-site scripting (XSS) and crosssite forgery attacks. NetScaler AppFirewall technology is included in and integrated with Citrix NetScaler MPX and VPX, Platinum Edition, and is available as an optional module that can be added to NetScaler MPX appliances running NetScaler Enterprise Edition. NetScaler AppFirewall is also available as a stand- alone solution on several NetScaler MPX appliances. The stand-alone NetScaler AppFirewall models can be upgraded via software license to a full NetScaler Application Delivery Controller (ADC). We also have a cloud-based service through NetScaler Web App Security Service that protects customers web applications and infrastructure from cyber security attacks. Addressing security challenges Not only are web applications vulnerable to attack, they are attractive targets for hackers because they often have direct connectivity with one or more databases containing sensitive customer and company information. Threats against web applications are often devised specifically for a target application, making threat identification by network-level security devices (e.g., intrusion protection systems and network firewalls) impossible leaving web applications exposed to a myriad of known and zeroday exploits. NetScaler AppFirewall comprehensively addresses the challenge of delivering centralized application- layer security for all web applications and web services. Hybrid security model NetScaler AppFirewall enforces both positive and negative security models to ensure correct application behavior. The positive security model understands good application behavior, and treats all other traffic as malicious. This is the only proven approach delivering zero-day protection against unpublished exploits. Scanning of thousands of automatically updated signatures provides protection against known attacks. Meeting PCI compliance and auditing requirements NetScaler AppFirewall aids corporate IT security teams in conforming to governmental privacy regulations and industry mandates. For example, organizations subject to Payment Card Industry Data Security Standard (PCI-DSS) requirements can now fully meet the requirements detailed in PCIDSS Section 6.6, which mandates the 1

installation of web application firewall in front of public- facing applications as one method of maintaining a proper security posture. In support of PCI security audits, NetScaler AppFirewall can generate dedicated reports detailing all security protections defined in the application firewall policy that pertain to PCI requirements. In addition, NetScaler AppFirewall prevents the inadvertent leakage or theft of sensitive information, such as credit card numbers or custom-defined data objects, by either removing or masking content from application responses before being publicly disclosed. Defeating XML-based threats In addition to detecting and blocking common application threats that can be adapted for attacking XML-based applications (i.e. cross-site scripting, command injection, etc.), NetScaler AppFirewall includes a rich set of XML-specific security protections. These include schema validation to thoroughly verify SOAP messages and XML payloads, and a powerful XML attachment check to block attachments containing malicious executables or viruses. Automatic traffic inspection methods block XPath injection attacks on URLs and forms aimed at gaining access. NetScaler AppFirewall also thwarts a variety of DoS attacks, including external entity references, recursive expansion, excessive nesting and malicious messages containing either long or a large number of attributes and elements. Tailoring security policies NetScaler AppFirewall incorporates an advanced and proven adaptive learning engine that discovers aspects of application behavior that might be blocked by the positive security model even if the behavior is intended by the web application. This would include, for example, modifications made by client-side application scripting that legally modifies HTML form fields. Once application behavior is learned, NetScaler AppFirewall generates human-readable policy recommendations, which bring to security managers a clearer understanding of actual application behavior. Tailored security policies may then be applied to each application. Industry-leading performance NetScaler AppFirewall provides high capacity application security throughput to meet the needs of even the largest networks. In addition, the solution can actually improve application performance and lower response times by offloading compute-intensive tasks, such as TCP connection management, SSL encryption and compression from web servers. In addition, the integrated caching functionality available on the NetScaler platform offloads the servers while still applying full firewall functionality. Freeing valuable server resources improves the overall application experience. IP Reputation Service is Built-In NetScaler IP Reputation Service is built-in into NetScaler. This service is available at no extra cost with NetScaler AppFirewall solution. No service contract, no yearly renewals necessary. NetScaler IP Reputation Service provides a continuously updated list of malicious IP addresses in near real-time, providing an additional layer of protection and helping to reduce the burden on security teams. Rather than relying on static rapidly out-of-date public black lists, the NetScaler IP Reputation service automatically analyzes and correlates feeds from millions of global sensors in real-time and is updated every five minutes. Flexibility to adapt to changing business requirements NetScaler AppFirewall permits flexible, stepwise deployment of web application protection. The default web application protection profile defends against the most common dangerous threats and adds full protection against both data theft and layer 4-7 denial of service (DoS) attacks. The advanced web application protection profile adds session-aware protections to protect dynamic elements, such as cookies, form fields and session-specific URLs. Attacks that target the trust between the client and server including cross-site request forgery are stopped; requests are validated by checking for a unique ID inserted by NetScaler. Such protection is imperative for any application that processes user- specific content, such as an e-commerce site. To make sure these 2

security measures are compatible with any application, NetScaler AppFirewall learning capabilities help the administrator create managed exceptions and relaxations when the application s intended and legal behavior might otherwise cause a violation of the default security policy. NetScaler Web App Security Service NetScaler Web App Security Service is a cloudbased service that protects customers web applications and infrastructure from application and network level attacks. It has historical retention capabilities for easy operation and incident analysis. Features include: Comprehensive Security: Protection against web application attacks using signatures, blacklisted and whitelisted URLs/applications, IP Reputation etc, and helps maintain compliance Fast Deployment: Click & Protect with NetScaler Web App Security Service less than 5 clicks from first time login to protection Ease of Use: Quick and easy to deploy, manage, and create reports using a simplified GUI NetScaler AppFirewall Model MPX 5550 MPX 5650 MPX 8005 MPX 11515 Memory 8 GB 8 GB 32 GB 48 GB Ethernet ports 6x10/100/1000 BASE-T 6x10/100/1000 BASE-T Upgrade Option MPX 5650 6x10/100/1000 BASE-T and 6x1000BASE-T SFP Or 6x10/100/1000 BASE-T and 2x10G BASE-X SFP+ Throughput Basic mode (Gbps) 0.5 5.3 5.4 14 SSL transactions/second 1,500 2,800 6,500 22,500 Platform mechanical, environmental and regulatory Power supplies Single Single Single-Optional Second Dual Height 1U 1U 1U 2U 8x10G BASE-X SFP+ and 4x1000 BASE-X SFP MPX 11520/11540 NetScaler AppFirewall Model MPX 11520 MPX 11540 Memory 48 GB 48 GB Ethernet ports 8x10G BASE-X SFP+ and 4x1000 BASE-X SFP Upgrade Option MPX 11540 Throughput Basic mode (Gbps) 17 20 SSL transactions/second 25,000 43,000 Platform mechanical, environmental and regulatory Power supplies Dual Dual Height 2U 2U 8x10G BASE-X SFP+ and 4x1000 BASEX SFP 3

NetScaler Platform MPX/SDX 25160-40G MPX/SDX 25100-40G MPX/SDX 14100 MPX/SDX 14080 Memory 256 GB 256 GB 64 GB 64 GB Ethernet ports (Published Ethernet interfaces compliant per IEEE802. 3-2002/2005/2008/2012) Transceivers support Pay as you grow and BurstPack license upgrades 4x 40GE QSFP+; 40GE QSFP+: SR, LR; 10GE SFP+: SR, LR 4x 40GE QSFP+; 40GE QSFP+: SR, LR; 10GE SFP+: SR, LR MPX/SDX 25160-40G 10GE SFP+: SR, LR; 1G cu Throughput Basic mode (Gbps) 44 33 29 26 SSL transactions/sec (2K key certificates) Platform mechanical 69,000 43,000 69,000 69,000 Power supplies 2 2 2 2 Height 2U 2U 2U 2U 10GE SFP+: SR, LR; 1G cu MPX/SDX 14100 NetScaler Platform MPX/SDX 14060 MPX/SDX 14040 MPX/SDX 14030 Memory 64 GB 64 GB 64 GB Ethernet ports Transceivers support 10GE SFP+: SR, LR; 1G cu 10GE SFP+: SR, LR; 1G cu 10GE SFP+: SR, LR; 1G cu Pay as you grow 14080 and 14100 14060, 14080 and 14100 Throughput Basic mode (Gbps) 23 18 16 SSL transactions/sec (2K key certificates) Platform mechanical 69,000 42,000 30,000 Power supplies 2 2 2 Height 2U 2U 2U 14040, 14060, 14080 and 14100 Note: The above models are available as stand-alone NetScaler AppFirewall solutions. Additional application firewall support is provided as an integrated module within NetScaler VPX 10, 200, 1000 and 3000 virtual appliances and all NetScaler MPX Application Delivery Controller (ADC) hardware platforms. 4

Technical aspects Protects online revenue sources Buffer overflow CGI-BIN parameter manipulation Form/hidden field manipulation Forceful browsing protection Cookie or session poisoning Cross-site scripting (XSS) Cross-site request forgery Command injection SQL injection Error triggering sensitive information leak Insecure use of cryptography Server misconfiguration Back doors and debug options Rate-based policy enforcement Well-known platform vulnerabilities SOAP array attack protection Content rewrite and response control Content Filtering Authentication, authorizating and auditing L4-7 DoS protection Simplified management and deployment user interface Secure web-based GUI SSH-based CLI access network management SNMP Syslog-based logging PCI-DSS compliance reporting tool AppExpert Templates for Web Interface and Microsoft SharePoint Import/export Application Firewall profiles Convert third party application vulnerability tool output to NetScaler rules Quick deployment of new rules from Common Event Format (CEF) logs Comprehensive web server and web services security Deep stream inspection; bi-directional analysis HTTP & HTML header and payload inspection Full HTML parsing; semantic extraction Session-aware and stateful HTTP Signature scanning Scan thousands of signatures Response side checks Protocol neutrality HTML form field protection: - Required fields returned; no added fields allowed; read-only and hidden field enforcement - Drop-down list & radio button field conformance - Form-field max-length enforcement Cookie protection Signatures to prevent tampering; cookie encryption and proxying Legal URL enforcement Web application content integrity Full SSL offload: - Decrypts traffic prior to inspection; encrypts traffic prior to forwarding - Configurable back-end encryption - Support for client-side certificates XML data protection: - XML security: protects against XML denial of service (xdos), XML SQL and Xpath injection and cross site scripting - XML message and schema validation, format checks, WS-I basic profile compliance, XML attachments check URL transformation WSDL scan prevention to protect unpublished APIs Support for Chunked POST requests Enterprise Sales North America 800-424-8749 Worldwide +1 408-790-8000 Locations Corporate Headquarters 851 Cypress Creek Road Fort Lauderdale, FL 33309 United States Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054 United States Copyright 2017 Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Office and in other countries. All other marks are the property of their respective owner/s. 0517/PDF 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback