Click here to load reader

Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer

  • View

  • Download

Embed Size (px)

Text of Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First...

  • ImpervaTotal Application SecurityIdan Soen, CISSPSecurity Engineer

    SecureSphere The First Dynamic Profiling Firewall


    AgendaImpervaApplication Security LandscapeSecureSphere


    ImpervaCompany Focus: Total Application SecurityFounded in 2000 by worlds elite application security specialists Israeli Defense Force cyber warfare teamPrivate sector penetration testing & app security consultantsCo-Founder, CEO Shlomo Kramer Check Point co-founderCo-developer of Stateful InspectionSecureSphere Product FamilyFirst Dynamic Profiling Firewall


    Data Center Security Need to Secure the Data CenterData Center Assets have Never Been More Critical

    or More Vulnerable92% Vulnerable to* Identity theftData theftWormsDenial of ServiceSQL InjectionParameter tampering

    Business Implications of AttackLost revenueBrand erosionRegulatory complianceSOX, GLBA, HIPAA, CA SB-1386, CISP, etcData Center & DMZCritical Servers, Proprietary Information And Custom Business ApplicationsUsers*Source: Imperva Application Defense Center


    Application ThreatsWeb Application and Web Services attacksExternal SQL injectionAttacks custom business applications A multi-dimensional problemInternal UsersWeb SQL injection Cookie poison etc. Database Data theft Data corruption etc.Worm Code Red Nimda etc. Data Center & DMZCritical Servers, Proprietary Information And Custom Business Applications

    Database breachInternal direct breachAttacks proprietary information Using legitimate access for illegitimate purposesWorm infectionExternal and internal sources of infectionAttacks critical serversKnown vulnerabilities and zero day web worm


    Data Center Security Different Problem, Different Solution


    Securing the Data Center A New Type of Firewall is NeededNetwork Access(OSI Layer 1 3)Protocol Usage(OSI Layer 4 7)Application and Database Usage(New Layer 8+)

    Network LayerApplication LayerApplication LogicData Center Application Security not Addressed by Network Firewall or IPS TechnologySQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc.SecureSphere Data Center FirewallProtect critical servers, proprietary information and custom business applications


    Securing the Data Center Point Solutions ProblematicFragmented ProtectionDeep Inspection FirewallApplication FirewallDatabase FirewallXML Firewall

    Static Policy & RulesRequires constant manual tuning

    Fragmented ManagementSet policy on each deviceFragmented logging, forensics, monitoringNo integrated reportingNo Cooperation Between LayersPoor Performance and ScalabilityData CenterWeb Servers App. Servers, DatabasesInternal UsersDMZWeb Servers, App Servers, DatabasesDI FirewallApp FirewallDatabase FirewallXML Firewall


    Securing the Data Center Breaking the BarrierA Dynamic Profiling Firewall must build and tune the security profile without human interventionMuch more information needed for security decisionsWeb App elementsURLs, Cookies, Parameters, Users, Sessions, etc.Web Services elementsXML URLs, SOAP actions, XML elements, etc.Database elementsSQL Queries, SQL Tables, Users, etc.

    Too complex for manual interventionDynamic Profiling FirewallNetwork Layer(OSI layers 1 3)Application Layer(OSI layers 4-7)Application Logic and DatabasesNew layer(s)! 8+


    SecureSphere Dynamic Profiling FirewallData Center Ready SecurityUnified Protection Web, database and worm attacksInternal and external attackersLayers 1-7 and 8+

    Dynamic ProfilingAutomatically models application structure and dynamics Web Application: URLs, cookies, users, parameters, sessions, etc.Web Services: XML URLs, SOAP actions, XML elements, etc.Database: SQL queries, SQL tables, parameters, users, etc.No on-going manual tuning Adapts when application changes

    Centralized Management Enforcement & Auditing Across LayersHigh Performance and Highly ScalableInternal UsersSecureSphere G4 GatewaysSecureSphere MX Management ServerData CenterWeb Servers App. Servers, DatabasesDMZWeb Servers App Servers, Databases


    Security CoverageSecureSphere Secures the Data Center SecureSphere Protects Against

    Web Application AttackBoth Interface and Logic

    Web Services AttackSOAP/XML interfaces

    Database BreachDirect Database AttacksVia Web ApplicationVia Web Services

    Worm/Platform Attack Network StackOperating SystemsInfrastructure Server Software

    Application Data Center Infrastructure


    Security Coverage SecureSphere IPSProtects Critical Data Center ServersOperating System Platformagnostic of vendor / versionServer SoftwareNetwork AccessNetwork Protocols

    Attacks PreventedServer WormsUnauthorized AccessProtocol Attacks

    DefensesUser and protocol access controlProtocol Validation and UsageFull Snort-compatible signature protectionImpervas Advanced ADC defensesWeb Worm ProfilingApplication Data Center Infrastructure


    Security Coverage SecureSphere - Web App Firewall Dynamic Profiling Protects Traditional Web App ElementsApplication LogicForm fields, cookies, URLs, ParametersAgnostic Web / App Server SoftwareApache, IIS, etc.Example Attacks PreventedCross-site scriptingSQL InjectionCommand InjectionIllegal encodingBuffer OverflowsCookie PoisoningParameter TamperingForm Field TamperingMalicious Scanning / RobotsPhishingDenial of ServiceIntegrated IPS Protects the OS and the Network (point solutions dont)Application Data Center Infrastructure


    Security Coverage SecureSphere - XML Firewall Dynamic Profiling Protects Web Services ElementsApplication / Web ServersAgnostic to vendor brandsWeb Services Protocols and Standards XML, SOAP, WSDL

    Attacks PreventedElement TamperingStructure TamperingSQL InjectionCommand InjectionIllegal encodingCross Site ScriptingBuffer Overflow

    Integrated IPS Protects the OS and the Network (point solutions dont)Application Data Center Infrastructure


    Deployment Performance and ScalabilityHigh PerformanceUp to 1 Gbps throughputSub millisecond latencyUp to 8,000 transaction/second

    ScalabilityG4: Entry for small to medium segmentsG8: Performance for larger segmentsMX: Centralized management for multi-gateway environments

    G4 Gateway ApplianceThroughput500 MbpsRequests Per Second4000Form Factor1UMax Sniffing Interfaces3Max Inline Segments1


    OperationsCentralized Management

    Centralized Management ServicesManages all devices from a single consoleApplication level profiles and policyIntegrated logging and forensicsUser specific alerts and monitoringIntegrated compliance reporting

    Scalable for Large DeploymentsThree-tier architectureBrowser-based interfaceRole-based administrationEasy appliance deploymentAppliances auto-configured by mgt serverMX Management ServerSecureSphere Gateway AppliancesBrowser Interface


    Summary Securing the Data CenterBusinesses Vulnerable to New Data Center ThreatsIdentity theft, data theft, SQL injection, worms, and DoSRisking brand, revenue, and regulatory compliance

    IPS and Network Firewalls are Not EnoughDo not protect proprietary information and custom business applications

    SecureSphere - Data Center Ready ProtectionSecurity Protects proprietary information, custom applications, and critical serversBlocks even the most sophisticated attacksDeploymentNo change to existing applications and infrastructureFlexible networking and high availabilityPerformance and scalabilityOperationsNo manual tuningCentralized managementLow TCO and High ROI


    Thank You

    Imperva Inc. 950 Tower Lane, Suite 1710 Foster City, CA 94404 Sales: (866) 926-4678


    MX ManagementDatabaseY2GatewayG2Web App X1Web App X2GatewayG1Database Y1OOBOOBTest EnvReal Life Env


Search related