Next Gen Application Network Services · (Microservices…) Avi Networks Proprietary and Confidential 2018 Web Application Firewalls –State of the Union Today Massive gap –Minimal

Avi Networks Proprietary and Confidential 2018

Next Gen Application Network ServicesiWAF: Industry’s first Distributed hybrid-cloud Web Application Firewall

Closed-Loop Intelligence | Elastic Performance | Real-time Analytics


Software That Delivers Applications for Global Enterprises

› Application Networks Services: Software Load Balancing, Security, WAF, Visibility

› Universal Solution for Traditional and Modern Use Cases

› Global Footprint and Strategic Cisco Partnership


Web Application Attacks are Most Prevalent and Damaging

Incident: A security event that compromises the integrity, confidentiality or availability of an information asset.

Breach: An incident that results in the confirmed disclosure—not just

potential exposure—of data to an unauthorized party.

Source: Verizon Data Breach Investigations Report (DBIR) 2017


Exponential impact of two trends

• Applications are moving to web based interfaces

• Many more application end points on network

Massive increase in L7 attack surface in modern applications

Legacy App

IP/Port

Modern App

HTTP, REST, L7…

More Apps(Microservices…)


Web Application Firewalls – State of the Union TodayMassive gap – Minimal coverage today vs. desired end state of 100% coverage

Reality

No WAF for most apps

Complex Rules

Poor Analytics

Poor performance, highly variable

100%Coverage

Need!

One-click rules

Real time intelligence

High performance, elastic

Challenge:How to bridge this gap??


Avi Networks iWAF – Intelligent Web Application Firewall

Writing rules is complexRules set tuning requires experts

Don’t know what’s going onHard to tell which rules are hit & why

Capacity planning nightmareLow performance, massive variability

Today Avi iWAF

Simplified RulesEspecially for common use cases

Real-time granular analyticsInsights on which flow hit which rules

Elastic ScaleHigh performance, scale-out platform


CONTROLDATA

Monolithic Appliances to Modern Distributed Architecture

Separate Control & Data PlaneManage as one, not many devices

APPLICATIONS

Controller

Monolithic Appliance SoftwareManagement Plane: UI/CLI

Data Plane: LB

Service Engines


Avi Platform – Modern Distributed Architecture

CONTROLDATA

Universal SolutionBoth traditional and modern use cases

Service Engines Controller

Public Cloud

Bare Metal Virtualized Containers

On Premises

Separate Control & Data PlaneManage as one, not many devices

VisibilityActionable insights key to automation

10x Performance• 4 Tbps• 12M SSL TPS

ElasticityOn-demand scalability up / down

REST API

AutomationHighly programmable, Plug-n-Play


Comprehensive Services – For All Major Environments

Application Services

Out-of-Box Automation

CONTAINERS SDN OPENSTACK AUTOMATION ON-PREM or OFF

Load BalancingL7 (HTTP) LB

L4 (TCP/UDP) LB

Global Load Balancing

Content Switching

Caching/Compression

Auto-Scaling

WAF & SecurityWeb app firewall (WAF)

SSL Termination

DDoS Protection

L3-4 ACLs

L7 Rules/Policies

Micro-Segmentation

AnalyticsApplication map

Service Health Score

Network performance

App Performance

Request Logging

Security Insights

MESOS

Bare Metal

PlatformCentral Management

100% REST API / SDK

Self-Service

Multi-Tenancy

Service Discovery

IPAM/DNS


Avi iWAF

EncryptionSSL/TLS

L3/4 ACLsIP-Port based Security Rules

L7 ACLsContent (URI) based security rules

DDoS ProtectionDDoS detection and mitigation with elastic scaling

Application Rate LimitingControl and restrict by application or tenants

Security In

sights

Security sco

re, Real-tim

e attacks, SSL Insigh

ts

Web Application FirewallOWASP CRS protection, Attack Analytics

Fully Integrated with Avi’s Comprehensive Security Services

• Centralized Management

• Multi-Cloud Elastic Fabric

• Automation & Programmability

• Real Time Visibility & Analytics

REST API

Data Center Private Cloud Public Cloud


•OWASP Top 10 Protection

•Based on Avi improved

OWASP Core Rule Set (CRS) 3.0

•Signatures for common web vulnerabilities

•Custom rule support (ModSecurity rule language)

WAF | security


Simple, Scalable, and Intelligent Web Security

• Point & click policies• Central policy management

• Visually analyze policies• Eliminate false positives

• Customize for specific apps• Enforce and adjust

iWAF Policy Model


DEMO: WAF Connection Analytics – Rule, Tag, Group, Timing (Latency)


Where Customers Deploy Avi

ADC/LB or WAF Refresh

Automation & Private CloudNetwork Modernization & SDN

Project• Load balancer refresh• Mix of physical and virtual

Why Avi:• Less than half the cost• Central management and control• Application performance monitoring• Easy migration, short time to value

Public Cloud (or Hybrid) Containers/PaaS

(OpenStack, VMware, Puppet/Chef…)

Project• Self-service Load Balancer & WAFWhy Avi:• Automated elastic load balancer• Integrated App perf monitoring

(Bare metal x86, VMware ESX, Cisco CSP…)

(AWS, Azure, GCP, SoftLayer…)

Project• Full featured Elastic LB & WAFWhy Avi:• Enterprise class features – LB, Security• Consistency – On-prem and Cloud

(Ansible, Cisco ACI, VMware NSX, Nuage…)

Project• LB or WAF integration with SDNWhy Avi:• 100% REST API, Programmability• SDN Integration

(OpenShift, Kubernetes, Docker…)

Project• LB or WAF integration with PaaS/CaaSWhy Avi:• Single LB for North-south & East-west• Converged platform: LB, Security, Visibility


Case Study – Swiss Lottery Company

Centralized management simplifies

administration.

Leading appliance-based WAF solution

had significant performance issues.

Impressive ease-of-use and

performance with on-demand scale out.

Challenges Why Avi Networks

Product refresh for appliances was cost

prohibitive iWAF analytics and logging make setting

the right policies simple.

“Appliance-based products weren’t

meeting our needs, and as we

evaluated alternatives, web

application firewalling was our

number-one consideration. We

were pleasantly surprised by Avi

iWAF’s simple deployment,

impressive ease-of-use, and

intelligent security analytics, as

well as the responsiveness of the

Avi team.”

Joris Vuffray, Head of Network

and System Management


Quantifiable Benefits – Immediate and Ongoing

• Run on commodity x86

• No overprovisioning, elastic

• Flexible subscription licensing

• Replay traffic events

• Application Health Scores

• Insights: Performance, Security

• Centralized Management

• On-demand scaling

• Full automation with REST API

50%+ savings over appliances 4+ hr reduction in resolution time 90%+ faster provisioning

Reduce Costs Faster ProvisioningFaster Troubleshooting


Documents

Next Gen Application Network Services · (Microservices…) Avi Networks Proprietary and Confidential 2018 Web Application Firewalls –State of the Union Today Massive gap –Minimal