Download pdf - Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

www.riverbed.com ©2013 Riverbed Technology

Securing Cloud Applications with a

Distributed Web Application Firewall

Primary Target of Attack Shifting from Networks and Infrastructure to Applications

©2013 Riverbed Technology | www.riverbed.com

NETWORKS INFRASTRUCTURE APPLICATIONS

Cloud Applications Are Exposed to New Threats


Designing for dramatically larger number of users shifts

focus towards performance and away from security

Cloud applications use off-the-shelf building blocks, in house services, and 3rd party frameworks – each with individual vulnerabilities

Vulnerabilities exposed when applications designed for in-house data centers migrate to the cloud

Cloud

There is a Real Cost of Not Securing Applications


3 Months offline

$10,000,000 fined for

security breach

500,000 replacement credit

cards issued

40,000,000+ credit card details

lost

$94,000,000 in remediation

costs

Global headlines. Real business impact.

Beyond $$: Other Business Drivers for Application Security


Compliance

Revenue & Reputation

Best Practices

!   Regulatory Pressures

!   PCI DSS, HIPAA, etc.

!   Data Privacy Act

!   Opportunity cost of remediation

!   Brand and reputation damage

!   Loss of income

!   Security Governance

!   Cross-business collaboration

!   Delegation of responsibility !   Understand changing risk

profiles of your application !   Due Diligence

Changing Risk Profiles Make it Harder to Secure Cloud Applications


For detailed information on the latest trends in application vulnerabilities, see OWASP Top Ten Projects at https://www.owasp.org/

Cross-site scripting (XSS)

Malicious requests (e.g. SQL-injection)

Vulnerable third-party software components

Cross-site request forgery (CSRF)

Authentication and session attacks

URL manipulation

Traditional Web Application Firewalls are Not Effective in Cloud Environments


Increased capital costs

Decreased provisioning agility in a dynamic, virtualized environment

Increased management costs without levels of delegation for administration

TRADITIONAL SOLUTION IS INEFFICIENT Dedicated hardware WAF One WAF per deployment

A Distributed Web Application Firewall Purpose-built for Cloud Security

REQUIRED:

The Web Application Firewall Must be Massively Scalable & Portable


!   Across CPU, computer, server rack and data center boundaries

!   Across multiple applications at a time (e.g. cloud bursting)

!   Available as virtual appliance and a plug-in

!   Start small, but allow scale up without changes to security solution

!   Across private, hybrid or public clouds, and small or large traditional data centers

Public Private

Data Center

Local Machine

Available as virtual appliance

and a plug-in

Can live in a wide variety of components effectively

Flexible, Portable Across Platforms


Mixes traditional and virtual technologies

Fits into existing infrastructures and processes

Distributed and Delegated Management


Public Private

Easy, central management with a simple web-based management UI

Granular configuration settings for each application and each customer

Fits into any – existing or planned – application delivery infrastructure.

Multi administrator privileges to handle diverse security policy schemes

1 2 3 4

Proactive Monitoring – tuned for each application

Securing Cloud Applications with a Distributed Web Application Firewall

www.riverbed.com©2013 ©2013 Riverbed Technology

Follow Us :

Download the Complete Whitepaper from www.riverbed.com/s2ngray-‐appsec