www.riverbed.com ©2013 Riverbed Technology
Securing Cloud Applications with a
Distributed Web Application Firewall
Primary Target of Attack Shifting from Networks and Infrastructure to Applications
©2013 Riverbed Technology | www.riverbed.com
NETWORKS INFRASTRUCTURE APPLICATIONS
Cloud Applications Are Exposed to New Threats
©2013 Riverbed Technology | www.riverbed.com
Designing for dramatically larger number of users shifts
focus towards performance and away from security
Cloud applications use off-the-shelf building blocks, in house services, and 3rd party frameworks – each with individual vulnerabilities
Vulnerabilities exposed when applications designed for in-house data centers migrate to the cloud
Cloud
There is a Real Cost of Not Securing Applications
©2013 Riverbed Technology | www.riverbed.com
3 Months offline
$10,000,000 fined for
security breach
500,000 replacement credit
cards issued
40,000,000+ credit card details
lost
$94,000,000 in remediation
costs
Global headlines. Real business impact.
Beyond $$: Other Business Drivers for Application Security
©2013 Riverbed Technology | www.riverbed.com
Compliance
Revenue & Reputation
Best Practices
! Regulatory Pressures
! PCI DSS, HIPAA, etc.
! Data Privacy Act
! Opportunity cost of remediation
! Brand and reputation damage
! Loss of income
! Security Governance
! Cross-business collaboration
! Delegation of responsibility ! Understand changing risk
profiles of your application ! Due Diligence
Changing Risk Profiles Make it Harder to Secure Cloud Applications
©2013 Riverbed Technology | www.riverbed.com
For detailed information on the latest trends in application vulnerabilities, see OWASP Top Ten Projects at https://www.owasp.org/
Cross-site scripting (XSS)
Malicious requests (e.g. SQL-injection)
Vulnerable third-party software components
Cross-site request forgery (CSRF)
Authentication and session attacks
URL manipulation
Traditional Web Application Firewalls are Not Effective in Cloud Environments
©2013 Riverbed Technology | www.riverbed.com
Increased capital costs
Decreased provisioning agility in a dynamic, virtualized environment
Increased management costs without levels of delegation for administration
TRADITIONAL SOLUTION IS INEFFICIENT Dedicated hardware WAF One WAF per deployment
A Distributed Web Application Firewall Purpose-built for Cloud Security
REQUIRED:
The Web Application Firewall Must be Massively Scalable & Portable
©2013 Riverbed Technology | www.riverbed.com
! Across CPU, computer, server rack and data center boundaries
! Across multiple applications at a time (e.g. cloud bursting)
! Available as virtual appliance and a plug-in
! Start small, but allow scale up without changes to security solution
! Across private, hybrid or public clouds, and small or large traditional data centers
Public Private
Data Center
Local Machine
Available as virtual appliance
and a plug-in
Can live in a wide variety of components effectively
Flexible, Portable Across Platforms
©2013 Riverbed Technology | www.riverbed.com
Mixes traditional and virtual technologies
Fits into existing infrastructures and processes
Distributed and Delegated Management
©2013 Riverbed Technology | www.riverbed.com
Public Private
Easy, central management with a simple web-based management UI
Granular configuration settings for each application and each customer
Fits into any – existing or planned – application delivery infrastructure.
Multi administrator privileges to handle diverse security policy schemes
1 2 3 4
Proactive Monitoring – tuned for each application
Securing Cloud Applications with a Distributed Web Application Firewall
www.riverbed.com©2013 ©2013 Riverbed Technology
Follow Us :
Download the Complete Whitepaper from www.riverbed.com/s2ngray-‐appsec