12
www.riverbed.com ©2013 Riverbed Technology Securing Cloud Applications with a Distributed Web Application Firewall

Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Embed Size (px)

DESCRIPTION

The dramatic growth of online business along with the rise of cloud technologies has been accompanied by a burst of innovative ways to engage customers and drive new business models. It has also brought new security challenges as more customers and transactions are processed through online portals. The focus of IT security is increasingly moving away from the network and IT infrastructure to the application and software architecture itself, which means IT organizations need to adapt to new security challenges.

Citation preview

Page 1: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

www.riverbed.com  ©2013  Riverbed  Technology  

Securing Cloud Applications with a

Distributed Web Application Firewall

Page 2: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Primary Target of Attack Shifting from Networks and Infrastructure to Applications

©2013  Riverbed  Technology    |    www.riverbed.com  

NETWORKS INFRASTRUCTURE APPLICATIONS

Page 3: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Cloud Applications Are Exposed to New Threats

©2013  Riverbed  Technology    |    www.riverbed.com  

Designing for dramatically larger number of users shifts

focus towards performance and away from security

Cloud applications use off-the-shelf building blocks, in house services, and 3rd party frameworks – each with individual vulnerabilities

Vulnerabilities exposed when applications designed for in-house data centers migrate to the cloud

Cloud  

Page 4: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

There is a Real Cost of Not Securing Applications

©2013  Riverbed  Technology    |    www.riverbed.com  

3 Months offline

$10,000,000 fined for

security breach

500,000 replacement credit

cards issued

40,000,000+ credit card details

lost

$94,000,000 in remediation

costs

Global headlines. Real business impact.

Page 5: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Beyond $$: Other Business Drivers for Application Security

©2013  Riverbed  Technology    |    www.riverbed.com  

Compliance

Revenue & Reputation

Best Practices

!   Regulatory Pressures

!   PCI DSS, HIPAA, etc.

!   Data Privacy Act

!   Opportunity cost of remediation

!   Brand and reputation damage

!   Loss of income

!   Security Governance

!   Cross-business collaboration

!   Delegation of responsibility !   Understand changing risk

profiles of your application !   Due Diligence

Page 6: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Changing Risk Profiles Make it Harder to Secure Cloud Applications

©2013  Riverbed  Technology    |    www.riverbed.com  

For detailed information on the latest trends in application vulnerabilities, see OWASP Top Ten Projects at https://www.owasp.org/

Cross-site scripting (XSS)

Malicious requests (e.g. SQL-injection)

Vulnerable third-party software components

Cross-site request forgery (CSRF)

Authentication and session attacks

URL manipulation

Page 7: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Traditional Web Application Firewalls are Not Effective in Cloud Environments

©2013  Riverbed  Technology    |    www.riverbed.com  

Increased capital costs

Decreased provisioning agility in a dynamic, virtualized environment

Increased management costs without levels of delegation for administration

TRADITIONAL SOLUTION IS INEFFICIENT Dedicated hardware WAF One WAF per deployment

Page 8: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

A Distributed Web Application Firewall Purpose-built for Cloud Security

REQUIRED:

Page 9: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

The Web Application Firewall Must be Massively Scalable & Portable

©2013  Riverbed  Technology    |    www.riverbed.com  

!   Across CPU, computer, server rack and data center boundaries

!   Across multiple applications at a time (e.g. cloud bursting)

!   Available as virtual appliance and a plug-in

!   Start small, but allow scale up without changes to security solution

!   Across private, hybrid or public clouds, and small or large traditional data centers

Public Private

Data Center

Local Machine

Page 10: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Available as virtual appliance

and a plug-in

Can live in a wide variety of components effectively

Flexible, Portable Across Platforms

©2013  Riverbed  Technology    |    www.riverbed.com  

Mixes traditional and virtual technologies

Fits into existing infrastructures and processes

Page 11: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Distributed and Delegated Management

©2013  Riverbed  Technology    |    www.riverbed.com  

Public Private

Easy, central management with a simple web-based management UI

Granular configuration settings for each application and each customer

Fits into any – existing or planned – application delivery infrastructure.

Multi administrator privileges to handle diverse security policy schemes

1 2 3 4

Proactive Monitoring – tuned for each application

Page 12: Riverbed Securing Cloud Applications with a Distributed Web Application Firewall

Securing Cloud Applications with a Distributed Web Application Firewall

www.riverbed.com©2013  ©2013  Riverbed  Technology  

Follow  Us  :  

   Download  the  Complete  Whitepaper  from     www.riverbed.com/s2ngray-­‐appsec