The benefits of externalizing Web DMZ-as-a-Service in the Cloud James Smith, Sr. Security Sentrix

Slides:



Advertisements
Similar presentations
Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.
Advertisements

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
Acquia Cloud Drupal Platform-as-a-Service. Market Size [1,00,000+ sites] Innovation [10,000+ modules] Community [500,000+ members] “… is as much a Social.
Unified Logs and Reporting for Hybrid Centralized Management
With the Help of the Microsoft Azure Platform, Devbridge Group Provides Powerful, Flexible, and Scalable Responsive Web Solutions MICROSOFT AZURE ISV PROFILE:
© 2013 Imperva, Inc. All rights reserved. Imperva Incapsula Confidential1 Doug Smith, Region Sales Mgr
Website Hardening HUIT IT Security | Sep
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© 2011 MindTree Limited CONFIDENTIAL: For limited circulation only e-Commerce web app Architecture and Scalability Srinivas Bhagavatula.
Making it easier to develop, deploy and maintain Drupal web sites Name, Title Date.
Using the Powerful Microsoft Azure Platform, e-SUAP Properly and Securely Manages All Steps for Customizable Business Activities Permissions MICROSOFT.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
® IBM Software Group © 2007 IBM Corporation J2EE Web Component Introduction
Master Thesis Defense Jan Fiedler 04/17/98
Next-Generation Formotus Forms Replace Paper and InfoPath with Mobile Business Applications Created and Deployed Using Microsoft Azure MICROSOFT AZURE.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
Accumulus Delivers Enterprise Class Subscription Billing and Automation Solutions for Gaming, Retail, and More on the Scalable Microsoft Azure Platform.
Testing in the Cloud with Tosca Testsuite: A Comprehensive Test Management and Test Automation Suite Built on Microsoft Azure MICROSOFT AZURE ISV PROFILE:
Corent’s SurPaaS Transforms Your Software into Scalable SaaS on Windows Azure – in Days! COMPANY PROFILE: CORENT TECHNOLOGY INC. Corent’s SurPaaS is a.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
You are Here! Navigating SharePoint 1. Sharon Weaver 15 years designing, developing, and managing software 10 years SharePoint experience Six Sigma Black.
Mailjet and Microsoft Azure Offer All-in-One Infrastructure and Deliverability while Saving IT and Enterprise Time and Money with Scalability MICROSOFT.
Built on the Powerful Microsoft Azure Platform, Mproof’s Clientele ITSM Provides Companies with a Complete Software Suite to Manage Services MICROSOFT.
MLevel Is the Fully Microsoft Azure-Based, Industry-Leading Casual Learning Platform Used by Enterprises Worldwide to Make Learning Fun MICROSOFT AZURE.
MidVision Enables Clients to Rent IBM WebSphere for Development, Test, and Peak Production Workloads in the Cloud on Microsoft Azure MICROSOFT AZURE ISV.
Kona Security Solutions - Overview
Boost Developer Productivity with a 360- Degree View of Every Software Change by Using FinditEZ, Certified Microsoft Platform Ready for SQL Azure MICROSOFT.
Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
Overture Is a Unique Omni-channel E-commerce Platform that Leverages the Power of Microsoft Azure to Orchestrate Every Customer Transaction MICROSOFT AZURE.
Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
© 2016 Catalyze, Inc. Go-To-Market Services HIPAA Compliance in the Cloud: Catalyze Provides Microsoft Azure Customers with a HITRUST Certified Platform-as-a-Service.
Improve the Performance, Scalability, and Reliability of Applications in the Cloud with jetNEXUS Load Balancer for Microsoft Azure MICROSOFT AZURE ISV.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Docker for Ops: Operationalize Your Apps in Production Vivek Saraswat Sr. Product Evan Hazlett Sr. Software
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.
COMPANY PROFILE: CORENT TECHNOLOGY INC.
Web Application Protection Against Hackers and Vulnerabilities
Scalable Web Apps Target this solution to brand leaders responsible for customer engagement and roll-out of global marketing campaigns. Implement scenarios.
Barracuda Firewall The Next-Generation Firewall for Everyone
Critical Security Controls
Blue Mixology.
Primal and Microsoft Azure Deliver Personalized Content, Intelligence, and Analytics That Match Your Content to the Interests of Your Audience MICROSOFT.
A10 Networks vThunder Leverages the Powerful Microsoft Azure Cloud Platform to Offer Advanced Layer 4-7 Networking, Security on a Global Scale MICROSOFT.
All-Inclusive Testing in API Management
Chapter 18 MobileApp Design
Hosted on Azure, LoginRadius’ Customer Identity
Using Microsoft Azure, Crowdnetic Launches Innovative Lending Gateway Platform That Connects Borrowers to Alternative Lenders MICROSOFT AZURE SOLUTION.
Scalable Web Apps Target this solution to brand leaders responsible for customer engagement and roll-out of global marketing campaigns. Implement scenarios.
SmartHOTEL Solutions Powered by Microsoft Azure Provide Hoteliers with Comprehensive, One-Stop Automated Management of All Booking Channels MICROSOFT AZURE.
Application Lifecycle Management – Best Practices for SharePoint and Office App development November 2015.
Take Control of Insurance Product Management: Build, Test, and Launch Any Product Globally 10x Faster, 10x More Cheaply with INSTANDA on Azure Partner.
Designed for Big Data Visual Analytics, Zoomdata Allows Business Users to Quickly Connect, Stream, and Visualize Data in the Microsoft Azure Platform MICROSOFT.
Yellowfin: An Azure-Compatible Business Intelligence Platform That Connects People with Their Data for Better Decision Making MICROSOFT AZURE APP BUILDER.
Scalable SoftNAS Cloud Protects Customers’ Mission-Critical Data in the Cloud with a Highly Available, Flexible Solution for Microsoft Azure MICROSOFT.
AKAMAI INTELLIGENT PLATFORM™
Partner Logo Reblaze Utilizes Microsoft Azure Cloud Technology to Provide Web Assets with a Comprehensive, Robust, Protective Shield Against Internet Threats.
Introducing Qwory, a Business-to-Business Search Engine That’s Powered by Microsoft Azure and Detects Vital Contact Information for Businesses MICROSOFT.
Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.
Adra ACCOUNTS: Transaction Matching Software Powered by the Microsoft Azure Cloud That Helps Optimize the Accounting and Finance Processes MICROSOFT AZURE.
One-Stop Shop Manages All Technical Vendor Data and Documentation and is Globally Deployed Using Microsoft Azure to Support Asset Owners/Operators MICROSOFT.
Technical Capabilities
Last.Backend is a Continuous Delivery Platform for Developers and Dev Teams, Allowing Them to Manage and Deploy Applications Easier and Faster MICROSOFT.
Ron Carovano Manager, Business Development F5 Networks
Protecting Against Common Web Application Vulnerabilities
Matthew Farmer Making Azure Integration Services Real
Presentation transcript:

The benefits of externalizing Web DMZ-as-a-Service in the Cloud James Smith, Sr. Security Sentrix

Copyright Sentrix State of App Sec 52% of organizations test less than half of their apps for vulnerabilities 66% report fixing less than 40% of vulnerabilities found 50% of organizations report taking over 3 months to fix vulnerabilities after they have been identified in production systems (Survey of over 100 Security executives at the 2015 Gartner Security Summit)

Copyright Sentrix Agenda The blind spots of web application security (often not covered by the SDLC processes) Uncontrolled areas of the code - web platform, 3 rd party plugins, 3 rd party embedded SaaS What do we traditionally do about them Cloud DMZ as an alternative architecture

Copyright Sentrix The Blind Spots of Web Application Security Web Platform Vulnerabilities Content Management Systems (WordPress, Drupal, Joomla) Application Servers (SharePoint, WebSphere) American Express Pfizer Pizza Hut Walmart...

Copyright Sentrix The Blind Spots of Web Application Security Web Platform Vulnerabilities Content Management Systems (WordPress, Drupal, Joomla) Application Servers (SharePoint, WebSphere) MTA Warner Music Timex The weather Channel...

Copyright Sentrix The Blind Spots of Web Application Security 3 rd Party Plugin Vulnerabilities NVidia NDA...

What Do We Traditionally Do About These Blind Spots

Copyright Sentrix First - Who Owns This? Network Team? App Development Team? Security Team?

Copyright Sentrix HTTP Server Application Server & Content Management System Application Operating System Network Firewall Secure Development Lifecycle Gap Exploited for 0-Days & Platform Vulnerabilities ShellShock (CVE ) Drupal (CVE ) WordPress (CVE ) SharePoint (MS14-022) JAVA (CVE ) WebSphere (CVE ) Apache (CVE ) MS-RPC SNMP Application Logic SQLi Application Logic XSS

Copyright Sentrix The traditional best practices Patching – A loosing battle - Attackers are likely to know about these vulnerabilities before a patch is available WAF-Based Signature Detection – Another loosing battle - Attackers find new attack signatures WAF-Based Whitelisting – Can help – But, labor intensive and not a fit for continuous developmentnot a fit for continuous development

Cloud DMZ as an Alternative Architecture

Copyright Sentrix What is a Cloud DMZ? Replica of the User Interface of a protected web system Having a well defined API through which it is permitted to communicate with the protected system ?

Active Learning Based Implementation of Cloud DMZ

Copyright Sentrix : Scan Website to Understand its Functionality Proactive Learning Engine A proprietary proactive learning engine performs a deep scan of site to determine the optimal method of defense for each resource, according to its functionality.

Copyright Sentrix : Analyze Scan Results Presentation Layer: Static resources, non- static forms and other components that can be served from the cloud, isolated from the back-end and fully excluded from the attack surface. Presentation Layer: Static resources, non- static forms and other components that can be served from the cloud, isolated from the back-end and fully excluded from the attack surface. Business Logic: Search Boxes, forms, and any assets that require access to the back end are classified and categorized based on the component's functionality as determined in the scan. Business Logic: Search Boxes, forms, and any assets that require access to the back end are classified and categorized based on the component's functionality as determined in the scan.

Copyright Sentrix : Decouple Website Components Presentation Layer: Decoupled from the business logic Presentation Layer: Decoupled from the business logic

Copyright Sentrix : Replicate

Copyright Sentrix Securing the Website White List Requests to the Business Logic: The Business Logic is tightly protected by a handful of easy to manage white list rules. Only valid requests are allowed to the back end Requests to the Business Logic: The Business Logic is tightly protected by a handful of easy to manage white list rules. Only valid requests are allowed to the back end Validated Requests Secure Replica Business Logic Web Server Back End

Copyright Sentrix White List Requests to the Presentation Layer Served from the cloud and never reach the back end, making this area of the back end immune to attacks. Unlike CDNs the replica intelligently serves requests and does not use caching, therefore it never has to access the back-end. Requests to the Presentation Layer Served from the cloud and never reach the back end, making this area of the back end immune to attacks. Unlike CDNs the replica intelligently serves requests and does not use caching, therefore it never has to access the back-end. 5. Securing the Website Web Server Back End

Copyright Sentrix White List 6. Elastic Scale Against DDoS Web Server Back End White List

Copyright Sentrix The Benefits Secure & Immediate Cloud Migration High Availability (SLA 99.99% Uptime) w/ Layer 7 Coverage Disaster Recovery + Business Continuity Assured Transfer of hosting cost CDN Performance Boost Geo-based global load balancing & Faster page load times Enterprise Grade Security Elastic scale against legitimate or malicious traffic spikes (DDoS) Automated stack hardening through proactive WAF (includes WP, Drupal, etc.) Real Time Synchronization Frictionless integration with current dev and content updates Reporting goes directly into existing tools (Splunk, Sourcefire, etc.)

Copyright Sentrix Results: Mid-Atlantic Based University Currently over 30,730 resources (Drupal Site Deployment) BUT, only 4 business logic transactions 99.99% offloaded from the security & hosting infrastructure Avg. 38% faster page load times Business Transactions -Search -Contact Us -How to Partner -Health Feedback Form

Copyright Sentrix Results: Currently over 56,000 user interaction types (WordPress Deployment) Only 2 business logic transactions identified, mitigated through WL rules 99.9% of attack surface automatically eliminated Including platform, application, and server vulnerabilities 54% faster page load times The 2 Business Transactions: Search Bar Contact Us Form

Demo

Copyright Sentrix Wrap Up Cloud DMZ architecture inherently reduces the attack surface resulting from usage of 3 rd party platforms and plug-ins Active learning based implementation can automate the process Cloud based deployment of the static DMZ (i.e. Cloud-DMZ) can in addition improve scalability and performance of the protected application

Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.