Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.

Slides:



Advertisements
Similar presentations
May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.
Advertisements

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Supreme Systems Profile
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
MSIT 458: Information Security & Assurance By Curtis Pethley.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Stephen S. Yau CSE , Fall Security Strategies.
WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.
A Survey on Interfaces to Network Security
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.
Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent.
Web Application Firewall (WAF) RSA ® Conference 2013.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Before: Servers Behind Firewalls Today: Servers Migrate Out Business drivers: E-Business Supply chain management CRM.
The benefits of externalizing Web DMZ-as-a-Service in the Cloud James Smith, Sr. Security Sentrix
CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.
©2015 EarthLink. All rights reserved Cloud Express ™ Optimize Your Business & Cloud Networks.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Network security Product Group 2 McAfee Network Security Platform.
Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.
Wireless Intrusion Prevention System
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Web Application Firewalls
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
Barracuda NG Firewall ™
Lecture 6: Cloud Computing
Chapter 6: Securing the Cloud
The Cloud Connection Company
Barracuda Web Filtering Service
Securing Your Web Application in Azure with a WAF
100% Exam Passing Guarantee & Money Back Assurance
Hybrid Management and Security
Securing the Network Perimeter with ISA 2004
CheckPoint Accelerated CCSE NGX R65
Advanced Borderless Network Architecture Sales Exam practice-questions.html.
PASHTEK.COM.  Pashtek is an experienced salesforce consulting company in arizona focused on Salesforce solutions.  Pashtek have a strong team of experienced.
PASHTEK.COM.  Pashtek is an experienced salesforce consulting company in arizona focused on Salesforce solutions.  Pashtek have a strong team of experienced.
Healthcare Cloud Security Stack for Microsoft Azure
AKAMAI INTELLIGENT PLATFORM™
Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”
CORE Security Technologies
Healthcare Cloud Security Stack for Microsoft Azure
Docker in AWS ECS.
Increase and Improve your PC management with Windows Intune
Cloud Security AWS as an example.
Cloud Security AWS as an example.
Using Software Restriction Policies
Presentation transcript:

WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010

Xiom: the WAF experts Focus on real time web application security solutions. Free & unbiased expert information about web application firewalls and related technologies. Help in making WAFs deliver: –Selecting the correct WAF solution for you. –Optimizing your WAF implementation. –Write rules to ensure effective security. –Analyze alerts to understand risk and vulnerabilities of your web application. –Implementing ModSecurity based solutions.

What is a WAF?

The two faces of information security: Attack Detection: Anti-Virus Anti-Malware IDS/IPS Policy Enforcement: Firewall NAC Scanners

Which one is a WAF? It’s a firewall isn’t it? So it must be a policy enforcer. But it does signatures, so it is probably an attack detector.

Depends

The XIOM Definition Intimate understanding of HTTP A positive security model Application layer rules Session based protection Fine grained policy management

What is a cloud?

This is a cloud

More Seriously SaaS: SalesForce PaaS: Shared Hosting PaaS: Shared Hosting IaaS: Amazon EC2

What Role Can a WAF Play in the Cloud?

The Menu Enterprise Security Gateway WAF as a service –For protecting a data center –For protecting SaaS WAF for a cloud deployment –Host Based –Infrastructure Based WAF stubs –For a data center –For a cloud deployment

Enterprise Security Gateway

Enterprise Security Gateway Protect in the cloud services through unified security gateway. Pros: Unified access control Security for 3 rd party code Cons: Double bandwidth Hard to create positive security rules

WAF as a Service For SaaS For a Data Center

WAF as a service Use an in the cloud WAF to protect enterprise data center. Pros: Very easy deployment. Fast signature updates. Might be the only solution for a SaaS Cons: Double bandwidth Preventing direct access

WAF as a service - Akamai Applies ModSecurity Core Rules to HTTP traffic. Uses Akamai internal HTTP processing technology Signatures only, hardly a WAF

WAF for Cloud Environment

WAF for Cloud Environment Use an in the cloud WAF to protect enterprise data center. Pros: No Bandwidth Overhead Cons: Might be harder to deploy

Host based WAF

Host based WAF The most mature approach to WAF in the cloud. ModSecurity, SecureIIS, Applicure, PHPIDS…. However many times not more than an Host based IPS.

WAF stubs

WAF Stubs Host based stub and a remote brain. Different separation levels: –Remote monitoring & configuration –Remote learning –Remote enforcement –In-between.

WAF Stubs Art of Defence stub for AWS Breach Global Event Manager –Monitoring Only

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.