1. Beyond PCI-DSS Gautam Aggarwal Barracuda Web Application Firewall
Vice President, Product Marketing

2. Barracuda Networks Corporate Overview
Business Focus
Network Security, Content Security, Application Delivery and Data Protection solutions
Appliance, Virtual Appliance and Cloud delivery
Volume sales to midmarket; strategic sales to enterprise
Market Leadership
More than 150,000 corporate subscribers
Distribution in over 80 countries worldwide
Content security appliance volume leader (IDC)
Strategic wins in Web application firewall, next generation firewall and cloud Web security lines
Corporate Basics
Over 800 employees worldwide
Headquarters in Silicon Valley – Campbell, CA
Investment by Sequoia Capital and Francisco Partners
Rapid top-line profitable growth and strong cash flow

3. Banking Financial Services & Insurance (BFSI)
Application Security Heritage
Application security focused since 1999 (as part of Netcontinuum)
Web Application Security Magic Quadrant “Visionary” since 2003
Currently in Gartner’s ADC Magic Quadrant 2010
Large Financial Services Footprint
JP Morgan, UBS, Morgan Stanley, HSBC, RBS, Citibank, and many other multinational banks
300+ Retail Banking & Financial customers in N. America alone
Extensive India Experience
BFSI: Aviva Life Insurance, Dhanlakshmi Bank, Bharat Bank, Andra Bank, Murugappa Group, Axis Bank
Other: NIC, Brahmos, AICTE, Hyundai, Tirupathi Temple and many more
Worldwide WAF center of excellence in Bengaluru

4. The Perfect Cyber Crime
Infect
Users
Attack
Applications
Destroy
Data

5. Attacks Can Be Launched From Anywhere
Lots of Botnets that can launch attacks from anywhere.
Attacks can be launched anywhere from zombie computers (aka botnets). Heat map of a 24 hour sampling period infected computers.
Source: The Economist, July, 2010

6. Application Security Trends in APAC
Mobile device adoption accelerating migration to web
Proliferation of smartphones & tablets have forced enterprise to migrate faster to web
However enterprises are focusing on functionality and time-to-market but not security
Increased application layer attacks have forced enterprises to rethink security
47% of worldwide attack traffic originate from Asia.1
India, China, Indonesia, Myammar, & Taiwan are all in the Top 10. 1
SQL Injection & Cross-Site Scripting (XSS) are consistently the top attack methodologies
APAC enterprises are responding by adopting WAFs
APAC saw a growth of 22.6% Growth YoY in
Japan, S. Korea have the highest market share of WAF. 2
China & ANZ have the fastest WAF growth rate. 2
India is starting to adopt WAF technology, particularly in BFSI industries
Akamai 2011 State of the Internet Report
Frost & Sullivan WAF Market analysis
Source: 1. Akamai State of the Internet Frost & Sullivan WAF Market Analysis

7. Barracuda Enables PCI-DSS Compliance
Requirement
Barracuda Networks
1- Install a Firewall
Provides secure Application Firewall
3 - Protect Cardholder data
Proxies Web traffic and insulates Web servers from direct access by attackers
4 - Encryption
Provides easy SSL/TLS encryption even if the application does not use encryption
6 – Secure systems & applications
Blocks known and zero-day attacks as well OWASP Top-10 application vulnerabilities
7 - Restrict Access
Provides granular role-based administration
10 - Track and Monitor Access
Logs and reports all application access and security violations
11 – Regularly test systems
Integration with code scanners automate testing and tuning
ICSA Labs tested & certified for PCI-DSS compliance
FIPS Certified Crypto Hardware

8. Reverse Proxy a Must for BFSINO
Non-proxy WAFs expose server operating systems and TCP stacks directly to the Internet
YES
Proxy-based WAFs are more secure:
Traffic Rewrite – Non-proxies cannot control and re-write traffic
Cloaking – Non-proxies do not Cloak
SSL – Non-proxies’ SSL is VERY slow
Cookie security – Non-proxies do not protect against ID theft
Botnet Protection – Non-proxies do not protect against DoS
Authentication and Authorization – Non-proxies cannot do AAA
Data Theft Protection – Non-proxies cannot mask outbound data
Response time acceleration – Non-proxies cannot accelerate

9. Solution: Layer 7 Web Application Firewall
Inbound inspection for Layer 7 attacks
Outbound inspection to protect against data theft
Servers
Barracuda Web Application Firewall
Based on reverse proxy technology
Has bi-directional content inspection and security
As a reverse proxy, it can load balance and accelerate application delivery

10. Attack Protection & Data Loss Prevention
SQL Injection
XSS injection
CSRF
Command injection
Data theft protection
Credit Card, Aadhaar (UID), custom patterns
Web site cloaking
Integrated anti-virus
Session protection
Cookie encryption
Parameter tampering protection
Brute Force Protection
DoS Protection
IP Reputation Blocking
Blocking by Geo IP
Anonymous Proxy Blocking
XML Firewall
XML-based attacks
XML Schema enforcement
Web Services security
SIEM Integration
Armored Browser Integration

11. Integration with Mobility Solutions
Armored Browser
Extends protection to the client
Enforce server access only by armored browser
Prevents Man-in-the-Browser (MITB) attacks
Barracuda Safe Browser (BSB)
Outbound Content Security for mobile devices
Same level of security on or off network
Prevents infections on mobile phones and laptops that can lead to Man-in-the-Browser (MITB) attacks

12. Consolidate Disparate Appliances in the DMZ
Perimeter
Access Control
Load Balancing
SSL Accelerators
Caching
Reverse Proxy Web Application Firewalls
Security
Delivered as Hardware or VM
Servers
Reduces Management Complexity
Decreases Risk of Security Misconfiguration 12

13. Barracuda Content Security Solutions
Mobile Worker
Content Security
Allow
Cloud Filtering
Content Filtering
Application Control
User Control
Malware Protection
Headquarters
Control
Hardware Appliance
Branch Offices
Archive
Block
Virtual Appliance 13

14. Barracuda NG Firewall
Application Aware Network Firewall Intelligent WAN Optimization Industry leading central management