Smart Network. Smart Business. APSolute Immunity with DefensePro Brochure

Transcription

1 Smart Network. Smart Business. APSolute Immunity with DefensePro Brochure

2 APSolute Immunity: Your Business Clear Choice for Proactive Network Security The Changing Threats Landscape: Non-Vulnerability attacks do not exploit any software design flaw and go undetected below existing network security radars. Bots, HTTP flood attacks, Trojan horses, Worms, application specific vulnerabilities, application and network floods, brute force attacks they are all out there, multiplying every day. Millions of opportunities ready to shut down, exploit or misuse your business network resulting in anything from a mere workday nuisance to a national security threat. The motivation of hackers has evolved from notoriety to financial gain. Zero-minute threats have exploded with vulnerabilities being sold instead of being disclosed. Of more concern is a new breed of stealth attacks, non-vulnerability threats which do not exploit any software design flaw and go undetected below existing network security radars. And thus, protecting the network perimeter alone is no longer sufficient in a world where boundaries are increasingly erasing and threat sources are rapidly multiplying. The deployment of standard network security tools is no longer sufficient against non-vulnerability attacks and zero-minute attacks, as standard signature protections and rate-based protections cannot detect attacks such as these that aim to shut your network down or misuse your applications. APSolute Immunity with DefensePro: Protect against vulnerability-based attacks and non-vulnerability attacks that seek to compromise the health of your application infrastructure Radware s award-wining DefensePro is a real-time intrusion prevention system (IPS) and DoS protection device that maintains your business continuity by protecting your application infrastructure against existing and emerging network-based threats that cannot be detected by a traditional IPS such as: network & application resource misuse, malware spreading, authentication defeat and information theft. DefensePro features full protection from traditional vulnerability-based attacks through proactive signature updates preventing already known attacks including worms, Trojans, Bots, SSL based attacks and VoIP attacks. Unlike market alternatives that rely on static signatures, DefensePro provides unique behavioral-based, automatically generated real-time signatures, preventing non-vulnerability- based attacks and zero-minute attacks such as: network & application floods, HTTP page floods, malware propagation, web application hacking, brute force attacks aiming to defeat authentication schemes, and more. And, DefensePro does this all without blocking legitimate user traffic and without need for human intervention. With multiple segment protection in a single unit, a pay-as-you-grow license upgrade approach and ease of management through hands-off security features such as no-configuration and self-tuning, DefensePro is the industry s leading IPS for best functionality, maximum affordability and ease of management. Figure 1: APSolute Immunity, featuring DefensePro, offers vulnerability-based and non-vulnerability-based threat protection

3 FEATURES Standard Network Security Protection: Comprehensive Application Vulnerability Protection DefensePro deploys a hardware accelerated signature engine, which performs deep packet inspection of information from Layer 3 up to Layer 7. This allows it to prevent known application vulnerability attacks before they occur. DefensePro offers comprehensive application security for the enterprise and data centers cleaning Internet and internal traffic flows including: web protection against IIS and Apache vulnerabilities; SQL injection and cross-site scripting; mail server protection against POP3, IMAP and SMTP vulnerabilities; SQL servers and DNS service protection against SQL and DNS vulnerabilities; remote access protection against Telnet and FTP server vulnerabilities; SIP servers, proxies and IP phones against SIP protocol violations preventing shut downs, denial of service and malicious takeovers; Microsoft vulnerabilities; and malware protection against worms, Trojan Horses, Spyware, Phishing and backdoor attacks. World Recognized Security Operation Center Radware s Security Operation Center (SOC) is the prime research center for application vulnerabilities and exploitations and is responsible for issuing weekly signature updates, emergency updates and custom signatures. Radware s SOC was the first to discover and disclose critical application vulnerabilities such as iphone denial of service vulnerability, Web 2.0 vulnerabilities, the Mozilla Firefox vulnerability and more. SOC researchers present their latest findings in industry events such as Black Hat and RSA conferences. Protection Against Encrypted, SSL-Based Attacks SSL was designed to protect the privacy of sessions between clients and servers communicating over the public IP infrastructure. However SSL traffic has a vulnerable network security Achilles Heel since it does not allow content inspection and security enforcement policies. Hackers opportunities are wide-open: attacks carried over SSL encrypted sessions bypass all network security layers including firewalls, IDS, and IPS. In conjunction with Radware s AppXcel application accelerator appliance, DefensePro provides a powerful and scalable solution for protection against encrypted SSL-based attacks that would otherwise evade regular security inspection. Encrypted traffic is increasing gradually, a significant problem for IPS. As the percentage of Secure Sockets Layer and other encrypted traffic increases it presents a growing "blind spot" when SSL decryption is not in the product IPS vendors must include SSL inspection to meet this challenge - Greg Young, John Pescatore, Gartner, February The Radware Difference: Real-Time Signature Protection Radware s DefensePro protects against emerging attacks including non-vulnerability attacks, zero-minute attacks and application misuse attacks through behavioral-based, automatic real-time signatures all without the need for human intervention. Behavioral analysis of network-, serverand client-based traffic allows the creation of baselines for normal application traffic patterns. An expert system then identifies attacks in real-time and creates a real-time signature that blocks attacks without blocking legitimate user traffic. Radware behavioral analysis technology is protected by seven patents. Non-Vulnerability Attack Protection Non-vulnerability attacks use legitimate application services for malicious activity. Each attack session behaves like a legitimate user transaction. Non-vulnerability attacks do not rely on any application vulnerability nor do they use malicious code, making the detection and prevention impossible through standard signature-based technology. Since vulnerability-based signatures do not exist, DefensePro creates a behavioral pattern that explicitly identifies the attack traffic, which is valid only for the duration of the attack. This pattern is represented by the real-time signature, which is generated automatically in no time. The real-time signature represents abnormal application behavior rather than malicious code. Network floods, HTTP page floods, SIP Invite and Bye floods, Brute force attacks, Web application hacking, SIP subscriber scanning all are non-vulnerability based attacks that use legitimate application transactions in order to: misuse network and application resources, defeat an authentication scheme, discover application vulnerabilities, scan for subscriber information or even invoke full service shut down. DefensePro offers full protection against non-vulnerability attacks including: Brute Force and dictionary attacks targeting HTTP, FTP, POP3, IMAP, SIP, MS-SQL and MySQL servers Web application hacking through web vulnerability scanning HTTP Page Flood attacks DoS/DDoS Flood attacks 1 Gartner, Inc., Magic Quadrant for Network Intrusion Prevention System Appliances, 1H08, Greg Young and John Pescatore, February 14, 2008.

4 Proactive Zero-Minute Threat Protection Typically traded by the hacking underground industry, a zero-minute threat exploits newly discovered vulnerabilities, for which no patch or signature exists. Hackers and research organizations today are locked in a constant cat and mouse battle to discover and inform vendors about undiscovered threats. Hackers have added zero-minute vulnerabilities to their arsenal and employ targeted attacks using these undiscovered vulnerabilities, making detection nearly impossible. With DefensePro, dealing with zero-minute attacks becomes simple. You do not need to set pre-defined security policies or employ rate-based rules, nor do you need to rely on vendor emergency signature updates. DefensePro detects and prevents zero-minute vulnerabilities automatically using behavioral analysis and creates a real-time signature on-the-fly, automating the vulnerability research center process. Malware spreading, network scans, and infected mobile users that plug into your network - all are automatically detected and prevented without need for human intervention. A major concern in deploying an in-line device is the blocking of legitimate traffic DefensePro completedall our tests without raising a single false positive alert NSS Labs, April 2008 VoIP Service Misuse Protection Despite speed, flexibility and economies of scale, VoIP service is vulnerable to attacks at the signaling and voice stream channels. Misuse of the VoIP service may lead to voice quality degradation, service disruption, service fraud and Spam over IT Telephony (SPIT). DefensePro offers real-time protection against attacks that aim to misuse the VoIP service such as: SIP brute force and dictionary attacks SIP servers scanning SIP servers flood attacks including Invite flood, Register floods and Bye floods. Looking Closer at an HTTP Page Flood Attack Generated from large-scale Bot rings, HTTP page flood attacks are the next wave of extortion through DoS/DDoS attacks. Hundreds and thousands of HTTP bots start systematically downloading web pages (usually pages crafted with heavy graphics) from your web site. These are not necessarily high rate attacks. They still overwhelm server resources but they fly under the radar of traditional intrusion detection and prevention technologies since they do not contain any non-legitimate application requests, do not break any application rule, nor do they exceed pre-defined traffic or connection thresholds. The challenge remains: how to distinguish attack traffic from legitimate traffic? IRC Servers Misuse of Service Resources BOT Command Attacker Public Web Servers Figure 2: HTTP page flood attacks scenario DefensePro identifies abnormal web hit rates to mitigate HTTP page floods. In conjunction with abnormal user detection it prevents downloads generated by malicious users (Bots) only to the specific web pages under attack, while maintaining legitimate user access to the web site.

5 Most Accurate Attack Detection and Prevention: In order to minimize false positives DefensePro deploys multiple mechanisms for accurate attack detection and prevention: Stateful signature inspection including protocol parsing, packet reassembly and multi token signature search. Signatures are updated on weekly basis, and in case of emergency same day. All signatures are extensively tested at real world beta sites prior to release. Expert system that correlates between rate-based and rate-invariant parameters eliminating cases such as flash crowd access to a web site. Real-time signature creation using up to 20 different L4 to L7 header fields with OR/AND Boolean operations between header values, creating the narrowest filter. Closed feedback mechanism deployed whenever a real-time signature is deployed, optimizing the signature based on the ongoing attack s evolvement/mutation and remove the signature when attack is over. On Demand IPS Scalability: Best investment Protection and Minimal Initial Investment: Radware is the first to offer on demand IPS scalability across its line of IPS models, which range from 100 Mbps all the way up to 8Gbps. The line is complemented by Radware s set of behavioral protection products, which range from 4 Gbps up to more than 12 Gbps of throughput to offer the highest performance available. Based on its on demand, scale as you grow approach, no forklift upgrade is required when your network bandwidth grows, guaranteeing short-term and long-term savings on CAPEX and OPEX for full investment protection. You can start deployment with a certain bandwidth IPS product model. When business grows or network bandwidth grows you can simply upgrade your IPS to a higher bandwidth product model by applying a software license key. There is no need for hardware replacement, configuration conversion, lab testing, staging and training. And, the upgrade occurs without service downtime. Figure 3: Real-Time Dashboard A real-time dashboard provides security managers with immediate awareness to the top attacks against their networks and affected systems (1) Baseline: Expected Requests Rate (2) Real-time Requests Rate (3) Abnormal Requests Rate (4) Attack Mitigated Figure 4: HTTP Mitigator View Real-time web servers traffic monitoring enables the admin to view normal vs. real-time HTTP requests rates, indicating abnormal request patterns generated by s Comprehensive Security Management, Monitoring and Reporting: With features that enable centralized device configuration, monitoring and reporting, Radware s APSolute Insite management solution increases visibility and control of network security. Insite offers: The ability to customize security policies for each network segment using the Connect & Protect policy configuration table. Real-time dashboards that enable administrators to monitor top attacks, top attack sources and destinations and malware spread activity in your network (see Figure 3). Traffic monitoring views allowing the admin to observe real-time network and server traffic behavior versus their learned baselines (see figure 4) and attacks volume that were mitigated by DefensePro. Real-time security event monitoring and advanced forensics for examining historic network activity down to the packet level. Pre-defined and customized executive reporting capabilities to support security decision-making and investments (See figure 5). Figure 5: Executive Report Executive reports are generated and sent automatically by mail on preset dates, e.g., weekly top attacks report every 9:00 AM

6 DefensePro Business Value Maintain business continuity of operations (COOP) even when the network is under attack Maintains critical application availability while under attack Blocks attacks without blocking legitimate user traffic Best security coverage Real-time protection from non-vulnerability based attacks, zero-minute attacks, SSL-based attacks and VoIP service misuse Vulnerability-based signature detection engine with proactive signature updates, preventing the known application vulnerability exploitations Accurate attack detection and prevention Extremely low false-positives due to: Real-time signature is generated per attack pattern only, using up to 20 different parameters Closed feedback mechanism optimizes the real-time signature based on the ongoing attack s evolvement/mutation and removes the signature when attack is over Vulnerability-based signatures are tested extensively at real customer beta sites Overall we found the DefensePro to be a robust and capable Attack Mitigator and believe that it should be on any short list as a candidate for a mitigation solution on the network perimeter. NSS Labs, April 2008 Reduces total cost of ownership (TCO) of security management Full investment protection and extended platform life time thanks to the pay-as-you-grow license upgrade scalability delivering best ROI and CAPEX investment protection Increased savings on OPEX through self learning, self adapting system that requires minimum configuration and is maintenance free Seamless integration into the network environment Why Radware? Radware, with more than 10 years of experience, is the industry leader in integrated application delivery solutions. Over 6,000 companies worldwide use Radware s award-winning APSolute application delivery solutions and network security solutions to ensure the full availability, maximum performance and complete security of their networked and IP-based applications. Virtually all major sectors including finance, education, manufacturing, retail, insurance, government, healthcare, transportation, services, wire-line and cellular carriers rely on Radware every day to reduce costs, drive business productivity, and improve profitability. Let Radware make your network business-smart so you can also get the greatest value from your business and IT data center investments. Certainty Support Radware offers technical support for all of its products through the Certainty Support Program. Each level of the Certainty Support Program consists of four elements - phone support, software updates, hardware maintenance, and on-site support. Radware also has dedicated engineering staff that can assist customers on a professional services basis for advanced project deployments. Learn More To learn more about how Radware s integrated application delivery solutions can enable you to get the most of your business and IT investments, us at info@radware.com or go to Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Printed in the U.S.A.