Auto-Scaling WebApplication. Securityinthe Cloud. Stephen Coty. Chief Security Evangelist
|
|
- Jesse Jordan
- 8 years ago
- Views:
Transcription
1 Auto-Scaling WebApplication Securityinthe Cloud Stephen Coty Chief Security Evangelist
2 Cloud Environments 101
3 Spring 2013 Report Key Findings Higher attack frequency in enterprise data centersthan in cloud deployments Web applications are among Top 3 attackvectorsin both enterprise and cloud environments Threats levels areconsistent across industriesand verticals Full Report Available atalrt.co/spring2013csr 1,800+Customers Environments 2 Yearsof Threat Data Published 150k+Security Incidents Analyzed
4 Threats in the Cloud are Increasing With Adoption Increase in attack frequency Brute force attacks and vulnerability scansarenow occurring at near-equivalent rates in both cloud and onpremisesenvironments Malware/Botnet is increasing year over year Traditional on-premises threats are moving to the cloud Majority of cloud incidents were related to web application attacks, brute force attacks, and vulnerability scans
5 Spring 2014 Report Cloudenvironments saw significant increases with brute force attacks climbing from 30% to 44% of customers, and vulnerability scans increasing from 27% to 44% Malware/botnet attacks, historically the most common attacks in the on-premises datacenter, are on the rise in CHPenvironments
6 Cloud Provider Selection Criteria
7 Security in the Cloud is a Shared Responsibility Apps Cloud Service Provider Responsibility Networks Software and virtual patching Access management Application level attack monitoring Configuration management Hosts Secure coding and best practices Hardened hypervisor System image library Root access for customer Access management Customer Patch management Configuration hardening Responsibility Security monitoring Log analysis Logical network segmentation Network threat detection Security monitoring Perimeter security services External DDoS, spoofing, and scanning prevented Foundation Services Compute Storage DB Network
8 OWASP Top 10 Attacks Still Highly Pervasive
9 Common Web Attack Tools
10 Web Application Firewall Fundamentals Blocks common web application attacks SQL injection, cross-site scripting, command insertion Most commonly deployed inline as a reverse proxy in front of web servers legitimate browser WAF sql injection reverse reverse proxy proxy traffic www server
11 What Makes a WAF Work? Negative Security Positive Security Filter known attacks All requests allowed by default, unless explicitly denied Providesimmediatebaselinesecurity Dynamic analysis of web application Allow wanted transactions Everything else is denied Implicit security against new or unknownattacks(zero DayAttacks) Necessary fundamental model that provides Flexible adaptive model that enhances security rule-based protection beyond well-knownthreats
12 Auto Scaling Principles Designed for failure Loosely coupled Horizontally scaled Fastbootstrap Health/loadconditions as scalingtriggers web tier is easiest to scale but good design decisions are essential Independent components Asstateless as possible Minimal interactions
13 Common Web Tier Auto Scaling Tools ELB AutoScalinggroups Health monitoring CloudWatch Bootstrapping/configuration automation CloudFormation Chef/Puppet/Cfengine
14 WhyAuto-Scaling a WAF is Difficult WAF Appliances significantcapitalinvestment AWS semantics difficultto maintain &tune invasivedeployment model Unable to auto-scale using common No native support for ELB andcloudwatch CDN WAFs Learned data not easily shared across appliances onesizefitsall latency limitedprotection Management and processing planes are too tightly coupled
15 Approach to Auto Scaling Web Security Worker Worker Browser Alert Logic Designed from the ground-up for ELB integration Decoupled management and data processing planes S3/EBS used to maintain configuration/state data and logs ELB - Public Worker Worker WSM Worker ELB - Public WSM Master Assumes VPC deployments Native support for auto-scaling driven bycloudwatchmetrics ELB - Internal Worker Worker Web server S3/EBS
16 Deployment for Auto Scaling and HighAvailability in AWS VPC Overview 1 Master AS group with 1 master at all times 1 Worker AS group with 2-n workers at all times ELB Master External interface for WSM Master Management and monitoring (https andssh) ELB Worker SSL Termination Load balances web traffic to worker AS group S3 Bucket Persists configuration data NAT Instances Required for S3 access from private subnets WSM Master Acts as management node for configuration Queues and transports logs, stats from workers EBS Log Volume Persists Deny Log and Stats data for master Attached at instance start up WSM Worker Retrieves configuration on instance launch Protects web traffic in front of internal ELB Transports logs, stats to master queue
17 Web Traffic Flow Browser clients connect to worker ELB Traffic is load balanced to WAF appliances WAF appliances connect to backend ELB
18 Auto Scaling Options Auto Scaling Group Master min-size 1 max-size 1 Uses ELB health check to ensure an instance is up Will recreate itself from configuration data in S3 Auto Scaling Group Worker min-size 2 recommended for availability max-size TBD Uses Auto Scaling policyto scale on demand
19 Default Auto-Scaling Parameters Defaults set incloudformationtemplates User configurable and tunable for specific requirements Setting Default Scale up CPU utilization threshold 80% Scale up when CPU is above threshold for more than 120 seconds Scale down CPU utilization threshold 50% Scale down when CPU is below threshold for more than 600 seconds
20 Configuration Data Flow Configuration Data Master instance stores data in S3 Worker instances retrieve configuration Redundancy Configuration also transmitted to Alert Logic
21 Logs and Statistics Collection Log Data Queued on Master for transport Statistics Data Queued on Master for transport Aggregated for all workers before transport Security Provider Data stored for search, correlation, alerting, and reporting EBS Log Volume Stores log and statistics data for master instance Persists queued data in case of master instance termination
22 Default Auto Scaling Parameters Defaults set incloudformationtemplates User configurable and tunable for specific requirements
23 Deployment Process InitialWAFstack created viacloudformationtemplate s 1 2 Traffic gradually redirected after a testing period
24 Sizing Examples Master Instance Max Workers Throughput Worker Instance Per Master Throughput PerWorker m1.medium mbps m1.small 13mbps m1.large 25 1gbps c1.medium 50mbps c1.xlarge 200mps Small Medium Large Capacity 25mbps 200mbps 1.2gbps Workers (2)m1.small (4) c1.medium (6)c1.xlarge
25 Building a TestWAFStack withcloudformation Basic testing stack in twoavailability Zones VPC Internet Gateway 2 public subnets 2 private subnets Public ELB for test backend web servers 2 NAT instances 2 web server instances Additional AWS components are created (not pictured): VPC gateway attachment Security groups Network ACL Routes and route tables Launch configuration and auto scalinggroup Cloudwatchalarms Auto scaling policies
26 AWS Console 3 1 2
27 Command Line Example Usecfn-create-stackto start creation. $cfn-create-stack test-backend --template-filewsm-test-backend-only.cloudformation.template--parameters "sshkeyname=wsm-dev" arn:aws:cloudformation:us-east-1: :stack/test-backend/26028db e3-895a a66ca8 You can usecfn-describe-stack-eventsalong with watch to view the stack creation. $watchcfn-describe-stack-eventstest-backend Every2.0s:cfn-describe-stack-events test-backendmonaug 12 08:23: STACK_EVENT test-backend test-backend AWS::CloudFormation::Stack T13:24:20.321Z CREATE_COMPLETE STACK_EVENT test-backend eipnat2 AWS::EC2::EIP T13:24:17.802Z CREATE_COMPLETE STACK_EVENT test-backend eipnat1 AWS::EC2::EIP T13:24:17.769Z CREATE_COMPLETE STACK_EVENT test-backend routenat2 AWS::EC2::Route T13:24:01.615Z CREATE_COMPLETE STACK_EVENT test-backend routenat1 AWS::EC2::Route T13:24:01.144ZCREATE_COMPLETE Once complete,cfn-describe-stackswill return the cloud formation stack outputs. $cfn-describe-stacks test-backend STACK test-backend CREATE_COMPLETE Cloud Formation for Auto Scaling Alert Logic Web Security Managervpc=vpc-591b9337;elbBackend=test-back-elbBacke-17N275T20CGQ us-east1.elb.amazonaws.com;routeTableNAT1=rtb-e71b9389;routeTableNAT2=rtb-e61b9388;paramsForWSM=vpc=vpc-591b9337;elbBackend=test-back-elbBacke-17N275T20CGQ us-east-1.elb.amazonaws.com;routeTableNAT1=rtbe71b9389;routeTableNAT2=rtb-e71b9389;subnetPublic1=subnet-fd1b9393;subnetPublic2=subnet-e21b938c T13:21:51.116Z
28 BaseWSM Stack Ready
29 Additional examples Multiple front end ELBs used to terminate SSL connections for separate web applications. VPC VPC Availability Availability Zone Zone 1 1 Availability Availability Zone Zone 2 2 ELB ELB Master Master Master Master Subnet Subnet WAF WAF Master Master ELB ELB Workers Workers Private Private Subnet Subnet Private Private Subnet Subnet WAF WAF Worker Worker WAF WAF Worker Worker Application Application 1 1 Application Application 1 1 Application Application 2 2 Application Application 3 3 Application Application 2 2 Application Application 3 3
30 Thank You Q&A Blog:
Stephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationTECHNOLOGY WHITE PAPER Jun 2012
TECHNOLOGY WHITE PAPER Jun 2012 Technology Stack C# Windows Server 2008 PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache
More informationTECHNOLOGY WHITE PAPER Jan 2016
TECHNOLOGY WHITE PAPER Jan 2016 Technology Stack C# PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache CloudWatch Paypal Overview
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationSmartronix Inc. Cloud Assured Services Commercial Price List
Smartronix Inc. Assured Services Commercial Price List Smartronix, Inc. 12120 Sunset Hills Road Suite #600, Reston, VA 20190 703-435-3322 cloudassured@smartronix.com www.smartronix.com Table of Contents
More informationDeploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC
XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC Prepared by: Peter Bats Commissioning Editor: Linda Belliveau Version: 5.0 Last Updated:
More informationSecureSphere Appliances
DATASHEET SecureSphere Appliances Scalable. Reliable. Flexible. Imperva SecureSphere appliances provide superior performance and resiliency for demanding datacenter environments. With fail open interfaces,
More informationAlfresco Enterprise on AWS: Reference Architecture
Alfresco Enterprise on AWS: Reference Architecture October 2013 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 13 Abstract Amazon Web Services (AWS)
More informationAmazon EC2 Product Details Page 1 of 5
Amazon EC2 Product Details Page 1 of 5 Amazon EC2 Functionality Amazon EC2 presents a true virtual computing environment, allowing you to use web service interfaces to launch instances with a variety of
More informationServers. Servers. NAT Public Subnet: 172.30.128.0/20. Internet Gateway. VPC Gateway VPC: 172.30.0.0/16
.0 Why Use the Cloud? REFERENCE MODEL Cloud Development April 0 Traditionally, deployments require applications to be bound to a particular infrastructure. This results in low utilization, diminished efficiency,
More informationMonitoring and Scaling My Application
Monitoring and Scaling My Application In the last chapter, we looked at how we could use Amazon's queuing and notification services to add value to our existing application. We looked at how we could use
More informationAmazon Elastic Compute Cloud Getting Started Guide. My experience
Amazon Elastic Compute Cloud Getting Started Guide My experience Prepare Cell Phone Credit Card Register & Activate Pricing(Singapore) Region Amazon EC2 running Linux(SUSE Linux Windows Windows with SQL
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationImperva SecureSphere Appliances
Imperva SecureSphere Appliances DA T A SH E E T Scalable. Reliable. Flexible. Imperva SecureSphere appliances provide superior and resiliency for demanding data center environments. With fail open interfaces,
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationDeploy Remote Desktop Gateway on the AWS Cloud
Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationEvery Silver Lining Has a Vault in the Cloud
Irvin Hayes Jr. Autodesk, Inc. PL6015-P Don t worry about acquiring hardware and additional personnel in order to manage your Vault software installation. Learn how to spin up a hosted server instance
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationNetop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing
Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...
More informationSecuring the Microsoft Platform on Amazon Web Services
Securing the Microsoft Platform on Amazon Web Services Tom Stickle August 2012 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 22 Abstract Deploying Microsoft
More informationComputer Forensics and Incident Response in the Cloud. Stephen Coty AlertLogic, Inc. @Twitter AlertLogic_ACID
Computer Forensics and Incident Response in the Cloud SESSION ID: ANF-T07A Stephen Coty AlertLogic, Inc. @Twitter AlertLogic_ACID Why forensics in the cloud? Cloud market revenue will increase at a 36%
More informationHow AWS Pricing Works
How AWS Pricing Works (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction... 3 Fundamental
More information2. Are explicit proxy connections also affected by the ARM config?
Achieving rapid success with WCCP and Web Security Gateway October 2011 Webinar Q/A 1. What if you are already using WCCP for Cisco waas on the same routers that you need to use WCCP for websense? Using
More informationScalable Architecture on Amazon AWS Cloud
Scalable Architecture on Amazon AWS Cloud Kalpak Shah Founder & CEO, Clogeny Technologies kalpak@clogeny.com 1 * http://www.rightscale.com/products/cloud-computing-uses/scalable-website.php 2 Architect
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationHow AWS Pricing Works May 2015
How AWS Pricing Works May 2015 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction...
More informationLearning Management Redefined. Acadox Infrastructure & Architecture
Learning Management Redefined Acadox Infrastructure & Architecture w w w. a c a d o x. c o m Outline Overview Application Servers Databases Storage Network Content Delivery Network (CDN) & Caching Queuing
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationOverview and Deployment Guide. Sophos UTM on AWS
Overview and Deployment Guide Sophos UTM on AWS Overview and Deployment Guide Document date: November 2014 1 Sophos UTM and AWS Contents 1 Amazon Web Services... 4 1.1 AMI (Amazon Machine Image)... 4 1.2
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationUsing ArcGIS for Server in the Amazon Cloud
Using ArcGIS for Server in the Amazon Cloud Randall Williams, Esri Subrat Bora, Esri Esri UC 2014 Technical Workshop Agenda What is ArcGIS for Server on Amazon Web Services Sounds good! How much does it
More informationLogentries Insights: The State of Log Management & Analytics for AWS
Logentries Insights: The State of Log Management & Analytics for AWS Trevor Parsons Ph.D Co-founder & Chief Scientist Logentries 1 1. Introduction The Log Management industry was traditionally driven by
More informationInformation Technology Policy
Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationIAAS REFERENCE ARCHITECTURES: FOR AWS
IAAS REFERENCE ARCHITECTURES: FOR AWS Section 1 - Overview 2 Section 2 - What is IaaS? 2 Section 3 - Blueprints 3 Section 4 - Imperva Solution 9 Section 5 - Case Studies 10 Section 6 - Conclusion 12 OVERVIEW
More informationImplementing a secure high visited web site by using of Open Source softwares. S.Dawood Sajjadi Maryam Tanha. University Putra Malaysia (UPM)
Implementing of an open source high visited web site 1 Implementing a secure high visited web site by using of Open Source softwares S.Dawood Sajjadi Maryam Tanha University Putra Malaysia (UPM) March
More informationDMZ Network Visibility with Wireshark June 15, 2010
DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ
More informationContemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
More informationNSFOCUS Web Application Firewall
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationredborder IPS redborder Just common sense IPS overview Common sense
redborder Just common sense overview redborder at a Glance redborder 2013 rb rb Flow Traffic collector and visualization. Netflow v5/9, sflow, IPFIX, Flexible Netflow, AVC, NBAR2, rb DDoS Extremely high
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationT2 IaaSand PCI Compliance. Robert Zigweid, IOActive
T2 IaaSand PCI Compliance Robert Zigweid, IOActive Introduction Robert M. Zigweid Principal Compliance Consultant at IOActive, Inc. PCI QSA, PCI PA-QSA QSA for Amazon Web Services 2 Creating a PCI Compliant
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationwww.mvatcybernet.com PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008
PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008 With Forefront Threat Management Gateway 2010 now discontinued, we sought a suitable reverse proxy solution that works with Lync
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More informationEXECUTIVE SUMMARY CONTENTS. 1. Summary 2. Objectives 3. Methodology and Approach 4. Results 5. Next Steps 6. Glossary 7. Appendix. 1.
CONTENTS 1. Summary 2. Objectives 3. Methodology and Approach 4. Results 5. Next Steps 6. Glossary 7. Appendix EXECUTIVE SUMMARY Tenzing Managed IT services has recently partnered with Amazon Web Services
More informationSecuring Cloud Applications with a Distributed Web Application Firewall
WHITE PAPER Securing Cloud Applications with a Distributed Web Application Firewall OVERVIEW Responsibility over IT security is moving away from the network and IT infrastructure and to the application
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationMigration Scenario: Migrating Backend Processing Pipeline to the AWS Cloud
Migration Scenario: Migrating Backend Processing Pipeline to the AWS Cloud Use case Figure 1: Company C Architecture (Before Migration) Company C is an automobile insurance claim processing company with
More informationCloud Computing with Amazon Web Services and the DevOps Methodology. www.cloudreach.com
Cloud Computing with Amazon Web Services and the DevOps Methodology Who am I? Max Manders @maxmanders Systems Developer at Cloudreach @cloudreach Director / Co-Founder of Whisky Web @whiskyweb Who are
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationPowered by. Incapsula Cloud WAF
Powered by Incapsula Cloud WAF Enero - 2013 Incapsula Cloud WAF Overview Incapsula Cloud WAF Delivery Model Threat Central 360 Global Threat Detection & Analysis Enables early detection across the entire
More informationCLOUD COMPUTING WITH AWS An INTRODUCTION. John Hildebrandt Solutions Architect ANZ
CLOUD COMPUTING WITH AWS An INTRODUCTION John Hildebrandt Solutions Architect ANZ AGENDA Todays Agenda Background and Value proposition of AWS Global infrastructure and the Sydney Region AWS services Drupal
More informationWeb Security. Discovering, Analyzing and Mitigating Web Security Threats
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
More informationMicrosoft SharePoint Server 2013 on the AWS Cloud: Quick Start Reference Deployment
Microsoft SharePoint Server 2013 on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer August 2014 Last updated: April 2015 (revisions) Table of Contents Abstract... 3 What We ll Cover... 4
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationOpsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview
Opsview in the Cloud Monitoring with Amazon Web Services Opsview Technical Overview Page 2 Opsview In The Cloud: Monitoring with Amazon Web Services Contents Opsview in The Cloud... 3 Considerations...
More informationResource Sizing: Spotfire for AWS
Resource Sizing: for AWS With TIBCO for AWS, you can have the best in analytics software available at your fingertips in just a few clicks. On a single Amazon Machine Image (AMI), you get a multi-user
More informationSecurely Moving Your Business Into the Cloud
Securely Moving Your Business Into the Cloud Alex Stamos Partner SOURCE Boston April 21, 2010 Your Humble Narrator Alex Stamos Co Founder and Partner of isec LBNL, Loudcloud, @stake UC Berkeley BS EECS
More information2013 MONITORAPP Co., Ltd.
01 Cloud Computing Overview Intelligent Web Application Firewall For Cloud Infrastructure Introduction 2013 MONITORAPP Co., Ltd. 01 Cloud Computing Overview Cloud-based Web Firewall Overview The new form
More informationScaling in the Cloud with AWS. By: Eli White (CTO & Co-Founder @ mojolive) eliw.com - @eliw - mojolive.com
Scaling in the Cloud with AWS By: Eli White (CTO & Co-Founder @ mojolive) eliw.com - @eliw - mojolive.com Welcome! Why is this guy talking to us? Please ask questions! 2 What is Scaling anyway? Enabling
More informationWhy should you look at your logs? Why ELK (Elasticsearch, Logstash, and Kibana)?
Authors Introduction This guide is designed to help developers, DevOps engineers, and operations teams that run and manage applications on top of AWS to effectively analyze their log data to get visibility
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationSECTION 1: INTRODUCTION
3117 NETWORK ARCHITECTURE STANDARD OWNER: Security Management Branch ISSUE DATE: 10/25/2011 DISTRIBUTION: All Employees REVISED DATE: 7/1/2013 SECTION 1: INTRODUCTION The California Department of Technology
More informationunisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January 2016 8205 5658-001
unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January 2016 8205 5658-001 NO WARRANTIES OF ANY NATURE ARE EXTENDED BY THIS DOCUMENT. Any product or related information
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More informationMonitoring Operation Manual (US Region)
NTT Communications Cloudⁿ Monitoring Operation Manual (US Region) Ver.1.0 Any secondary distribution of this material (distribution, reproduction, provision, etc.) is prohibited. 1 Version no. Revision
More informationFortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.
FortiWeb for ISP Web Application Firewall Copyright Fortinet Inc. All rights reserved. Agenda Introduction to FortiWeb Highlights Main Features Additional FortiWEB Services for the ISP FortiWeb Family
More informationAdministrative Issues
Administrative Issues Make use of office hours We will have to make sure that you have tried yourself before you ask Monitor AWS expenses regularly Always do the cost calculation before launching services
More informationUsing Palo Alto Networks to Protect the Datacenter
Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular
More informationHow To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface
How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Configure load sharing and redirect mail server traffic over preferred Gateway
More informationAWS Directory Service. Simple AD Administration Guide Version 1.0
AWS Directory Service Simple AD Administration Guide AWS Directory Service: Simple AD Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's
More informationAmazon Web Services Student Tutorial
Amazon Web Services Free Usage Tier Elastic Compute Cloud Amazon Web Services Student Tutorial David Palma Joseph Snow CSC 532: Advanced Software Engineering Louisiana Tech University October 4, 2012 Amazon
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationFortiWeb 5.0, Web Application Firewall Course #251
FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationDIR Contract Number DIR-TSO-2621 Appendix C Pricing Index
DIR Contract Number DIR-TSO-2621 Appendix C Index CenturyLink Technology s offers Tier 3 Cloud services: Public Cloud, Private Cloud and Hybrid Cloud provided over our Tier One network. We own and operate
More informationRunning Oracle Applications on AWS
Running Oracle Applications on AWS Bharath Terala Sr. Principal Consultant Apps Associates LLC June 09, 2014 Copyright 2014. Apps Associates LLC. 1 Agenda About the Presenter About Apps Associates LLC
More information