SECURE THE DATACENTER. Dennis de Leest Sr. Systems Engineer
|
|
- Britney Perry
- 8 years ago
- Views:
Transcription
1 SECURE THE DATACENTER Dennis de Leest Sr. Systems Engineer
2 PURE PLAY IN HIGH-PERFORMANCE NETWORKING Breadth First 10 Years of Today s Of Juniper: Portfolio Core Edge Access & Data Center WAN Campus & Consumer & Aggregation Branch Business Device T M PTX E M MX SRX MobileNext MediaFlow ACX MX QFX MX EX SRX vgw MediaFlow MX SRX M NetScreen EX SRX MX WLAN Junos Pulse Junos Pulse Converged Supercore Universal Edge Universal Access Architecture & Physical + Virtual Security Simplified Payas-you-Grow MPLS Wired/Wireless convergence & Unified Policy Best-of-breed Mobile Security 2 Copyright 2013 Juniper Networks, Inc.
3 JUNIPER IN THE DATACENTER: PROTECTING APPS Spotlight Secure Global fingerprint system Ac6onable beyond IP address DDoS Secure Low- and- slow and volumetric Signature free: stops new No tuning or thresholds WebApp Secure Intrusion Decep6on stops hacking Near- zero false posi6ves No tuning or Web App changes SRX Firewall Leading high- end firewall Proven datacenter scale Integra6on with WebApp Secure 3 Copyright 2013 Juniper Networks, Inc.
4 JUNIPER IN THE DATACENTER: PROTECTING APPS Spotlight Secure Global fingerprint system Ac6onable beyond IP address DDoS Secure Low- and- slow and volumetric Signature free: stops new No tuning or thresholds WebApp Secure Intrusion Decep6on stops hacking Near- zero false posi6ves No tuning or Web App changes SRX Firewall Leading high- end firewall Proven datacenter scale Integra6on with WebApp Secure 4 Copyright 2013 Juniper Networks, Inc.
5 IMPLICATIONS OF WEB APP VULNERABILITY 1 Direct Theft of Web App Data 2 Compromise Web app and use as DMZ pivot point 3 Targeted Drive-By Campaign 5 Copyright 2013 Juniper Networks, Inc.
6 DIRECT THEFT OF WEB APP DATA SQL Injection gives hacker access to database WebApp Database Credit card info Customer data Account records Credentials 6 Copyright 2013 Juniper Networks, Inc.
7 COMPROMISE DMZ AND MOVE LATERALLY 1 Own Web Server, Install Backdoor WebApp 2 Attack into PCI Zone from DMZ 3 Exfiltrate data through backdoor Internet PCI Data 7 Copyright 2013 Juniper Networks, Inc.
8 TARGETED DRIVE-BY CAMPAIGNS 1 Attack Web app, Embed malicious link 2 Infect employees, partners, customers with backdoor 3 Steal data 8 Copyright 2013 Juniper Networks, Inc.
9 WEB APP FIREWALLS MISS THE MARK report having a Web App Firewall 1in6 66% that is deployed in block mode say next gen security is ineffective on SQL injection attacks against Web apps High false positives block real customers Complex policies Hackers bypass signature based detection Not in block mode = expensive log file Source: Efficacy of Emerging Network Security Technologies, Ponemon, Copyright 2013 Juniper Networks, Inc.
10 MOZZART BET Background 2 nd Largest Online Gaming Site in Europe Online Attacks put Millions of Euros at Stake Needed Active Protection vs. Post-Event Log Analysis Products Bought WebApp Secure & Spotlight Secure After a 3 month bake-off with WAFs, we chose WebApp Secure for it s lowest false positive, real-time attacker visibility and operational efficiency. -- Cedomir Novakovic, Sr. System Engineer 10 Copyright 2013 Juniper Networks, Inc.
11 THE JUNOS WEBAPP SECURE ADVANTAGE DECEPTION-BASED SECURITY Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. 11 Copyright 2013 Juniper Networks, Inc.
12 THE ANATOMY OF A WEB ATTACK Phase 5 Maintenance Phase 1 Reconnaissance Phase 4 Automation Phase 2 Attack Vector Establishment Phase 3 Implementation Web App Firewall 12 Copyright 2013 Juniper Networks, Inc.
13 INTRUSION DECEPTION: DETECTING WITH NEAR- ZERO FALSE POSITIVES, NO TUNING Client Junos WebApp Secure App Server Injected Tar Traps Query String Parameters Web App Response Query String Parameters HTML Hidden Input Fields HTML Hidden Input Fields Server Configura6on (.htpasswd) Server Configura6on (.htpasswd) 404 Not Found Any Manipulation of a Tar Trap = Malicious 13 Copyright 2013 Juniper Networks, Inc.
14 TRACKING BEYOND THE IP Persistent Token Persists in all browsers even with privacy controls enabled. Site specific. Fingerprint Analyze environment and connection. Not site specific. 14 Copyright 2013 Juniper Networks, Inc.
15 CHANGE THE ECONOMICS: DECEPTIVE RESPONSES Feed Fake Data Strip Inputs Force Logout CAPTCHA Slow Connection 15 Copyright 2013 Juniper Networks, Inc.
16 JUNIPER IN THE DATACENTER: PROTECTING APPS Spotlight Secure Global fingerprint system Ac6onable beyond IP address DDoS Secure Low- and- slow and volumetric Signature free: stops new No tuning or thresholds WebApp Secure Intrusion Decep6on stop hacking Near- zero false posi6ves No tuning or Web App changes SRX Firewall Leading high- end firewall Proven datacenter scale Integra6on with WebApp Secure 16 Copyright 2013 Juniper Networks, Inc.
17 FINGERPRINT OF AN ATTACKER Timezone Browser version Fonts Browser add-ons 200+ attributes used to create the fingerprint. ~ Real Time availability of fingerprints IP Address False Positives nearly zero 17 Copyright 2013 Juniper Networks, Inc.
18 JUNOS SPOTLIGHT SECURE Junos Spotlight Secure Global Attacker Intelligence Service New Attacker fingerprint uploaded Russia Attacker from San Francisco Junos WebApp Secure protected site in UK India South Africa Detect Anywhere, Stop Everywhere 18 Copyright 2013 Juniper Networks, Inc. Australia
19 JWAS + SPOTLIGHT TECHNOLOGY DETAILS Network Perimeter Client Firewall App Server Database Mary13 1 st Page Requested Super Cookie Inserted Finger Print Code Delivered 19 Copyright 2013 Juniper Networks, Inc.
20 HOW DOES IT WORK?? Spotlight Secure Mary13 JWAS Customer A JWAS Customer B 20 Copyright 2013 Juniper Networks, Inc.
21 HOW DOES IT WORK?? Spotlight Secure Mary13 JWAS Customer A JWAS Customer B 21 Copyright 2013 Juniper Networks, Inc.
22 ATTACKER TRIPS A TAR TRAP Tar Traps Mary13 = Attacker Query String Parameters Network Perimeter Hidden Input Fields Client Firewall App Server Database Server Configura6on 22 Copyright 2013 Juniper Networks, Inc.
23 UPDATING SPOTLIGHT Spotlight Secure Mary13 JWAS Customer A JWAS Customer B 23 Copyright 2013 Juniper Networks, Inc.
24 SOPTLIGHT UPDATE Global Name Local Name JWAS Device Bob112 Mary13 4X12J8 Mary13 JWAS Customer A JWAS Customer B 24 Copyright 2013 Juniper Networks, Inc.
25 SPOTLIGHT LOOKUP Global Name Local Name JWAS Device Bob112 Mary13 4X12J8? Joe196 JWAS Customer A JWAS Customer B 25 Copyright 2013 Juniper Networks, Inc.
26 SPOTLIGHT MATCH Global Name Local Name JWAS Device Bob112 Mary13 4X12J8? Joe196 JWAS Customer A JWAS Customer B 26 Copyright 2013 Juniper Networks, Inc.
27 DETECT ANYWHERE, ENFORCE EVERYWHERE Global Name Local Name JWAS Device Bob112 Mary13 4X12J8 Joe196 M391LT? Joe196 JWAS Customer A JWAS Customer B 27 Copyright 2013 Juniper Networks, Inc.
28 JUNIPER IN THE DATACENTER: PROTECTING APPS Spotlight Secure Global fingerprint system Ac6onable beyond IP address DDoS Secure Low- and- slow and volumetric Signature free: stops new No tuning or thresholds WebApp Secure Intrusion Decep6on stop hacking Near- zero false posi6ves No tuning or Web App changes SRX Firewall SRX Integration Leading high- end firewall Proven datacenter scale Integra6on with WebApp Secure 28 Copyright 2013 Juniper Networks, Inc.
29 SRX INTEGRATION: BLOCK HIGH-VOLUME ATTACKS AT THE FIREWALL 1) Traffic from vulnerability scanner 2) WebApp Secure identifies attack SRX 3) Send IP address to SRX for enforcement WebApp Secure Web Servers SRX Configuration: Enable netconf port 830 Setup specific JWAS Filter Bind on interface Filter updated by JWAS Web App Secure Configuration: Enter SRX information Activate SRX Counter Response (manual or automatic) Update SRX filter Periodically checks SRX filter 29 Copyright 2013 Juniper Networks, Inc.
30 JUNIPER IN THE DATACENTER: PROTECTING APPS Spotlight Secure Global fingerprint system Ac6onable beyond IP address DDoS Secure Low- and- slow and volumetric Signature free: stops new No tuning or thresholds WebApp Secure Intrusion Decep6on stops hacking Near- zero false posi6ves No tuning or Web App changes SRX Firewall Leading high- end firewall Proven datacenter scale Integra6on with WebApp Secure 30 Copyright 2013 Juniper Networks, Inc.
31 JUNOS DDOS SECURE HIGHLIGHTS Mature Product Highly Differentiated Webscreen acquisition (Feb 2013) 13 years of development Low-and-slow application attack protection New attacks: protects before signatures exist $60B in revenue protected High tech, low touch: fire-and-forget 31 Copyright 2013 Juniper Networks, Inc.
32 KEY CONCEPT: CHARM CHARM: Real-time risk score for each source IP 100 Initial 50 Human-like Per packet Simple example: real human traffic typically bursty and irregular; machine/bot traffic is regular 0 Machine-like Algorithms updated regularly with characteristics of new attacks 32 Copyright 2013 Juniper Networks, Inc.
33 KEY CONCEPT: RESOURCE HEALTH Resource health: real-time view of status for every discrete thing on protected interface, based on stateful analysis of source and resource responsiveness Internet Traffic Internet Traffic Resources Internet Traffic DDoS Secure Examples L7 L3-4 SIP/DNS/URL and SIP Response Time SIP/DNS/URL Rate, Pending counts HTTP Server Error Codes Backlog Queue (per resource, per port) TCP stats: SYN, SYN-ACK, CLS, RST, etc 33 Copyright 2013 Juniper Networks, Inc.
34 DDOS MITIGATION: CHARM AND RESOURCE HEALTH Dynamically Adjust CHARM Threshold Based on Health CHARM Required to Access The In this attack example, traffic Resource to Resource 2 s response 2 reduces time starts as the to attackers degrade and switch the the CHARM attack to Resource pass threshold 3. is increased to start the process of rate Once limiting again, the bad Junos traffic. DDoS Secure responds dynamically At this point by the increasing good traffic the will pass continue threshold to pass for Resource unhindered 3 whilst Limiting the bad traffic. attackers will start to believe their attack has been successful as their request fails. Resource 1 Resource 2 Resource 3 Resource N 34 Copyright 2013 Juniper Networks, Inc.
35 de JUNIPER COUNTER SECURITY PORTFOLIO Junos WebApp Secure Intrusion Deception Junos Spotlight Secure Attacker Intelligence Service Junos DDoS Secure Volumetric and Low and Slow Protection 35 Copyright 2013 Juniper Networks, Inc.
36
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS Junos WebApp Secure Junos Spotlight Secure SECURITY AT JUNIPER Customer segments Business segments Service providers, enterprise Routing,
More informationIT SECURITY SEMINAR "STALLION 141113" Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen
IT SECURITY SEMINAR "STALLION 141113" Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen JUNIPER TODAY 2012 Revenue: $4.4 Billion Global Presence: Offices In 47 Countries +9000
More informationRETHINK SECURITY FOR UNKNOWN ATTACKS
1 Copyright 2012 Juniper Networks, Inc. www.juniper.net RETHINK SECURITY FOR UNKNOWN ATTACKS John McCreary Security Specialist, Juniper Networks AGENDA 1 2 3 Introduction 5 minutes Security Trends 5 minutes
More informationINTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI
INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI Na przykładzie Junos WebApp Secure Edmund Asare INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationJUNOS DDoS SECURE. Advanced DDoS Mitigation Technology
JUNOS DDoS SECURE Advanced DDoS Mitigation Technology Biography Nguyen Tien Duc ntduc@juniper.net, +84 903344505 Consulting Engineer- Viet Nam CISSP # 346725 CISA # 623462 2 Copyright 2013 Juniper Networks,
More informationThe Threat Keeps Growing, Are we Doing it Wrong: David Naudé - Commercial Manager SA
The Threat Keeps Growing, Are we Doing it Wrong: David Naudé - Commercial Manager SA A NEW SECURITY APPROACH ACTIVE DEFENSE David Naude Commercial Manager Juniper Networks 2 Copyright 2013 2013 Juniper
More informationSECURING THE DATACENTER
SECURING THE DATACENTER CAIO KLEIN SEGURINFO 2014 1 Copyright 2013 Juniper Networks, Inc. SECURITY AT JUNIPER Customer segments Service providers, enterprise Business segments Routing, switching, security
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationThe Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft
DATASHEET Junos WebApp Secure The Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft Product Overview Traditional signature-based Web application firewalls are flawed
More informationAdaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager
Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based
More informationJUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service
More informationThe Global Attacker Security Intelligence Service Explained
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More informationWEBAPP SECURE The Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft
DATASHEET WEBAPP SECURE The Smartest Way to Secure Websites and Web Applications Against Hackers, Fraud, and Theft Product Overview Traditional signature-based Web application firewalls are flawed because
More informationEVOLVED DATA CENTER ARCHITECTURE
EVOLVED DATA CENTER ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER DAVID NOGUER BAU HEAD OF SP SOLUTIONS MARKETING JUNIPER NETWORKS @dnoguer @JuniperNetworks 1 Copyright 2014 Juniper
More informationFIREWALL INTELLIGENCE. 1 Copyright 2014 Juniper Networks, Inc.
FIREWALL INTELLIGENCE 1 AGENDA SLIDE Introduction to Firewall Intelligence Overview Use Cases Demo / Screenshots Questions? 2 THE NEXT LEAP FORWARD FOR THE FIREWALL LAYER 7 2 3 Next Gen Firewall Intelligent
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationJunos WebApp Secure 5.0.0-10 (formerly Mykonos)
Junos WebApp Secure 5.0.0-10 (formerly Mykonos) Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2000 or 888 JUNIPER www.juniper.net April, 2013 Juniper Networks, Inc.
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationAGENDA. 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper
EMEA SALES SUMMIT 2012 Cloud Solution AGENDA 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper 2 Copyright 2012 Juniper Networks, Inc. www.juniper.net CUSTOMERS
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationAdvanced Administration for Citrix NetScaler 9.0 Platinum Edition
Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationContemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
More informationCUTTING THROUGH THE HYPE: WHAT IS TRUE NEXT GENERATION SECURITY?
CUTTING THROUGH THE HYPE: WHAT IS TRUE NEXT GENERATION SECURITY? Jennifer Ellard HP Session ID: SPO-W01B Session Classification: General Interest Agenda What is hype? What we hear from you? Separating
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationScott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.
Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationCutting the Cost of Application Security
WHITE PAPER Cutting the Cost of Application Security Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage,
More informationDECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe
DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe JUNIPER AND SDN IN THE NEWS 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net WHY DO WE NEED SOFTWARE
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationJuniper Networks and IPv6. Tim LeMaster Ipv6.juniper.net www.juniper.net
Juniper Networks and IPv6 Tim LeMaster Ipv6.juniper.net www.juniper.net IPv6 Leadership IPv6 supported in Junos since 2001 IPv6 supported in ScreenOS since 2004 First router to be IPv6 Certified by DoD/
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationNGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age
NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age Dynamic Threat Protection for Enterprise Edge and Data Center Rasmus Andersen Lead Security Sales Specialist
More informationHow Web Application Security Can Prevent Malicious Attacks
Securing Enterprise Web Applications for Critical Data Protection and PCI-DSS Compliance Selecting the Right Technology is Essential in Guarding Against Malicious Attacks White_Paper As today s organizations
More informationFortiWeb 5.0, Web Application Firewall Course #251
FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration
More informationIntroduction to the Junos Operating System
Introduction to the Junos Operating System Chapter 2: Junos Operating System Fundamentals 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives
More informationUnderstanding and Responding to the Five Phases of Web Application Abuse
Understanding and Responding to the Five Phases of Web Application Abuse Al Huizenga Director of Product Management Kyle Adams Chief Architect Mykonos Software Mykonos Software Copyright 2012 The Problem
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationCourse Title: Penetration Testing: Security Analysis
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
More informationWeb Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationNETWORKING FOR DATA CENTER CONVERGENCE, VIRTUALIZATION & CLOUD. Debbie Montano, Chief Architect dmontano@juniper.net
NETWORKING FOR DATA CENTER CONVERGENCE, VIRTUALIZATION & CLOUD Debbie Montano, Chief Architect dmontano@juniper.net DISCLAIMER This statement of direction sets forth Juniper Networks current intention
More informationSoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
More informationDatacenter Transformation
Datacenter Transformation Consolidation Without Compromising Compliance and Security Joe Poehls Solution Architect, F5 Networks Challenges in the infrastructure I have a DR site, but the ROI on having
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationRadware Solutions for NGDC
Radware Solutions for NGDC Ofir Hatsor, June 2011 Main Drivers for NGDC Eliminate Costs of Downtime Improve Customer Experience & Employee Productivity Cut Application Infrastructure Cost by 20-50% Enhance
More informationF5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer
F5 (Security) Web Fraud Detection Keiron Shepherd Security Systems Engineer The 21 st century application infrastructure (Trends) Users are going to access applications Mobile/VDI/XaaS/OS Security goes
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationJuniper Unite Cloud-Enabled Enterprise Reference Architecture
Juniper Unite Cloud-Enabled Enterprise Reference Architecture Achieving agility by simplifying and securing the enterprise network Challenge The enterprise network is no longer just a business necessity.
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationWeb Engineering Web Application Security Issues
Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend
More informationWeb Application Security 101
dotdefender Web Application Security Web Application Security 101 1 Web Application Security 101 As the Internet has evolved over the years, it has become an integral part of virtually every aspect in
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationvsrx Services Gateway: Protecting the Hybrid Data Center
Services Gateway: Protecting the Hybrid Data Center Extending Juniper Networks award-winning security products to virtualized, cloud-based, and hybrid IT environments Challenge Virtualization and cloud
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationWeb Application Security
Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?
More informationWhat Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications
What Next Gen Firewalls Miss: 6 Requirements to Protect Table of Contents Section 1: Introduction to Web Application Security 3 Section 2: The Application Threat Landscape 3 Section 3: Why Next Gen Firewalls
More informationF5 and Microsoft Exchange Security Solutions
F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationSolution Brief. Secure and Assured Networking for Financial Services
Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationThe F5 Intelligent DNS Scale Reference Architecture.
The F5 Intelligent DNS Scale Reference Architecture. End-to-end DNS delivery solutions from F5 maximize the use of organizational resources, while remaining agile and intelligent enough to scale and support
More informationCybersecurity: An Innovative Approach to Advanced Persistent Threats
Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used
More informationReplacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands
Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP Dennis de Leest Sr. Systems Engineer Netherlands Microsoft Forefront Threat Management Gateway (TMG) Microsoft Forefront Threat Management
More informationThe Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationA Love Affair: Cyber Security, Big-data and Risk
A Love Affair: Cyber Security, Big-data and Risk Mark Seward, Senior Director Security and Compliance, Splunk Inc. Professional Techniques - Session 31 Security what s at stake On average, organizations
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More information