THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS Junos WebApp Secure Junos Spotlight Secure
SECURITY AT JUNIPER Customer segments Business segments Service providers, enterprise Routing, switching, security Security innovation & leadership Invest more than 20% of revenue on R&D Leader in high-end firewalls and remote access SSL VPN Pioneer in Intrusion Deception technology DDoS advanced technology First to deliver purpose-built virtual firewall SC Magazine 2013 best cloud and SSL VPN solution Tech Target s 2013 reader s choice gold awards for virtual security, IDP, and NAC 2 Access Apps Networks Mgmt Mobility Edge Data center Cloud Products
THE COST OF AN ATTACK PONEMON INSTITUTE AVERAGE BREACH COSTS $214 PER RECORD STOLEN Sony Stolen Records 100M Theft Sony Lawsuits $1-2B Reputation Revenue Sony Direct Costs $171M 23 day network closure Lost customers Security improvements 3
5 Attack phases:- APT behaviour Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Silent Reconnaissance Attack Vector Establishment Attack Implementation Attack Automation Maintenance Attackers profile physical and virtual devices and applications Weaknesses in attack surface identified for attack Attacks launched to take control of device, application or VM. Can be used to begin further Reconnaissance Repeat attack to increase effectiveness, increase Profit or extract more data Evade patching and remediation measures to stop the attack Web Copyright 2013 Juniper Networks, Inc. Application Firewall 4
DETECT THREATS BY DECEPTION NO SIGNATURE & RULE WRITING Network Perimeter Client Firewall App Server Database Injected Tar Traps Web App Response Query String Parameters Query String Parameters HTML Hidden Input Fields HTML Hidden Input Fields Server Configura-on (.htpasswd) Server Configura-on (.htpasswd) 404 Not Found Any Manipulation of a Tar Trap = Malicious 5
TRACK ATTACKERS BEYOND THE IP Track IP Address Track Browser Attacks Persistent Token Capacity to persist in all browsers including various privacy control features. Track Software and Script Attacks Fingerprinting HTTP communications. 6
FINGERPRINT OF AN ATTACKER Timezone Browser version Fonts Browser add-ons 200+ attributes used to create the fingerprint. ~ Real Time availability of fingerprints IP Address False Positives nearly zero 7
JUNOS SPOTLIGHT SECURE Junos Spotlight Secure Global Attacker Intelligence Service Attacker from San Francisco Junos WebApp Secure protected site in UK Attacker fingerprint uploaded Attacker fingerprint available for all sites protected by Junos WebApp Secure Detect Anywhere, Stop Everywhere 8
RESPOND AND DECEIVE Junos WebApp Secure Responses Human Hacker Botnet Targeted Scan IP Scan Scripts &Tools Exploits Warn attacker l Block user l l l l l Force CAPTCHA l l l l l Slow connection l l l l l Simulate broken application l l l l l Force log-out l l l All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat. 9
THE JUNOS WEBAPP SECURE ADVANTAGE DECEPTION-BASED SECURITY Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. 10
WEB APP SECURITY TECHNOLOGY Web Application Firewall Web Intrusion Deception System Detection Signatures ü ü Tar Traps Tracking IP address ü ü Browser, software and scripts Profiling IP address ü ü Browser, software and scripts Responses Block IP ü ü Block, warn and deceive attacker PCI Section 6.6 ü ü ü ü ü ü 11