IT Security Conference Romandie - Barracuda Securely Publishing Web Application a field dedicated to expert only?

IT Security Conference Romandie - Barracuda Securely Publishing Web Application a field dedicated to expert only? Antoine Donzé Sales Engineer Switzerland & North Africa

Mid-market organizations are increasingly vulnerable to cyber threats

Security: Midmarket Feels the Squeeze Threats MIDMARKET ORGANIZATIONS Limitations

Trends: The Widening Security Gap Gap between midmarket organizations Self Defenses vs. Threats Threat Regulations Complexity IT Security Budget Skills Source: IDC

IT Security-Related Challenges in Midmarket Budget concerns Increasing sophistications of attacks Increasing complexity of security solutions Increasing volume of network traffic Mobile clients and unmanaged devices Patchwork solutions Lack of IT security expertise Compliance with government and industry Security policies are lacking or not enforced Misuse of data by employees Managing security outsourcing Other Source: IDC 5% 8% 40% 37% 37% 33% 31% 31% 29% 26% 48% 59%

Economic Reality 5% of revenue on IT 5% of IT budget on security People versus equipment 45% hardware / software The rest is personnel, outsourcing and consulting Budget Dollars $50 Million IT $2.5 Million Security $125k HW/SW $60k

All network threat vectors must be secured

Traditional Security Does Not Cover All Boundaries Internet Threat Vectors Email Web applications Remote access Web browsing Mobile Internet Network Perimeter

Traditional Approaches Are Too Complex Or Too Constrained

Too Complex: Bag of Parts Strategy High-price Points Not geared for mid markets Complicated Interfaces High learning curve Management Overhead Requires large IT staff

Too Constrained: All-In-One Strategy Feature Gaps Security risks Performance Degradation Network bottlenecks Unplanned upgrades Unused security features High TCO Accelerated refresh cycles

Securing All Internet Threat Vectors Security Threat Vectors Firewall is a linchpin

Federated Security Architecture Cloud-based Central Management Threat Vectors Web Security Email Security Next Generation Firewall Application Security SSL VPN Attack Surfaces: Appliance Cloud Virtual

Web Apps are the Least Secured Vector Source: Verizon Data Breach Report, 2013

Learning The Hard Way

All experts talk about it

Everyone is a Target Web exploitation kits available Easy to procure No expertise required They operate like companies Can attack thousands of servers in seconds

Implication securely publishing Web Apps - Knowledges & Technologies Standards: FIPs 140-2 PCI DSS Networking Load Balancing Coding languages: Java Script, SQL,.Net, Visual Basic,HTML 5, PHP, Perl, Ajax, Protocols - HTTP / SSL, XML Authentication: Tokens, Kerberos/NTLM, LDAP; SAML 2.0 Certificats

Implication securely publishing Web Apps - Threats OWASP top 10 Threats & Ressources A1 Injection, A2 Broken Authentication and Session Management, A3 Cross-Site Scripting (XSS), A8 Cross-Site Request Forgery (CSRF), A5 Security Misconfiguration, A9 Using Components with Known Vulnerabilities A6 Sensitive Data Exposure Common Vulnerabilty & Exposure May 2015 (till 26th) 324 CVE published Since begining of 2015 375 XSS, 111 SQL Injection, 120 GoP, 253 GoI Resources Time Man Power Be up to date

Application Delivery The Barracuda Approach

Two offering Web Application Firewall Web App, Website publication Load Balancing L7 Enhanced Security: Application Learning, XMsecurity, JSON security, Multi-tenant FIPS standard Active-Active HA Load Balancer ADC Web App, Website publication Load Balancing L4/7, GSLB LB natively MS Exchange or Citrix Policy based Security High performance Multiple ports

Flexible Deployment Options Physical Virtual Cloud

Plug & Play Deployment & Management Level of Customization High Medium Low Custom & Positive Security Template-Based Security Default Security

On Premise Easy Deplyoment One Armed Two Armed

Backed by Barracuda Central Intelligence Cloud Services Appliances Servers & Desktops Websites Intelligence Services

Central Management Barracuda Cloud Control Barracuda Control Management Center

Ramp up how much time invested Imperva F5 - Big IP - SecureSphere Product training Web Administering Application BIG-IP Security v11 - - 2 2 Days Days File Configuring Security BIG-IP & Compliancy ASM v11: - 2 Application Days Security Manager - 4 Days Database Configuring Security BIG-IP & APM Compliance v11: Access - 3 Days Policy Manager - 3 Days Administration Configuring BIG-IP - 2 Days AFM v11: Advanced Firewall Manager - 2 Days Configuring BIG-IP LTM v11: Local Traffic Manager - 3 Days Configuring BIG-IP GTM v11: Global Traffic Manager - 2 Days Developing irules for BIG-IPv11 3 Days Source: F5 website Source: Mai Imperva 2015 Website Mai 2015

Ramp up how much time invested Barracuda Sales Representative - online about 1 hour Certified Specialist - online about 1 hour Certified Engineer ADC - webinar 2x2 hours Certified Engineer WAF - onsite training 3 Days

The questions to ask yourselves Which kind, which level of security do I need to attain? With which budget? In which time frame? With which resources?

Give it a try

Thank You