Barracuda Web Application Firewall

advertisement
Beyond PCI-DSS
Barracuda Web Application Firewall
Gautam Aggarwal
Vice President, Product Marketing
Barracuda Networks Corporate Overview
Business Focus
• Network Security, Content Security, Application Delivery and
Data Protection solutions
• Appliance, Virtual Appliance and Cloud delivery
• Volume sales to midmarket; strategic sales to enterprise
Market Leadership
•
•
•
•
More than 150,000 corporate subscribers
Distribution in over 80 countries worldwide
Content security appliance volume leader (IDC)
Strategic wins in Web application firewall, next generation
firewall and cloud Web security lines
Corporate Basics
•
•
•
•
Over 800 employees worldwide
Headquarters in Silicon Valley – Campbell, CA
Investment by Sequoia Capital and Francisco Partners
Rapid top-line profitable growth and strong cash flow
Banking Financial Services & Insurance (BFSI)
Application Security Heritage
•
•
•
Application security focused since 1999 (as part of Netcontinuum)
Web Application Security Magic Quadrant “Visionary” since 2003
Currently in Gartner’s ADC Magic Quadrant 2010
Large Financial Services Footprint
• JP Morgan, UBS, Morgan Stanley, HSBC, RBS, Citibank, and many other
multinational banks
• 300+ Retail Banking & Financial customers in N. America alone
Extensive India Experience
• BFSI: Aviva Life Insurance, Dhanlakshmi Bank, Bharat Bank, Andra Bank,
Murugappa Group, Axis Bank
• Other: NIC, Brahmos, AICTE, Hyundai, Tirupathi Temple and many more
• Worldwide WAF center of excellence in Bengaluru
The Perfect Cyber Crime
Infect
Users
Attack
Applications
Destroy
Data
Application Security Trends in APAC
Mobile device adoption accelerating migration to web
Proliferation of smartphones & tablets have forced enterprise to migrate faster to web
However enterprises are focusing on functionality and time-to-market but not security
Increased application layer attacks have forced
enterprises to rethink security
47% of worldwide attack traffic originate from Asia.1
India, China, Indonesia, Myammar, & Taiwan are all in the Top 10. 1
SQL Injection & Cross-Site Scripting (XSS) are consistently the top attack methodologies
APAC enterprises are responding by adopting WAFs
APAC saw a growth of 22.6% Growth YoY in 2011.2
Japan, S. Korea have the highest market share of WAF. 2
China & ANZ have the fastest WAF growth rate. 2
India is starting to adopt WAF technology, particularly in BFSI industries
Source: 1. Akamai State of the Internet 2011
2. Frost & Sullivan WAF Market Analysis
Barracuda Enables PCI-DSS Compliance
Requirement
Barracuda Networks
1- Install a Firewall
Provides secure Application Firewall
3 - Protect Cardholder data
Proxies Web traffic and insulates Web servers from direct access
by attackers
4 - Encryption
Provides easy SSL/TLS encryption even if the application does not
use encryption
6 – Secure systems & applications Blocks known and zero-day attacks as well OWASP Top-10
application vulnerabilities
7 - Restrict Access
Provides granular role-based administration
10 - Track and Monitor Access
Logs and reports all application access and security violations
11 – Regularly test systems
Integration with code scanners automate testing and tuning
• ICSA Labs tested & certified for PCI-DSS compliance
• FIPS 140-2 Certified Crypto Hardware
Reverse Proxy a Must for BFSI
NO
YES
Non-proxy WAFs expose server operating systems
and TCP stacks directly to the Internet
Proxy-based WAFs are more secure:
• Traffic Rewrite – Non-proxies cannot control and re-write traffic
• Cloaking – Non-proxies do not Cloak
• SSL – Non-proxies’ SSL is VERY slow
• Cookie security – Non-proxies do not protect against ID theft
• Botnet Protection – Non-proxies do not protect against DoS
• Authentication and Authorization – Non-proxies cannot do AAA
• Data Theft Protection – Non-proxies cannot mask outbound data
• Response time acceleration – Non-proxies cannot accelerate
Solution: Layer 7 Web Application Firewall
Inbound inspection for
Layer 7 attacks
Outbound inspection to
protect against data theft
Servers
Barracuda Web Application Firewall
• Based on reverse proxy technology
• Has bi-directional content inspection and security
• As a reverse proxy, it can load balance and accelerate application delivery
Attack Protection & Data Loss Prevention
Attack protection
SQL Injection
XSS injection
CSRF
Command injection
Data theft protection
Credit Card, Aadhaar (UID), custom
patterns
Web site cloaking
Integrated anti-virus
Session protection
Cookie encryption
Parameter tampering protection
Brute Force Protection
DoS Protection
IP Reputation Blocking
Blocking by Geo IP
Anonymous Proxy Blocking
XML Firewall
XML-based attacks
XML Schema enforcement
Web Services security
SIEM Integration
Armored Browser Integration
Integration with Mobility Solutions
Armored Browser
• Extends protection to the client
• Enforce server access only by armored browser
• Prevents Man-in-the-Browser (MITB) attacks
Barracuda Safe Browser (BSB)
• Outbound Content Security for mobile devices
• Same level of security on or off network
• Prevents infections on mobile phones and laptops that
can lead to Man-in-the-Browser (MITB) attacks
Consolidate Disparate Appliances in the DMZ
Perimeter
SSL Accelerators
Load
Balancing
Caching
Reverse Proxy Web Application
Firewalls
Delivered as
Hardware or VM
1.
2.
Servers
Access Control
Security
Reduces Management Complexity
Decreases Risk of Security Misconfiguration
Download