Citrix_NetScaler_and_Quarri_POQ

advertisement
Citrix NetScaler and Quarri POQ
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
HTTPS as the solution: fighting the last war?
Focus
►
Browser are the information delivery platform
‒
Threat
►
Browsers are missing link in security chain
‒
►
Enterprise apps, cloud / SaaS services
Key loss vector for cybercrime and data theft
Sensitive web apps are flying blind
‒
Site has little data on end point’s security state
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Endpoints create risks to web applications and content
User actions:
Malware:
• Social engineering target
• Saves data on untrusted PC
• Poor browser security
settings
• Malicious users stealing
content
• Keyloggers
• Screen capture
• Data miners
• MITB / MITM
• Phishers / Pharmers
• …
Browser application behavior:
• Caching content, cookies, credentials, history
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Who cares and why?
Business to
Customer
Enterprise Applications
SaaS / Cloud
- Account theft
- Data leakage
- Data theft
- Account theft
- E-fraud
- Privacy loss
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Wild West
Extending web security to the browser
►
►
►
►
►
Citrix and Quaresso are announcing partnership
Quaresso will be Citrix Ready certified in Nov 2010
Integration of Quaresso’s Protect On Q with Citrix
NetScaler
Combined solution enables true end-to-end security
of web sessions
‒ From LB/WAF through the HTTPS tunnel all the
way to the browser
Quaresso provides anti-malware, and browser DLP
‒ Via on-the-fly agent delivered by integration with
NetScaler
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
About Quarri Protect On Q
Anytime anywhere browser protection system
►
ON THE FLY: Web site quickly provisions temporary armored browser
►
CONTROL: Site-specific policy controls the defense mechanisms
►
SECURITY: Anti-malware + data leak protections
►
TARGETED: Only affects browser session connected to the web site
►
VISIBILITY: Web site can enforce use of armored browser
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Sample of Protect On Q security features
Feature
Benefit
Zero Hour Anti-Malware Defenses
Continuous defense against user account theft, session
input and rendered display data
Heuristic defenses from key loggers/frame grabbers
Browser Process Integrity
Whitelisting of BHOs / plug ins
Browser Session Data Privacy
Real time encryption of all session data
Information Leak Protection
Controls ability to copy, save, print, clipboard, etc.
Browser Networking Control
Allows administrative control of browser networking
Hostname Resolving Bypass
Admins can controls brower host resolving process
SSL Certificate Integrity
Bypass malicious HTTPS certificate manipulation
Mitigates the risk of session compromise via exploits
against plug in vulnerabilities or hostile browser
extensions compromise session
Reduces information leaks to unauthorized users or real
time cache mining malware
Prevent data leakage & aids compliance by controlling
user actions, including MS Office and Acrobat launched
within armored browser
Strengthens web sites’ servers from attacks such as
XSS and CSRF, as well as browser hijacking
Protects against malware performing DNS server
attacks, local HOSTS poisoning or client DNS settings
Reduces the risk of hostile Man-In-The-Middle HTTPS
proxies intercepting encrypted traffic
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
How NetScaler delivers and enforces armored browsing
Data Center
Employees
Business Partners
Customers
2. NetScaler
intercepts
3. Using HTTP
Callout verifies
session
Protect On Q
Server (Java)
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Summary
►
Malware trends make browsers a key security concern
►
HTTPS protection does not defend against these threats
►
►
Citrix + Quarri enables web sites to extend security to end
point
‒ without the downside of managing client software
Integration with the world’s leading web front end, enables
easy customer deployment and enforcement
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Protect On Q – product packaging
►
►
►
Protect On Q is a software solution
‒ Uses subscription based model
‒ Per user, with 1, 2 or 3 year subscription terms
‒ Will be available in appliance form factor via partner
User count based on number of users protected
‒ Unlimited number of web applications or web servers
‒ Upgrade of user counts available
Subscription includes:
‒ All software updates during coverage term
‒ Standard 8x5 technical support
‒ Premium (24x7) support available for additional cost
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Quaresso’s patented technology: Enforcer
►
Internet
Explorer
Applications
►
S y s t e m C a l l s
S y s t e m C a l l s
►
ENFORCER
Operating System
Audit
Cache
Crypto
Malware
Protection
Browser
Security
Info
Controls
URL
Control
►
X86 binary uses Java or ActiveX to
bootstrap
► Small footprint < 500KB
Injects into IE address space
‒ Controls / filters various APIs
Minimal user prerequisites
‒ No admin rights, no system mods
Memory resident only, no permanent
installation
► Anywhere delivery without IT risks
Site specific policy
Operating System
Security feature settings
Branding / UI customize
Whitelists
Opening landing URL
....
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Deploying Protect on Q
POQ Server:
POQ Manager:
- Provisions Enforcer to end users
- Support UI for policy definition
- Pulls policy from POQ Manager
- Maintains policies &Enforcer binaries
- Integrates with web apps
- Collects log files
- Multiple POQ servers can be deployed
►
►
►
►
Software (Java) based solution
All communications via HTTPS
Recommend locating near web services
POQ integration via SOAP today
‒
Web Site Data Center
POQ Server
Web filter modules in next version
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
POQ Manager
Protect On Q: target markets
Customer Web Applications
•
•
•
•
Partner Web Applications
•
•
•
•
•
•
Employee Web
Applications
•
•
•
Online consumer banking
Online trading applications
Ecommerce
Hosted web mail (Gmail, Hotmail,
etc.)
Healthcare portals
B2B commerce trading applications
Government portals
Partner extranets
ERP, SFA, CRM applications
Web mail (Outlook Web Access,
iNotes)
ERP, SFA, CRM applications
(mySAP, Oracle, etc.)
Employee intranets
Company HR portals
Quarri Confidential and Proprietary Information. Quarri and the Quarri logo are trademarks of Quarri. All other product or service names are the property of their respective owners.
© Quarri 2011.
Download