Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.

Published byEmil Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010."— Presentation transcript:

1 www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010

2 www..com What is a WAF?

3 www..com The two faces of information security: Attack Detection: Anti-Virus Anti-Malware IDS/IPS Policy Enforcement: Firewall NAC Scanners

4 www..com Which one is a WAF? It’s a firewall isn’t it? So it must be a policy enforcer. But it does signatures, so it is probably an attack detector.

5 www..com Depends

6 www..com The XIOM Definition Intimate understanding of HTTP A positive security model Application layer rules Session based protection Fine grained policy management

7 www..com What is a cloud?

8 www..com This is a cloud

9 www..com More Seriously SaaS: SalesForce PaaS: Shared Hosting PaaS: Shared Hosting IaaS: Amazon EC2

10 www..com What Role Can a WAF Play in the Cloud?

11 www..com The Menu Enterprise Security Gateway WAF as a service –For protecting a data center –For protecting SaaS WAF for a cloud deployment –Host Based –Infrastructure Based WAF stubs –For a data center –For a cloud deployment

12 www..com Enterprise Security Gateway

13 www..com Enterprise Security Gateway Protect in the cloud services through unified security gateway. Pros: Unified access control Security for 3 rd party code Cons: Double bandwidth Hard to create positive security rules

14 www..com WAF as a Service For SaaS For a Data Center

15 www..com WAF as a service Use an in the cloud WAF to protect enterprise data center. Pros: Very easy deployment. Fast signature updates. Might be the only solution for a SaaS Cons: Double bandwidth Preventing direct access

16 www..com WAF as a service - Akamai Applies ModSecurity Core Rules to HTTP traffic. Uses Akamai internal HTTP processing technology Signatures only, hardly a WAF

17 www..com WAF for Cloud Environment

18 www..com WAF for Cloud Environment Use an in the cloud WAF to protect enterprise data center. Pros: No Bandwidth Overhead Cons: Might be harder to deploy

19 www..com Host based WAF

20 www..com Host based WAF The most mature approach to WAF in the cloud. ModSecurity, SecureIIS, Applicure, PHPIDS…. However many times not more than an Host based IPS.

21 www..com WAF stubs

22 www..com WAF Stubs Host based stub and a remote brain. Different separation levels: –Remote monitoring & configuration –Remote learning –Remote enforcement –In-between.

23 www..com WAF Stubs Art of Defence stub for AWS Breach Global Event Manager –Monitoring Only

24 www..com Thank You! shezaf@xiom.com

Download ppt "Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010."

Similar presentations

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Supreme Systems Profile www.supremesystemsng.comwww.supremesystems.co.ukwww.supremesystemsng.comwww.supremesystems.co.uk.

Supreme Systems Profile
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
AUTHENTICATION IN THE CLOUD Are we really safe in the cloud?

AUTHENTICATION IN THE CLOUD Are we really safe in the cloud?
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.

Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Similar presentations

Ads by Google