Presentation is loading. Please wait.

Presentation is loading. Please wait.

Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer.

Published byTiffany Craig Modified over 8 years ago

Similar presentations

Presentation on theme: "Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer."— Presentation transcript:

1 Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall

2 2Imperva Confidential Agenda Imperva Application Security Landscape SecureSphere Imperva Application Security Landscape SecureSphere

3 3Imperva Confidential Imperva Company Focus: Total Application Security Founded in 2000 by world’s elite application security specialists –Israeli Defense Force cyber warfare team –Private sector penetration testing & app security consultants Co-Founder, CEO – Shlomo Kramer –Check Point co-founder –Co-developer of Stateful Inspection SecureSphere Product Family –First “Dynamic Profiling Firewall” Company Focus: Total Application Security Founded in 2000 by world’s elite application security specialists –Israeli Defense Force cyber warfare team –Private sector penetration testing & app security consultants Co-Founder, CEO – Shlomo Kramer –Check Point co-founder –Co-developer of Stateful Inspection SecureSphere Product Family –First “Dynamic Profiling Firewall”

4 4Imperva Confidential Data Center Security Need to Secure the Data Center Data Center Assets have Never Been More Critical… …or More Vulnerable 92% Vulnerable to* –Identity theft –Data theft –Worms –Denial of Service –SQL Injection –Parameter tampering Business Implications of Attack –Lost revenue –Brand erosion –Regulatory compliance SOX, GLBA, HIPAA, CA SB-1386, CISP, etc Data Center Assets have Never Been More Critical… …or More Vulnerable 92% Vulnerable to* –Identity theft –Data theft –Worms –Denial of Service –SQL Injection –Parameter tampering Business Implications of Attack –Lost revenue –Brand erosion –Regulatory compliance SOX, GLBA, HIPAA, CA SB-1386, CISP, etc Data Center & DMZ Critical Servers, Proprietary Information And Custom Business Applications Users *Source: Imperva Application Defense Center

5 5Imperva Confidential Application Threats Web Application and Web Services attacks –External SQL injection –Attacks custom business applications Web Application and Web Services attacks –External SQL injection –Attacks custom business applications A multi-dimensional problem Internal Users Web SQL injection Cookie poison etc. Database Data theft Data corruption etc. Worm Code Red Nimda etc. Data Center & DMZ Critical Servers, Proprietary Information And Custom Business Applications Database breach –Internal direct breach –Attacks proprietary information –Using legitimate access for illegitimate purposes Database breach –Internal direct breach –Attacks proprietary information –Using legitimate access for illegitimate purposes Worm infection –External and internal sources of infection –Attacks critical servers –Known vulnerabilities and “zero day” web worm Worm infection –External and internal sources of infection –Attacks critical servers –Known vulnerabilities and “zero day” web worm

6 6Imperva Confidential Data Center Security Different Problem, Different Solution Corporate NetworkData Center Assets Desktop Computers Microsoft Apps Personal Files Proprietary Information Custom Business Apps Critical Servers Threats Client Worms Spyware Viruses Data Leakage Identity Theft Data Theft Phishing Malicious Robots Server Worms Denial of Service SQL Injection Cost Lost ProductivityBrand, Revenue, and Regulatory Compliance Solutions IPS, Anti-Virus, and Personal Firewalls ????

7 7Imperva Confidential Securing the Data Center A New Type of Firewall is Needed Network Access (OSI Layer 1 – 3) Protocol Usage (OSI Layer 4 – 7) Application and Database Usage (New Layer 8+) Network Layer Application Layer Application Logic Data Center Application Security not Addressed by Network Firewall or IPS Technology –SQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc. SecureSphere – Data Center Firewall Protect critical servers, proprietary information and custom business applications Data Center Application Security not Addressed by Network Firewall or IPS Technology –SQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc. SecureSphere – Data Center Firewall Protect critical servers, proprietary information and custom business applications Perimeter Firewall Network Firewall Data Center Firewall Imperva SecureSphere Dynamic Profiling Firewall Departmental Firewall Intrusion Prevention Systems (IPS) and Deep Inspection Firewall

8 8Imperva Confidential Securing the Data Center Point Solutions Problematic Fragmented Protection –Deep Inspection Firewall –Application Firewall –Database Firewall –XML Firewall Static Policy & Rules –Requires constant manual tuning Fragmented Management –Set policy on each device –Fragmented logging, forensics, monitoring –No integrated reporting No Cooperation Between Layers Poor Performance and Scalability Fragmented Protection –Deep Inspection Firewall –Application Firewall –Database Firewall –XML Firewall Static Policy & Rules –Requires constant manual tuning Fragmented Management –Set policy on each device –Fragmented logging, forensics, monitoring –No integrated reporting No Cooperation Between Layers Poor Performance and Scalability Data Center Web Servers App. Servers, Databases Internal Users DMZ Web Servers, App Servers, Databases DI Firewall App Firewall Database Firewall XML Firewall

9 9Imperva Confidential A Dynamic Profiling Firewall must build and tune the security profile without human intervention Automatically Built Automatically Tuned Much more information needed for security decisions –Web App elements URLs, Cookies, Parameters, Users, Sessions, etc. –Web Services elements XML URLs, SOAP actions, XML elements, etc. –Database elements SQL Queries, SQL Tables, Users, etc. Too complex for manual intervention Much more information needed for security decisions –Web App elements URLs, Cookies, Parameters, Users, Sessions, etc. –Web Services elements XML URLs, SOAP actions, XML elements, etc. –Database elements SQL Queries, SQL Tables, Users, etc. Too complex for manual intervention Dynamic Profiling Firewall Network Layer (OSI layers 1 – 3) Application Layer (OSI layers 4-7) Application Profile Millions of dynamic items Securing the Data Center Breaking the Barrier Application Logic and Databases New layer(s)! 8+

10 10Imperva Confidential SecureSphere Dynamic Profiling Firewall Data Center Ready Security Unified Protection –Web, database and worm attacks –Internal and external attackers –Layers 1-7 and 8+ Dynamic Profiling –Automatically models application structure and dynamics Web Application: URLs, cookies, users, parameters, sessions, etc. Web Services: XML URLs, SOAP actions, XML elements, etc. Database: SQL queries, SQL tables, parameters, users, etc. –No on-going manual tuning Adapts when application changes Centralized Management Enforcement & Auditing Across Layers High Performance and Highly Scalable Unified Protection –Web, database and worm attacks –Internal and external attackers –Layers 1-7 and 8+ Dynamic Profiling –Automatically models application structure and dynamics Web Application: URLs, cookies, users, parameters, sessions, etc. Web Services: XML URLs, SOAP actions, XML elements, etc. Database: SQL queries, SQL tables, parameters, users, etc. –No on-going manual tuning Adapts when application changes Centralized Management Enforcement & Auditing Across Layers High Performance and Highly Scalable Internal Users SecureSphere G4 Gateways SecureSphere MX Management Server Data Center Web Servers App. Servers, Databases DMZ Web Servers App Servers, Databases

11 11Imperva Confidential Security Coverage SecureSphere Secures the Data Center SecureSphere Protects Against Web Application Attack –Both Interface and Logic Web Services Attack –SOAP/XML interfaces Database Breach –Direct Database Attacks –Via Web Application –Via Web Services Worm/Platform Attack –Network Stack –Operating Systems –Infrastructure Server Software SecureSphere Protects Against Web Application Attack –Both Interface and Logic Web Services Attack –SOAP/XML interfaces Database Breach –Direct Database Attacks –Via Web Application –Via Web Services Worm/Platform Attack –Network Stack –Operating Systems –Infrastructure Server Software Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack Application Data Center Infrastructure

12 12Imperva Confidential Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack Security Coverage SecureSphere – IPS Protects Critical Data Center Servers –Operating System Platform agnostic of vendor / version –Server Software –Network Access –Network Protocols Attacks Prevented –Server Worms –Unauthorized Access –Protocol Attacks Defenses –User and protocol access control –Protocol Validation and Usage –Full Snort®-compatible signature protection –Imperva’s Advanced ADC defenses –Web Worm Profiling Protects Critical Data Center Servers –Operating System Platform agnostic of vendor / version –Server Software –Network Access –Network Protocols Attacks Prevented –Server Worms –Unauthorized Access –Protocol Attacks Defenses –User and protocol access control –Protocol Validation and Usage –Full Snort®-compatible signature protection –Imperva’s Advanced ADC defenses –Web Worm Profiling Application Data Center Infrastructure

13 13Imperva Confidential Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack Security Coverage SecureSphere - Web App Firewall Dynamic Profiling Protects “Traditional” Web App Elements –Application Logic Form fields, cookies, URLs, Parameters –Agnostic Web / App Server Software Apache, IIS, etc. Example Attacks Prevented –Cross-site scripting –SQL Injection –Command Injection –Illegal encoding –Buffer Overflows –Cookie Poisoning –Parameter Tampering –Form Field Tampering –Malicious Scanning / Robots –Phishing –Denial of Service Integrated IPS Protects the OS and the Network (point solutions don’t) Dynamic Profiling Protects “Traditional” Web App Elements –Application Logic Form fields, cookies, URLs, Parameters –Agnostic Web / App Server Software Apache, IIS, etc. Example Attacks Prevented –Cross-site scripting –SQL Injection –Command Injection –Illegal encoding –Buffer Overflows –Cookie Poisoning –Parameter Tampering –Form Field Tampering –Malicious Scanning / Robots –Phishing –Denial of Service Integrated IPS Protects the OS and the Network (point solutions don’t) Application Data Center Infrastructure

14 14Imperva Confidential Security Coverage SecureSphere - XML Firewall Dynamic Profiling Protects Web Services Elements –Application / Web Servers Agnostic to vendor brands –Web Services Protocols and Standards XML, SOAP, WSDL Attacks Prevented –“Element Tampering” –“Structure Tampering” –SQL Injection –Command Injection –Illegal encoding –Cross Site Scripting –Buffer Overflow Integrated IPS Protects the OS and the Network (point solutions don’t) Dynamic Profiling Protects Web Services Elements –Application / Web Servers Agnostic to vendor brands –Web Services Protocols and Standards XML, SOAP, WSDL Attacks Prevented –“Element Tampering” –“Structure Tampering” –SQL Injection –Command Injection –Illegal encoding –Cross Site Scripting –Buffer Overflow Integrated IPS Protects the OS and the Network (point solutions don’t) Application Data Center Infrastructure Web Application & Web Service (Custom to Package) Application Logic (Custom to Package) Application Databases (Custom to Package) Web Server Application Server Database Servers Operating System Network Stack

15 15Imperva Confidential Deployment Performance and Scalability High Performance –Up to 1 Gbps throughput –Sub millisecond latency –Up to 8,000 transaction/second Scalability –G4: Entry for small to medium segments –G8: Performance for larger segments –MX: Centralized management for multi-gateway environments High Performance –Up to 1 Gbps throughput –Sub millisecond latency –Up to 8,000 transaction/second Scalability –G4: Entry for small to medium segments –G8: Performance for larger segments –MX: Centralized management for multi-gateway environments G4 Gateway Appliance Throughput500 Mbps Requests Per Second4000 Form Factor1U Max Sniffing Interfaces3 Max Inline Segments1 G8 Gateway Appliance Throughput1000 Mbps Requests Per Second8000 Form Factor1U Max Sniffing Interfaces3 Max Inline Segments1

16 16Imperva Confidential Operations Centralized Management Centralized Management Services –Manages all devices from a single console –Application level profiles and policy –Integrated logging and forensics –User specific alerts and monitoring –Integrated compliance reporting Scalable for Large Deployments –Three-tier architecture –Browser-based interface –Role-based administration –Easy appliance deployment Appliances auto-configured by mgt server Centralized Management Services –Manages all devices from a single console –Application level profiles and policy –Integrated logging and forensics –User specific alerts and monitoring –Integrated compliance reporting Scalable for Large Deployments –Three-tier architecture –Browser-based interface –Role-based administration –Easy appliance deployment Appliances auto-configured by mgt server MX Management Server SecureSphere Gateway Appliances Browser Interface

17 17Imperva Confidential Summary Securing the Data Center Businesses Vulnerable to New Data Center Threats –Identity theft, data theft, SQL injection, worms, and DoS –Risking brand, revenue, and regulatory compliance IPS and Network Firewalls are Not Enough –Do not protect proprietary information and custom business applications SecureSphere - Data Center Ready Protection –Security Protects proprietary information, custom applications, and critical servers Blocks even the most sophisticated attacks –Deployment No change to existing applications and infrastructure Flexible networking and high availability Performance and scalability –Operations No manual tuning Centralized management  Low TCO and High ROI Businesses Vulnerable to New Data Center Threats –Identity theft, data theft, SQL injection, worms, and DoS –Risking brand, revenue, and regulatory compliance IPS and Network Firewalls are Not Enough –Do not protect proprietary information and custom business applications SecureSphere - Data Center Ready Protection –Security Protects proprietary information, custom applications, and critical servers Blocks even the most sophisticated attacks –Deployment No change to existing applications and infrastructure Flexible networking and high availability Performance and scalability –Operations No manual tuning Centralized management  Low TCO and High ROI

18 18Imperva Confidential Thank You Imperva Inc. 950 Tower Lane, Suite 1710 Foster City, CA 94404 Sales: (866) 926-4678 www.imperva.com

19 19Imperva Confidential MX Management DatabaseY2 GatewayG2 Web App X1 Web App X2 GatewayG1 Database Y1 OOBOOB Test Env Real Life Env

Download ppt "Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer."

Similar presentations

The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Imperva The Leader in Application Data Security and Compliance Eran Cohen EMEA Sale Engineer

Imperva The Leader in Application Data Security and Compliance Eran Cohen EMEA Sale Engineer
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
1 Project Part II Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez.

1 Project Part II Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Similar presentations

Ads by Google