Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.

Published bySimon Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010."— Presentation transcript:

1 www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010

2 www..com Xiom: the WAF experts Focus on real time web application security solutions. Free & unbiased expert information about web application firewalls and related technologies. Help in making WAFs deliver: –Selecting the correct WAF solution for you. –Optimizing your WAF implementation. –Write rules to ensure effective security. –Analyze alerts to understand risk and vulnerabilities of your web application. –Implementing ModSecurity based solutions.

3 www..com What is a WAF?

4 www..com The two faces of information security: Attack Detection: Anti-Virus Anti-Malware IDS/IPS Policy Enforcement: Firewall NAC Scanners

5 www..com Which one is a WAF? It’s a firewall isn’t it? So it must be a policy enforcer. But it does signatures, so it is probably an attack detector.

6 www..com Depends

7 www..com The XIOM Definition Intimate understanding of HTTP A positive security model Application layer rules Session based protection Fine grained policy management

8 www..com What is a cloud?

9 www..com This is a cloud

10 www..com More Seriously SaaS: SalesForce PaaS: Shared Hosting PaaS: Shared Hosting IaaS: Amazon EC2

11 www..com What Role Can a WAF Play in the Cloud?

12 www..com The Menu Enterprise Security Gateway WAF as a service –For protecting a data center –For protecting SaaS WAF for a cloud deployment –Host Based –Infrastructure Based WAF stubs –For a data center –For a cloud deployment

13 www..com Enterprise Security Gateway

14 www..com Enterprise Security Gateway Protect in the cloud services through unified security gateway. Pros: Unified access control Security for 3 rd party code Cons: Double bandwidth Hard to create positive security rules

15 www..com WAF as a Service For SaaS For a Data Center

16 www..com WAF as a service Use an in the cloud WAF to protect enterprise data center. Pros: Very easy deployment. Fast signature updates. Might be the only solution for a SaaS Cons: Double bandwidth Preventing direct access

17 www..com WAF as a service - Akamai Applies ModSecurity Core Rules to HTTP traffic. Uses Akamai internal HTTP processing technology Signatures only, hardly a WAF

18 www..com WAF for Cloud Environment

19 www..com WAF for Cloud Environment Use an in the cloud WAF to protect enterprise data center. Pros: No Bandwidth Overhead Cons: Might be harder to deploy

20 www..com Host based WAF

21 www..com Host based WAF The most mature approach to WAF in the cloud. ModSecurity, SecureIIS, Applicure, PHPIDS…. However many times not more than an Host based IPS.

22 www..com WAF stubs

23 www..com WAF Stubs Host based stub and a remote brain. Different separation levels: –Remote monitoring & configuration –Remote learning –Remote enforcement –In-between.

24 www..com WAF Stubs Art of Defence stub for AWS Breach Global Event Manager –Monitoring Only

25 www..com Thank You! shezaf@xiom.com

Download ppt "Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010."

Similar presentations

May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.

May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Supreme Systems Profile www.supremesystemsng.comwww.supremesystems.co.ukwww.supremesystemsng.comwww.supremesystems.co.uk.

Supreme Systems Profile
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.

WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,

PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,

Similar presentations

Ads by Google