ירון אזרואל רדוויר
-
Upload
meda-conferences -
Category
Business
-
view
316 -
download
1
description
Transcript of ירון אזרואל רדוויר
Deploying and Protecting
Applications in the Cloud
Yaron Azerual
Product Marketing Manager
Agenda
• Who is Radware?
• A glance at recent local cyber attacks in the cloud
• Making your ADC infrastructure Cloud Ready
• Protecting your applications in the cloud
Slide 2
About Radware
Slide 3
Over 10,000 Customers
Global Technology Partners
Company Growth
ADC Magic Quadrant 2010
Recognized ADC Market Leader
4.9 14.1
38.4 43.3 43.7 54.8
68.4 77.6 81.4
88.6 94.6
108.9
144.1
167.0
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
Some Relevant Security Attacks
Recent attacks by the Hacker – 0xOmar:
• Some sites were brought down by DDoS attacks
• Credit cards were stolen from other sites
• One of the sites who suffered from data breaches was hosted on “dooble”
– They thought they were well protected
Slide 5
Internet
Using a Shared ADC in a Hosted Cloud
Cloud Data Center
Shared ADC
End users, partners and employees
Hosted
Customer A
Hosted
Customer B
Hosted
Customer C
Hosted
Customer D
Hosted
Customer …
Making Your ADC Infrastructure
Cloud Ready
ADC
Internet
Data Center Evolution
Data Center
ADC ADC ADC ADC
End users, partners and employees
ADC
Radware ADC-VX
ADC layer remains
physical and siloed
vADC instances –
• Can run on top of a specialized and general
purpose computing resources
• Provide same ADC functionality regardless of
form factor
3 ADC form factors:
• Dedicated ADC
• Radware ADC-VXTM
• Radware Alteon VA
Fit any enterprise datacenter foot print and cost per
application requirements
Plug-in for
Orchestration and Cloud
Management systems
Virtualized Application Delivery Infrastructure
Virtualized Enterprise Data Center
SAN
Network & Storage
Radware Virtual Application Delivery Infrastructure
Slide 9
ADC Virtualization Infrastructure –
• Allows regarding all ADC form factors as one
pool of Application Delivery resources
• Add special virtualization services for Application
Delivery
• vADCs are integrated with the virtual infrastructure
eco-system through Radware’s vDirect™ plug-in and
SDK
• vDirect™ is designed specifically for virtualized data
centers
Cloud
Orchestrator
Virtualized Application Delivery Infrastructure
Cloud Data Center
ADC in the Cloud: Must Be Part of the End-to-End Automation
Migrate across the
ADC Fabric when
capacity is maxed out
Provision vADC
from AppShape
catalogue
Automatically scale to
meet business needs
Silver Customer A
Silver Customer A
Gold • Full integration with Cloud management & orchestration systems
• Faster application rollout
• Seamless scalability
• Maximum ADC agility
• Higher resiliency
• Lower costs
Internet
Segregating Service in the Cloud, Containing the Risk
Cloud Data Center
Virtual ADC per
Customer
End users, partners and employees
Hosted
Customer A
Hosted
Customer B
Hosted
Customer C
Hosted
Customer D
Hosted
Customer …
Protecting Your Applications
In The Cloud
Network and Data Security Attacks: From the News
Slide 13
Cost of Breach:
$80M to recover the theft
Cost of Attack:
• Reputation loss
• Customer churn
Cost of Attack:
• Reputation loss
• Penalties to trading firms
• Authority investigation
Multi-Vulnerability Attack Campaigns
Slide 14
Business
Large volume network flood attacks
Directed Application DoS attack: Slowloris
Large volume SYN flood
Connection DoS attacks
HTTP & HTTPS flood attacks
Radware security incidents report 2011:
• More than 70% of Radware reported cases in 2011
involved at least 3 attack vectors
• Attackers use multi-vulnerability attack campaigns
making mitigation nearly impossible
Attackers Seek for Blind Spots
Slide 15
Business
Large-volume network flood attacks
Directed DoS attack: Slowloris
Large-volume SYN flood
Connection DoS attacks
IPS
HTTP & HTTPS flood attacks
DoS Protection
Why are multi-vulnerability attacks so successful?
• Current security practices fail to mitigate attacks
• Organizations deploy point security solutions
• Lack of expertise to analyze emerging threats
Mapping Security Protection Tools
Slide 16
DoS Protection
Behavioral Analysis
IP Rep.
IPS
WAF
Large volume network flood attacks
Web attacks: XSS, Brute force
SYN flood attack
Application vulnerability, malware
Web attacks: SQL Injection
Port scan
“Low & Slow” DoS attacks (e.g.Sockstress)
Network scan
Intrusion
High and slow Application DoS attacks
Common Security Strategy
Slide 17
DOS NBA
IPS WAF
• Many point security tools
• Need to be in sync
• Need to be tuned in real
time
Holistic Security Strategy
Slide 18
• “Behavior-based security capabilities are well-suited to emerging threats
and illustrate Radware's commitment to integrated security capabilities.” Gartner ADC Magic Quadrant 2010
• “Radware focus on behavioral assessment is unique… this puts Radware in a
strong position to address emerging threats.” Gartner IPS Magic Quadrant 2009
• NSS Labs’ Rating: Recommended
“Only the top technical products earn a recommend rating
from NSS Labs”
Summary
Summary
Slide 20
Ensure continuous cloud service availability
Even when under multi-vector attacks
Improve customer experience at all times
Cut deployment and maintenance cost by 20-50%
Ensure SLA per customer and per application
Thank You www.radware.com
Thank You www.radware.com