Deploying and Protecting

Applications in the Cloud

Yaron Azerual

Product Marketing Manager

Agenda

• Who is Radware?

• A glance at recent local cyber attacks in the cloud

• Making your ADC infrastructure Cloud Ready

• Protecting your applications in the cloud

Slide 2

About Radware

Slide 3

Over 10,000 Customers

Global Technology Partners

Company Growth

ADC Magic Quadrant 2010

Recognized ADC Market Leader

4.9 14.1

38.4 43.3 43.7 54.8

68.4 77.6 81.4

88.6 94.6

108.9

144.1

167.0

1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011

Some Relevant Security Attacks

Recent attacks by the Hacker – 0xOmar:

• Some sites were brought down by DDoS attacks

• Credit cards were stolen from other sites

• One of the sites who suffered from data breaches was hosted on “dooble”

– They thought they were well protected

Slide 5

Internet

Using a Shared ADC in a Hosted Cloud

Cloud Data Center

Shared ADC

End users, partners and employees

Hosted

Customer A

Hosted

Customer B

Hosted

Customer C

Hosted

Customer D

Hosted

Customer …

Making Your ADC Infrastructure

Cloud Ready

ADC

Internet

Data Center Evolution

Data Center

ADC ADC ADC ADC

End users, partners and employees

ADC

Radware ADC-VX

ADC layer remains

physical and siloed

vADC instances –

• Can run on top of a specialized and general

purpose computing resources

• Provide same ADC functionality regardless of

form factor

3 ADC form factors:

• Dedicated ADC

• Radware ADC-VXTM

• Radware Alteon VA

Fit any enterprise datacenter foot print and cost per

application requirements

Plug-in for

Orchestration and Cloud

Management systems

Virtualized Application Delivery Infrastructure

Virtualized Enterprise Data Center

SAN

Network & Storage

Radware Virtual Application Delivery Infrastructure

Slide 9

ADC Virtualization Infrastructure –

• Allows regarding all ADC form factors as one

pool of Application Delivery resources

• Add special virtualization services for Application

Delivery

• vADCs are integrated with the virtual infrastructure

eco-system through Radware’s vDirect™ plug-in and

SDK

• vDirect™ is designed specifically for virtualized data

centers

Cloud

Orchestrator

Virtualized Application Delivery Infrastructure

Cloud Data Center

ADC in the Cloud: Must Be Part of the End-to-End Automation

Migrate across the

ADC Fabric when

capacity is maxed out

Provision vADC

from AppShape

catalogue

Automatically scale to

meet business needs

Silver Customer A

Silver Customer A

Gold • Full integration with Cloud management & orchestration systems

• Faster application rollout

• Seamless scalability

• Maximum ADC agility

• Higher resiliency

• Lower costs

Internet

Segregating Service in the Cloud, Containing the Risk

Cloud Data Center

Virtual ADC per

Customer

End users, partners and employees

Hosted

Customer A

Hosted

Customer B

Hosted

Customer C

Hosted

Customer D

Hosted

Customer …

Protecting Your Applications

In The Cloud

Network and Data Security Attacks: From the News

Slide 13

Cost of Breach:

$80M to recover the theft

Cost of Attack:

• Reputation loss

• Customer churn

Cost of Attack:

• Reputation loss

• Penalties to trading firms

• Authority investigation

Multi-Vulnerability Attack Campaigns

Slide 14

Business

Large volume network flood attacks

Directed Application DoS attack: Slowloris

Large volume SYN flood

Connection DoS attacks

HTTP & HTTPS flood attacks

Radware security incidents report 2011:

• More than 70% of Radware reported cases in 2011

involved at least 3 attack vectors

• Attackers use multi-vulnerability attack campaigns

making mitigation nearly impossible

Attackers Seek for Blind Spots

Slide 15

Business

Large-volume network flood attacks

Directed DoS attack: Slowloris

Large-volume SYN flood

Connection DoS attacks

IPS

HTTP & HTTPS flood attacks

DoS Protection

Why are multi-vulnerability attacks so successful?

• Current security practices fail to mitigate attacks

• Organizations deploy point security solutions

• Lack of expertise to analyze emerging threats

Mapping Security Protection Tools

Slide 16

DoS Protection

Behavioral Analysis

IP Rep.

IPS

WAF

Large volume network flood attacks

Web attacks: XSS, Brute force

SYN flood attack

Application vulnerability, malware

Web attacks: SQL Injection

Port scan

“Low & Slow” DoS attacks (e.g.Sockstress)

Network scan

Intrusion

High and slow Application DoS attacks

Common Security Strategy

Slide 17

DOS NBA

IPS WAF

• Many point security tools

• Need to be in sync

• Need to be tuned in real

time

Holistic Security Strategy

Slide 18

• “Behavior-based security capabilities are well-suited to emerging threats

and illustrate Radware's commitment to integrated security capabilities.” Gartner ADC Magic Quadrant 2010

• “Radware focus on behavioral assessment is unique… this puts Radware in a

strong position to address emerging threats.” Gartner IPS Magic Quadrant 2009

• NSS Labs’ Rating: Recommended

“Only the top technical products earn a recommend rating

from NSS Labs”

Summary

Summary

Slide 20

Ensure continuous cloud service availability

Even when under multi-vector attacks

Improve customer experience at all times

Cut deployment and maintenance cost by 20-50%

Ensure SLA per customer and per application

Thank You www.radware.com

Thank You www.radware.com