Avi Networks Proprietary and Confidential 2018
Next Gen Application Network ServicesiWAF: Industry’s first Distributed hybrid-cloud Web Application Firewall
Closed-Loop Intelligence | Elastic Performance | Real-time Analytics
Avi Networks Proprietary and Confidential 2018
Software That Delivers Applications for Global Enterprises
› Application Networks Services: Software Load Balancing, Security, WAF, Visibility
› Universal Solution for Traditional and Modern Use Cases
› Global Footprint and Strategic Cisco Partnership
Avi Networks Proprietary and Confidential 2018
Web Application Attacks are Most Prevalent and Damaging
Incident: A security event that compromises the integrity, confidentiality or availability of an information asset.
Breach: An incident that results in the confirmed disclosure—not just
potential exposure—of data to an unauthorized party.
Source: Verizon Data Breach Investigations Report (DBIR) 2017
Avi Networks Proprietary and Confidential 2018
Exponential impact of two trends
• Applications are moving to web based interfaces
• Many more application end points on network
Massive increase in L7 attack surface in modern applications
Legacy App
IP/Port
Modern App
HTTP, REST, L7…
More Apps(Microservices…)
Avi Networks Proprietary and Confidential 2018
Web Application Firewalls – State of the Union TodayMassive gap – Minimal coverage today vs. desired end state of 100% coverage
Reality
No WAF for most apps
Complex Rules
Poor Analytics
Poor performance, highly variable
100%Coverage
Need!
One-click rules
Real time intelligence
High performance, elastic
Challenge:How to bridge this gap??
Avi Networks Proprietary and Confidential 2018
Avi Networks iWAF – Intelligent Web Application Firewall
Writing rules is complexRules set tuning requires experts
Don’t know what’s going onHard to tell which rules are hit & why
Capacity planning nightmareLow performance, massive variability
Today Avi iWAF
Simplified RulesEspecially for common use cases
Real-time granular analyticsInsights on which flow hit which rules
Elastic ScaleHigh performance, scale-out platform
Avi Networks Proprietary and Confidential 2018
CONTROLDATA
Monolithic Appliances to Modern Distributed Architecture
Separate Control & Data PlaneManage as one, not many devices
APPLICATIONS
Controller
Monolithic Appliance SoftwareManagement Plane: UI/CLI
Data Plane: LB
Service Engines
Avi Networks Proprietary and Confidential 2018
Avi Platform – Modern Distributed Architecture
CONTROLDATA
Universal SolutionBoth traditional and modern use cases
Service Engines Controller
Public Cloud
Bare Metal Virtualized Containers
On Premises
Separate Control & Data PlaneManage as one, not many devices
VisibilityActionable insights key to automation
10x Performance• 4 Tbps• 12M SSL TPS
ElasticityOn-demand scalability up / down
REST API
AutomationHighly programmable, Plug-n-Play
Avi Networks Proprietary and Confidential 2018
Comprehensive Services – For All Major Environments
Application Services
Out-of-Box Automation
CONTAINERS SDN OPENSTACK AUTOMATION ON-PREM or OFF
Load BalancingL7 (HTTP) LB
L4 (TCP/UDP) LB
Global Load Balancing
Content Switching
Caching/Compression
Auto-Scaling
WAF & SecurityWeb app firewall (WAF)
SSL Termination
DDoS Protection
L3-4 ACLs
L7 Rules/Policies
Micro-Segmentation
AnalyticsApplication map
Service Health Score
Network performance
App Performance
Request Logging
Security Insights
MESOS
Bare Metal
PlatformCentral Management
100% REST API / SDK
Self-Service
Multi-Tenancy
Service Discovery
IPAM/DNS
Avi Networks Proprietary and Confidential 2018
Avi iWAF
EncryptionSSL/TLS
L3/4 ACLsIP-Port based Security Rules
L7 ACLsContent (URI) based security rules
DDoS ProtectionDDoS detection and mitigation with elastic scaling
Application Rate LimitingControl and restrict by application or tenants
Security In
sights
Security sco
re, Real-tim
e attacks, SSL Insigh
ts
Web Application FirewallOWASP CRS protection, Attack Analytics
Fully Integrated with Avi’s Comprehensive Security Services
• Centralized Management
• Multi-Cloud Elastic Fabric
• Automation & Programmability
• Real Time Visibility & Analytics
REST API
Data Center Private Cloud Public Cloud
Avi Networks Proprietary and Confidential 2018
•OWASP Top 10 Protection
•Based on Avi improved
OWASP Core Rule Set (CRS) 3.0
•Signatures for common web vulnerabilities
•Custom rule support (ModSecurity rule language)
WAF | security
Avi Networks Proprietary and Confidential 2018
Simple, Scalable, and Intelligent Web Security
• Point & click policies• Central policy management
• Visually analyze policies• Eliminate false positives
• Customize for specific apps• Enforce and adjust
iWAF Policy Model
Avi Networks Proprietary and Confidential 2018
DEMO: WAF Connection Analytics – Rule, Tag, Group, Timing (Latency)
Avi Networks Proprietary and Confidential 2018
Where Customers Deploy Avi
ADC/LB or WAF Refresh
Automation & Private CloudNetwork Modernization & SDN
Project• Load balancer refresh• Mix of physical and virtual
Why Avi:• Less than half the cost• Central management and control• Application performance monitoring• Easy migration, short time to value
Public Cloud (or Hybrid) Containers/PaaS
(OpenStack, VMware, Puppet/Chef…)
Project• Self-service Load Balancer & WAFWhy Avi:• Automated elastic load balancer• Integrated App perf monitoring
(Bare metal x86, VMware ESX, Cisco CSP…)
(AWS, Azure, GCP, SoftLayer…)
Project• Full featured Elastic LB & WAFWhy Avi:• Enterprise class features – LB, Security• Consistency – On-prem and Cloud
(Ansible, Cisco ACI, VMware NSX, Nuage…)
Project• LB or WAF integration with SDNWhy Avi:• 100% REST API, Programmability• SDN Integration
(OpenShift, Kubernetes, Docker…)
Project• LB or WAF integration with PaaS/CaaSWhy Avi:• Single LB for North-south & East-west• Converged platform: LB, Security, Visibility
Avi Networks Proprietary and Confidential 2018
Case Study – Swiss Lottery Company
Centralized management simplifies
administration.
Leading appliance-based WAF solution
had significant performance issues.
Impressive ease-of-use and
performance with on-demand scale out.
Challenges Why Avi Networks
Product refresh for appliances was cost
prohibitive iWAF analytics and logging make setting
the right policies simple.
“Appliance-based products weren’t
meeting our needs, and as we
evaluated alternatives, web
application firewalling was our
number-one consideration. We
were pleasantly surprised by Avi
iWAF’s simple deployment,
impressive ease-of-use, and
intelligent security analytics, as
well as the responsiveness of the
Avi team.”
Joris Vuffray, Head of Network
and System Management
Avi Networks Proprietary and Confidential 2018
Quantifiable Benefits – Immediate and Ongoing
• Run on commodity x86
• No overprovisioning, elastic
• Flexible subscription licensing
• Replay traffic events
• Application Health Scores
• Insights: Performance, Security
• Centralized Management
• On-demand scaling
• Full automation with REST API
50%+ savings over appliances 4+ hr reduction in resolution time 90%+ faster provisioning
Reduce Costs Faster ProvisioningFaster Troubleshooting
Avi Networks Proprietary and Confidential 2018
Top Related