Securing Cloud Applications with Stingray Application Firewall

1
Securing Cloud Applications with a Distributed
Web Application Firewall
www.riverbed.com 2013 Riverbed Technology
2
Primary Target of Attack Shifting from Networks
and Infrastructure to Applications
APPLICATIONS
INFRASTRUCTURE
NETWORKS
2013 Riverbed Technology www.riverbed.com
3
Cloud Applications Are Exposed to New Threats
Designing for dramatically larger number of users
shifts focus towards performance and away from
security
Cloud applications use off-the-shelf building
blocks, in house services, and 3rd party
frameworks each with individual vulnerabilities
Cloud
Vulnerabilities exposed when applications
designed for in-house data centers migrate to
the cloud
2013 Riverbed Technology www.riverbed.com
4
There is a Real Cost of Not Securing Applications
Global headlines. Real business impact.
3 Months offline
10,000,000 fined for security breach
500,000 replacement credit cards issued
40,000,000 credit card details lost
94,000,000 in remediation costs
2013 Riverbed Technology www.riverbed.com
5
Beyond Other Business Drivers for Application
Security

• Regulatory Pressures
• PCI DSS, HIPAA, etc.
• Data Privacy Act

Compliance
Revenue Reputation
Best Practices

• Security Governance
• Cross-business collaboration
• Delegation of responsibility
• Understand changing risk profiles of your
  application
• Due Diligence

• Opportunity cost of remediation
• Brand and reputation damage
• Loss of income

2013 Riverbed Technology www.riverbed.com
6
Changing Risk Profiles Make it Harder to Secure
Cloud Applications
Vulnerable third-party software components
Cross-site request forgery (CSRF)
Authentication and session attacks
Malicious requests (e.g. SQL-injection)
URL manipulation
Cross-site scripting (XSS)
For detailed information on the latest trends in
application vulnerabilities,see OWASP Top Ten
Projects at https//www.owasp.org/
2013 Riverbed Technology www.riverbed.com
7
Traditional Web Application Firewalls are Not
Effective in Cloud Environments
TRADITIONAL SOLUTION IS INEFFICIENT Dedicated
hardware WAFOne WAF per deployment
Increased capital costs Decreased provisioning
agility in a dynamic, virtualized
environment Increased management costs without
levels of delegation for administration
2013 Riverbed Technology www.riverbed.com
8
REQUIRED
A Distributed Web Application Firewall
Purpose-built for Cloud Security
9
The Web Application Firewall Must be Massively
Scalable Portable

• Across CPU, computer, server rack and data center
  boundaries

Private
Public

• Across multiple applications at a time (e.g.
  cloud bursting)

• Across private, hybrid or public clouds, and
  small or large traditional data centers

• Available as virtual appliance and a plug-in

• Start small, but allow scale up without changes
  to security solution

Data Center
Local Machine
2013 Riverbed Technology www.riverbed.com
10
Flexible, Portable Across Platforms
Can live in a wide variety of components
effectively
Fits into existing infrastructures and processes
Available as virtual appliance and a plug-in
Mixes traditional and virtual technologies
2013 Riverbed Technology www.riverbed.com
11
Distributed and Delegated Management
Private
Public
1
2
3
4
Easy, central management with a simple web-based
management UI
Granular configuration settings for each
application and each customer
Multi administrator privileges to handle diverse
security policy schemes
Proactive Monitoring tuned for each application
Fits into any existing or planned application
delivery infrastructure.
2013 Riverbed Technology www.riverbed.com
12
Securing Cloud Applications with a Distributed
Web Application Firewall
Download the Complete Whitepaper from
www.riverbed.com/stingray-appsec
www.riverbed.com2013 2013 Riverbed Technology