imperva total application security idan soen, cissp security engineer securesphere – the first...
TRANSCRIPT
ImpervaTotal Application SecurityImpervaTotal Application Security
Idan Soen, CISSPSecurity Engineer
SecureSphere – The First Dynamic Profiling Firewall
Imperva Confidential 2
AgendaAgenda
• Imperva
• Application Security Landscape
• SecureSphere
• Imperva
• Application Security Landscape
• SecureSphere
Imperva Confidential 3
ImpervaImperva
• Company Focus: Total Application Security• Founded in 2000 by world’s elite application
security specialists – Israeli Defense Force cyber warfare team– Private sector penetration testing & app security
consultants
• Co-Founder, CEO – Shlomo Kramer – Check Point co-founder– Co-developer of Stateful Inspection
• SecureSphere Product Family– First “Dynamic Profiling Firewall”
• Company Focus: Total Application Security• Founded in 2000 by world’s elite application
security specialists – Israeli Defense Force cyber warfare team– Private sector penetration testing & app security
consultants
• Co-Founder, CEO – Shlomo Kramer – Check Point co-founder– Co-developer of Stateful Inspection
• SecureSphere Product Family– First “Dynamic Profiling Firewall”
Imperva Confidential 4
Data Center Security
Need to Secure the Data CenterData Center Security
Need to Secure the Data Center
Data Center Assets have Never Been More Critical…
…or More Vulnerable92% Vulnerable to* – Identity theft– Data theft– Worms– Denial of Service– SQL Injection– Parameter tampering
Business Implications of Attack– Lost revenue– Brand erosion– Regulatory compliance
• SOX, GLBA, HIPAA, CA SB-1386, CISP, etc
Data Center Assets have Never Been More Critical…
…or More Vulnerable92% Vulnerable to* – Identity theft– Data theft– Worms– Denial of Service– SQL Injection– Parameter tampering
Business Implications of Attack– Lost revenue– Brand erosion– Regulatory compliance
• SOX, GLBA, HIPAA, CA SB-1386, CISP, etc
Data Center & DMZCritical Servers,
Proprietary Information And Custom Business
Applications
Users
*Source: Imperva Application Defense Center
Imperva Confidential 5
Application ThreatsApplication Threats
• Web Application and Web Services attacks– External SQL injection– Attacks custom business
applications
• Web Application and Web Services attacks– External SQL injection– Attacks custom business
applications
A multi-dimensional problemA multi-dimensional problem
Internal Users
WebWebSQL injectionSQL injectionCookie poisonCookie poison
etc.etc.
DatabaseDatabaseData theftData theft
Data corruptionData corruptionetc.etc.
WormWormCode RedCode Red
NimdaNimdaetc.etc.
Data Center & DMZ
Critical Servers, Proprietary Information And Custom
Business Applications
• Database breach– Internal direct breach– Attacks proprietary information – Using legitimate access for
illegitimate purposes
• Database breach– Internal direct breach– Attacks proprietary information – Using legitimate access for
illegitimate purposes
• Worm infection– External and internal
sources of infection– Attacks critical servers– Known vulnerabilities and
“zero day” web worm
• Worm infection– External and internal
sources of infection– Attacks critical servers– Known vulnerabilities and
“zero day” web worm
Imperva Confidential 6
Data Center Security
Different Problem, Different SolutionData Center Security
Different Problem, Different SolutionCorporate Network Data Center
Assets • Desktop Computers• Microsoft Apps• Personal Files
• Proprietary Information• Custom Business Apps• Critical Servers
Threats • Client Worms• Spyware• Viruses• Data Leakage
• Identity Theft • Data Theft• Phishing• Malicious Robots • Server Worms• Denial of Service• SQL Injection
Cost • Lost Productivity • Brand, Revenue, and Regulatory Compliance
Solutions • IPS, Anti-Virus, and Personal Firewalls
• ????
Imperva Confidential 7
Securing the Data Center
A New Type of Firewall is NeededSecuring the Data Center
A New Type of Firewall is Needed
Network Access(OSI Layer 1 – 3)
Protocol Usage(OSI Layer 4 – 7)
Application and Database Usage
(New Layer 8+)
Network Layer
Application Layer
Application Logic
• Data Center Application Security not Addressed by Network Firewall or IPS Technology
– SQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc.
• SecureSphere – Data Center Firewall• Protect critical servers, proprietary information and custom business
applications
• Data Center Application Security not Addressed by Network Firewall or IPS Technology
– SQL Injection, Phishing, Identity theft, Data theft, Worms, Denial of Service, Malicious Robots, etc.
• SecureSphere – Data Center Firewall• Protect critical servers, proprietary information and custom business
applications
Perimeter Firewall
Network Firewall
Data Center Firewall
Imperva SecureSphere
Dynamic Profiling Firewall
Departmental Firewall
Intrusion Prevention
Systems (IPS) and
Deep Inspection Firewall
Imperva Confidential 8
Securing the Data Center
Point Solutions ProblematicSecuring the Data Center
Point Solutions Problematic
• Fragmented Protection– Deep Inspection Firewall– Application Firewall– Database Firewall– XML Firewall
• Static Policy & Rules– Requires constant
manual tuning
• Fragmented Management– Set policy on each device– Fragmented logging,
forensics, monitoring– No integrated reporting
• No Cooperation Between Layers• Poor Performance and Scalability
• Fragmented Protection– Deep Inspection Firewall– Application Firewall– Database Firewall– XML Firewall
• Static Policy & Rules– Requires constant
manual tuning
• Fragmented Management– Set policy on each device– Fragmented logging,
forensics, monitoring– No integrated reporting
• No Cooperation Between Layers• Poor Performance and Scalability
Data CenterWeb Servers
App. Servers, Databases
Internal Users
DMZWeb Servers, App Servers,
Databases
DI Firewall
App FirewallDatabase Firewall
XML Firewall
Imperva Confidential 9
A Dynamic Profiling Firewall must build and tune the security profile without human intervention
Automatically BuiltAutomatically Tuned
• Much more information needed for security decisions– Web App elements
• URLs, Cookies, Parameters, Users, Sessions, etc.
– Web Services elements• XML URLs, SOAP
actions, XML elements, etc.
– Database elements• SQL Queries, SQL
Tables, Users, etc.
• Too complex for manual intervention
• Much more information needed for security decisions– Web App elements
• URLs, Cookies, Parameters, Users, Sessions, etc.
– Web Services elements• XML URLs, SOAP
actions, XML elements, etc.
– Database elements• SQL Queries, SQL
Tables, Users, etc.
• Too complex for manual intervention
Dynamic Profiling Firewall
Network Layer(OSI layers 1 – 3)
Application Layer(OSI layers 4-7)
Application ProfileMillions of dynamic items
Securing the Data Center
Breaking the BarrierSecuring the Data Center
Breaking the BarrierApplication Logic and DatabasesNew layer(s)! 8+
Imperva Confidential 10
SecureSphere Dynamic Profiling Firewall
Data Center Ready SecuritySecureSphere Dynamic Profiling Firewall
Data Center Ready Security
• Unified Protection – Web, database and worm attacks– Internal and external attackers– Layers 1-7 and 8+
• Dynamic Profiling– Automatically models application
structure and dynamics • Web Application: URLs, cookies, users,
parameters, sessions, etc.• Web Services: XML URLs, SOAP actions,
XML elements, etc.• Database: SQL queries, SQL tables,
parameters, users, etc.
– No on-going manual tuning • Adapts when application changes
• Centralized Management • Enforcement & Auditing Across Layers• High Performance and Highly Scalable
• Unified Protection – Web, database and worm attacks– Internal and external attackers– Layers 1-7 and 8+
• Dynamic Profiling– Automatically models application
structure and dynamics • Web Application: URLs, cookies, users,
parameters, sessions, etc.• Web Services: XML URLs, SOAP actions,
XML elements, etc.• Database: SQL queries, SQL tables,
parameters, users, etc.
– No on-going manual tuning • Adapts when application changes
• Centralized Management • Enforcement & Auditing Across Layers• High Performance and Highly Scalable
Internal Users
SecureSphere G4 Gateways
SecureSphere MX Management Server
Data CenterWeb Servers
App. Servers, Databases
DMZWeb Servers
App Servers, Databases
Imperva Confidential 11
Security Coverage
SecureSphere Secures the Data Center Security Coverage
SecureSphere Secures the Data Center
SecureSphere Protects Against
• Web Application Attack– Both Interface and Logic
• Web Services Attack– SOAP/XML interfaces
• Database Breach– Direct Database Attacks– Via Web Application– Via Web Services
• Worm/Platform Attack – Network Stack– Operating Systems– Infrastructure Server Software
SecureSphere Protects Against
• Web Application Attack– Both Interface and Logic
• Web Services Attack– SOAP/XML interfaces
• Database Breach– Direct Database Attacks– Via Web Application– Via Web Services
• Worm/Platform Attack – Network Stack– Operating Systems– Infrastructure Server Software
Web Application
& Web Service(Custom to Package)
Application Logic
(Custom to Package)
Application Databases
(Custom to Package)
Web Server
Application Server
Database Servers
Operating System
Operating System
Operating System
Network Stack
Network Stack
Network
Stack
Application Data CenterInfrastructure
Imperva Confidential 12
Web Application
& Web Service(Custom to Package)
Application Logic
(Custom to Package)
Application Databases
(Custom to Package)
Web Server
Application Server
Database Servers
Operating System
Operating System
Operating System
Network Stack
Network Stack
Network
Stack
Security Coverage
SecureSphere – IPSSecurity Coverage
SecureSphere – IPS
• Protects Critical Data Center Servers– Operating System Platform
• agnostic of vendor / version– Server Software– Network Access– Network Protocols
• Attacks Prevented– Server Worms– Unauthorized Access– Protocol Attacks
• Defenses– User and protocol access control– Protocol Validation and Usage– Full Snort®-compatible signature
protection– Imperva’s Advanced ADC defenses– Web Worm Profiling
• Protects Critical Data Center Servers– Operating System Platform
• agnostic of vendor / version– Server Software– Network Access– Network Protocols
• Attacks Prevented– Server Worms– Unauthorized Access– Protocol Attacks
• Defenses– User and protocol access control– Protocol Validation and Usage– Full Snort®-compatible signature
protection– Imperva’s Advanced ADC defenses– Web Worm Profiling
Application Data CenterInfrastructure
Imperva Confidential 13
Web Application
& Web Service(Custom to Package)
Application Logic
(Custom to Package)
Application Databases
(Custom to Package)
Web Server
Application Server
Database Servers
Operating System
Operating System
Operating System
Network Stack
Network Stack
Network
Stack
Security Coverage
SecureSphere - Web App Firewall Security Coverage
SecureSphere - Web App Firewall
• Dynamic Profiling Protects “Traditional” Web App Elements
– Application Logic• Form fields, cookies, URLs,
Parameters
– Agnostic Web / App Server Software• Apache, IIS, etc.
• Example Attacks Prevented– Cross-site scripting– SQL Injection– Command Injection– Illegal encoding– Buffer Overflows– Cookie Poisoning– Parameter Tampering– Form Field Tampering– Malicious Scanning / Robots– Phishing– Denial of Service
• Integrated IPS Protects the OS and the Network (point solutions don’t)
• Dynamic Profiling Protects “Traditional” Web App Elements
– Application Logic• Form fields, cookies, URLs,
Parameters
– Agnostic Web / App Server Software• Apache, IIS, etc.
• Example Attacks Prevented– Cross-site scripting– SQL Injection– Command Injection– Illegal encoding– Buffer Overflows– Cookie Poisoning– Parameter Tampering– Form Field Tampering– Malicious Scanning / Robots– Phishing– Denial of Service
• Integrated IPS Protects the OS and the Network (point solutions don’t)
Application Data CenterInfrastructure
Imperva Confidential 14
Security Coverage
SecureSphere - XML Firewall Security Coverage
SecureSphere - XML Firewall
• Dynamic Profiling Protects Web Services Elements
– Application / Web Servers• Agnostic to vendor brands
– Web Services Protocols and Standards • XML, SOAP, WSDL
• Attacks Prevented– “Element Tampering”– “Structure Tampering”– SQL Injection– Command Injection– Illegal encoding– Cross Site Scripting– Buffer Overflow
• Integrated IPS Protects the OS and the Network (point solutions don’t)
• Dynamic Profiling Protects Web Services Elements
– Application / Web Servers• Agnostic to vendor brands
– Web Services Protocols and Standards • XML, SOAP, WSDL
• Attacks Prevented– “Element Tampering”– “Structure Tampering”– SQL Injection– Command Injection– Illegal encoding– Cross Site Scripting– Buffer Overflow
• Integrated IPS Protects the OS and the Network (point solutions don’t)
Application Data CenterInfrastructure
Web Application
& Web Service(Custom to Package)
Application Logic
(Custom to Package)
Application Databases
(Custom to Package)
Web Server
Application Server
Database Servers
Operating System
Operating System
Operating System
Network Stack
Network Stack
Network
Stack
Imperva Confidential 15
Deployment
Performance and ScalabilityDeployment
Performance and Scalability
• High Performance– Up to 1 Gbps throughput
– Sub millisecond latency
– Up to 8,000 transaction/second
• Scalability– G4: Entry for small to medium
segments
– G8: Performance for larger segments
– MX: Centralized management for multi-gateway environments
• High Performance– Up to 1 Gbps throughput
– Sub millisecond latency
– Up to 8,000 transaction/second
• Scalability– G4: Entry for small to medium
segments
– G8: Performance for larger segments
– MX: Centralized management for multi-gateway environments
G4 Gateway ApplianceThroughput 500 Mbps
Requests Per Second 4000
Form Factor 1U
Max Sniffing Interfaces 3
Max Inline Segments 1
G8 Gateway ApplianceThroughput 1000 Mbps
Requests Per Second 8000
Form Factor 1U
Max Sniffing Interfaces 3
Max Inline Segments 1
Imperva Confidential 16
Operations
Centralized ManagementOperations
Centralized Management
• Centralized Management Services– Manages all devices from a single console
– Application level profiles and policy
– Integrated logging and forensics
– User specific alerts and monitoring
– Integrated compliance reporting
• Scalable for Large Deployments– Three-tier architecture
– Browser-based interface
– Role-based administration
– Easy appliance deployment
• Appliances auto-configured by mgt server
• Centralized Management Services– Manages all devices from a single console
– Application level profiles and policy
– Integrated logging and forensics
– User specific alerts and monitoring
– Integrated compliance reporting
• Scalable for Large Deployments– Three-tier architecture
– Browser-based interface
– Role-based administration
– Easy appliance deployment
• Appliances auto-configured by mgt server
MX Management MX Management ServerServer
SecureSphere Gateway SecureSphere Gateway AppliancesAppliances
BrowserBrowserInterfaceInterface
Imperva Confidential 17
Summary
Securing the Data CenterSummary
Securing the Data Center
• Businesses Vulnerable to New Data Center Threats– Identity theft, data theft, SQL injection, worms, and DoS– Risking brand, revenue, and regulatory compliance
• IPS and Network Firewalls are Not Enough– Do not protect proprietary information and custom business applications
• SecureSphere - Data Center Ready Protection– Security
• Protects proprietary information, custom applications, and critical servers• Blocks even the most sophisticated attacks
– Deployment• No change to existing applications and infrastructure• Flexible networking and high availability• Performance and scalability
– Operations• No manual tuning• Centralized management
Low TCO and High ROI
• Businesses Vulnerable to New Data Center Threats– Identity theft, data theft, SQL injection, worms, and DoS– Risking brand, revenue, and regulatory compliance
• IPS and Network Firewalls are Not Enough– Do not protect proprietary information and custom business applications
• SecureSphere - Data Center Ready Protection– Security
• Protects proprietary information, custom applications, and critical servers• Blocks even the most sophisticated attacks
– Deployment• No change to existing applications and infrastructure• Flexible networking and high availability• Performance and scalability
– Operations• No manual tuning• Centralized management
Low TCO and High ROI
Imperva Confidential 18
Thank YouThank You
Imperva Inc.
950 Tower Lane, Suite 1710Foster City, CA 94404 Sales: (866) 926-4678
www.imperva.com
Imperva Confidential 19
MX ManagementMX Management
DatabaseDatabase
Y2Y2
GatewayGateway
G2G2
Web App Web App X1X1
Web App Web App X2X2
GatewayGateway
G1G1
Database Database Y1Y1
OOBOOBOOBOOB
Test EnvTest EnvReal Life Real Life
EnvEnv