Sam Lin
Country Manager/Radware Taiwan
Radware 雲端 based Security 及
ADC (GLSB) for Hybrid Cloud
Security issues inside the cloud
Security cloud for public & private cloud
DDoS/SSL protection needed
Radware’s WAF Offerings
Best-of-breed WAF (Physical or Virtual Appliance)
Cloud WAF Service
13
No risk. No latency. Out-of-path deployment with line-speed mitigation at the perimeter
Integrated with ADC. Complete application delivery protection
Easy. Fully-managed on-premise WAF Fully Managed. Fully managed, cloud based protection
Unmatched protection. Full OWASP Top-10. Zero-day web-attack protection.
Continuously Adaptive. Auto policy generation. Advanced bot detection.
User need only to change cname in DNS for cloud WAF service
www.reservations.com
/register/
/info/
/reserve/
App Mapping
/admin/
/config/
/hotels/
20
www.reservations.com
/register/
/info/
/reserve/
App Mapping
/admin/
/config/
/hotels/
Threat Analysis
SQL Injection
CCN breach
Directory Traversal
Buffer Overflow
Spoof identity, steal user
information, data tampering
Information leakage
Gain root access control
Unexpected application behavior, system crash, full system compromise
21
www.reservations.com
/register/
/info/
/reserve/
App Mapping
/admin/
/config/
/hotels/
Threat Analysis
SQL Injection
CCN breach
Directory Traversal
Buffer Overflow
Policy Generation
Prevent access to sensitive app sections
Mask CCN, SSN, etc. in responses.
Parameters inspection a
Traffic normalization & HTTP RFC validation
22
www.reservations.com
/register/
/info/
/reserve/
App Mapping
/admin/
/config/
/hotels/
Threat Analysis
SQL Injection
CCN breach
Directory Traversal
Buffer Overflow
Policy Generation Policy Activation
Time to protect
Add tailored application rules
Optimize rules for best accuracy
Best Security coverage
Virtually zero false positive
23
IP-Agnostic Device Fingerprinting & Tracking
Operating System
Beyond source IP for identification & blocking
Detailed device fingerprint from over 2 dozen parameters
Precise activity tracking over time
Development of Device Reputation
Provides advanced protection from
- Website Scraping
- Brute Force Attacks
- HTTP Dynamic Floods
System Fonts
Browser Plug-ins
Screen Resolution
Local IPs
Improved Bot Detection and Blocking
24
Robust Global Cloud Security Network
Segregate clean and attack traffic with dedicated scrubbing centers
Over 2Tbps of global mitigation capacity
25
Radware Scrubbing Centers
Radware Security Cloud
Global Application Deployment
Slide 27
Private Data Center PUBLIC CLOUD
GSLB
50% 50% 100 Users The Rest All traffic Proximity based distribution
Controlled application availability and QoE 24/7!
What is an ADC
• Server load balancing for:
– High availability
– Scalability
– Performance optimization
WAN Datacenter
Alteon
Virtual ADC (vADC)
While in standard ADC resources are shared between apps,
Radware’s ADC fully isolates application resources to guarantee service-level
Physical (Memory, CPU, Storage)
Network (Network Tables, ARP tables)
Fault
Management
Optimize Normal
Operation
RTT-Based Optimal Link Selection
Optimal link selection based on full-path RTT measurement
Optimize Normal
Operation
Link A: 55ms
Link B: 94ms
Link A: 55ms
FastView Web Accelerator Optimize
Normal Operation
Automatically generates optimized browser/device-specific website versions
Website FastView
Real User Monitoring
Minimize Degradation
End-to-end transaction monitoring, as experienced by the end user: Real user time = Data Center Time + Network Time + Rendering Time
Network Time
Rendering time
Data Center Time
Integrated Web-Application Firewall (WAF)
Prevent Outage
Integrated WAF for protection against OWASP top 10 supporting separate policies per app
Streamlined Orchestration Optimize
Normal Operation
Seamless integration with Cloud Orchestration systems Via vDirect
Data Center/Cloud Ecosystems
Radware ADC Fabric
Alteon NG Platform Line-Up
Alteon VA
Alteon NG 6420 Alteon NG 5208 Alteon NG 8420
Alteon NFV Alteon Cloud VA
For any Size Enterprise Data Centers
Virtual
Appliances
Throughput: from 1 Mbps to 200 Gbps
Throughput: from 1 Mbps to 160 Gbps, vADCs: from 1 to 100
Alteon NG 6024
Radware DDoS/IPS/SSL Inspection (獨家完整,台灣最大) Security Solution
Perimeter LAN
Security Appliances (i.e. DLP,APT)
Client facing SSL handshake (server emulation)
Server facing SSL handshake (client emulation)
Prevent SSL re-negotiation Attack Prevent IPS ,high/low speed DDoS
Attack
Prevent high volume DDoS/SSl Attack and WAF service
Prevent SSL Malware intrusion and server/Link load balancing/ URL filter/WAF
Radware cloud
ISP( IPS/DDoS/WAF) cloud
綠線上四部机可連合防禦功能,單獨運做
Thank You