This document introduces new security modules in A10 Networks' ACOS 2.7.1 release, including an integrated web application firewall (WAF), application access management (AAM), and enhanced distributed denial of service (DDoS) protection. The WAF protects web applications from code vulnerabilities, the AAM provides centralized authentication, and the DDoS protection mitigates network and application attacks. These modules leverage ACOS's intelligent software platform and provide security services without additional licensing on A10 Thunder and AX Series models. The release also features usability enhancements, 165+ new features, and flexible deployment options.

1. 1
Customer Driven Innovation
1
Do not distribute/edit/copy without the
written consent of A10 Networks
ACOS 2.7.1 Release with Integrated WAF,
AAM and DDoS Protection Modules
May 2013

2. 2
Introducing New Security Modules
 No licensing
 Security services for the
A10 Thunder™ and AX
Series models
 Web Application Firewall
(WAF) for Cloud Security
 Application Access
Management (AAM) for
Authentication
 Enhanced Distributed
Denial of Service (DDoS) for
Multi-layer Edge Protection

3. 3
ACOS: L2 to L7 Intelligent Software Platform
7+ years of
development
Separate control,
data and
management
plane
64-bit symmetric
multi-core
shared memory
Virtual and
Physical
Versatile,
adaptable,
efficient
Energy efficient
and highest
performance

4. 4
ACOS 2.7.1 Flexible Deployment and Platform Choice
 Virtual or hardware
appliance and virtual
chassis
 Available via Cloud
Service Providers
 Common OS and
interface
aCloud
aVCS

5. 5
Web Application Firewall Overview
 Value
 Protect web applications
 Ensure against code
vulnerabilities and gain PCI
compliancy
 Prevent damage to intellectual
property, data and applications
 Advantage
 Fully integrated/designed for
ACOS
 No license; single device
solution
 Scalable and high performance

6. 6
WAF Sample Features - Applicable OWASP Top 10
 Injection
 SQL injection attack (SQLIA)
 Allowed HTTP methods checks for
allowed keywords GET, POST etc.
 Form Consistency Check
 Cross-Site Scripting (XSS) check
 HTML XSS check
 Insecure Direct Object
References
 Whitelisting URI
 URI Black List/White List check
 Sensitive Data Exposure
 Credit Card Number scrubbing
 Social Security Number scrubbing
 Missing Function Level Access
Control
 aFleX
 Cross-Site Request Forgery
(CSRF) check
 Referer Check
 CSRF Check
 Using Components with Known
Vulnerabilities
 URI Blacklist
 Unvalidated redirects and
forwards
 Whitelisting URI

7. 7
Application Access Management (AAM)
 Value
 Centralized authentication point
for resource access
 Enhanced protection and
server efficiency
 Authentication offload
 Advantage
 Supports popular
authentication services/stores
 No adjustment to web servers
or infrastructure
 Seamless integration
 No license required

8. 8
DDoS: Multi-Layer Edge Protection
 Value
 Large-scale DDoS protection
 Advanced protection features
 Predictable operations
 Advantage
 Feature rich DDoS defense
mitigates network and
application attacks
 Hardware DDoS for SYN-flood
attacks (over 200 million SYN
Cookies/sec in 1 RU)

9. 9
ACOS 2.7.1 Additional Highlights
 Large Scale Multi Tenancy with 1024 L3V Partitions
 Support for additional Hypervisors and SR-IOV
 Open source Xen hypervisor support added
 Support for ADP/L3V in SoftAX
 Database Load Balancing
 aFleX for RADIUS
 Traffic Steering with ICAP
 Large Scale RAM Caching
 Usability and Monitoring Enhancements
 165+ New Features!

10. 10
Summary
 ACOS scalability is the unique foundation
 Advanced modules including WAF, AAM and DDoS
 Most flexible deployment
 No Licensing for premium integrated modules and features
 Drive down costs and reduce complexity
 Deliver competitive business advantages for your Cloud