• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Deny All
 

Deny All

on

  • 741 views

Презентация с прошедшего 24 июля 2013 года семинара для партнёров "Безопасная среда".

Презентация с прошедшего 24 июля 2013 года семинара для партнёров "Безопасная среда".

Statistics

Views

Total Views
741
Views on SlideShare
666
Embed Views
75

Actions

Likes
0
Downloads
8
Comments
0

4 Embeds 75

http://ngsec.ru 58
http://dev.ngsec.ru 9
http://www.ngsec.ru 6
http://www.ngsec.kz 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Deny All Deny All Presentation Transcript

    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 1Deny All © 2012 1 Deny All Securing & Accelerating Your Applications Olivier Puchadez
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 2Deny All © 2012 2 Market Trends Cloud computing Mobility BYOD Social media Security? Collaboration Web Services Web Apps Mobile Apps
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 3Deny All © 2012 3 Simplified, Universal Access To Corporate Data Databases Web Apps & Services File Servers & Storage Collaboration Portals Web Services Desktops Laptops Tablets Smart phones Internal users Remote users Customers Partners Structured Corporate Data Unstructured Corporate Data Web Interface Hackers? Bots?
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 4Deny All © 2012 4 Risks to Corporate Data Root Causes Databases File Servers & Storage Collaboration Portals Web Interface Application-layer attacks Injections Cross Site Scripting Brute Force Denial of Service Cookie Theft etc Web Apps & Services Vulnerable infrastructure Coding errors Unpatched systems Out-of-date applications Misconfigured services Weak passwords etc
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 5Deny All © 2012 5 What Needs To Be Done Databases File Servers & Storage Collaboration Portals Web Interface Filter Incoming Web Traffic Web Apps & Services Manage IT Vulnerabilities Proactively 1 2
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 6Deny All © 2012 6 What Needs To Be Done Databases File Servers & Storage Collaboration Portals Web Interface Filter Incoming Web Traffic Web Apps & Services 1 2 Manage IT Vulnerabilities Proactively
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 7Deny All © 2012 7 IT Security Best Practice Databases File Servers & Storage Collaboration Portals Web Interface Filter Incoming Web Traffic Web Apps & Services Manage IT Vulnerabilities Proactively Detect Protect Manage • Identify vulnerabilities • Test the defenses • Set up security controls • Define policies • Fine-tune policies & controls settings • Report
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 8Deny All © 2012 8 • Securing & Accelerating Your Applications – +10 years experience, founded in 2001 (Société Générale spin-off) – Reverse proxy pioneer, European WAF market leader • Backed by 2 majors VCs – Truffle Venture and Omnes Capital (Crédit Agricole Private Equity) • Profitable, – 50% in R&D • Global reach – Headquartered in Paris, offices in Germany and Singapore – Partners in Europe, Middle East & Africa, Asia, Latin America • +250 customers, +30 000 applications protected, deployed globally – 40% of EurostoXX 50 and CAC40
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 9Deny All © 2012 9 Government Industry & Telecom Services Media, Retail & Transportation Financial Services Global Customer Base
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 10Deny All © 2012 10 Global Deployments DIRF – SOCIETE GENERALE – EGE - CNSS – etc. SOCIETE GENERALE ANSI, ZITOUNA BANK – MINISTERE INTERIEUR - etc. SOCIETE GENERALE, etc. SH&Co, etc. BNPP SLNG SOCIETE GENERALE, etc. SOCIETE GENERALE BNP PARIBAS INSURANCE - ACCOR – etc. BNPP Insurance, etc. BNPP Insurance, etc. BNPP, etc. IP LIMITED, SOCIETE GENERALE LUX – EBRC - CACEIS – etc. DANSKE BANK – KOPENHAGEN-FUR – etc. AKTIA BANK, etc. SENTOR – SVERIGE – etc TOYOTA BANK – etc. SITEL FRIBOURG - BNP PARIBAS CH - TOTAL SA – SOCIETE GENERALE PB – STIHL – IWB – etc. GROUPAMA – TDN – BT – IB SALUT – SATEC CANTABRIA – JUNTA DE EXTREMADURA – etc. BASF-IT – ARAGO – UNIONINVEST – BROSE – BSH – TECHEM – ATOS WORLDLINE – etc. BNP PARIBAS UK - ARVAL UK – etc.. LA POSTE INPS, etc Prison Dprt UMK. SME Corp
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 11Deny All © 2012 11 3 Pillars of Application Security Source Code Analysis Penetration Testing Application Security Controls Static Application Security Testing Dynamic Application Security Testing Web Application Firewall Web Services Firewall Development Pre-production Production
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 12Deny All © 2012 12 Attack Vectors Information Leak Credentials Theft Identity Theft Authorization Abuses Transaction Compromise Client Defacement Malware Planting Session Hijacking Denial of Service Bounce Password Guess Remote Control Web Server Data Theft Data Corruption Data Deletion Remote Control Persistent Injections Database Server Processes Corruption Data Interception Denial of Service App Servers / Web Services
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 13Deny All © 2012 13 DenyAll Application Security Platform Provisioning Monitoring Reporting Role Management Manage Reverse Proxy High Availability Application Acceleration Standard Web App Security User Security XML Security Advanced Web App SecurityProtect Asset Discovery NetworksSystems Databases File SharesWeb Apps WiFi Detect Vulnerability Detection Reporting
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 14Deny All © 2012 14 • Time tested, reverse proxy-based architecture for maximum security – protocol break, infrastructure masking, deep inspection, etc • Modular group of features, assembled in packaged products to meet specific needs – sProxy, rXML, rWeb – License key-enabled upgrade paths A Proven Platform Reverse Proxy High Availability Application Acceleration Standard Web App Security User Security XML Security Advanced Web App SecurityProtect
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 15Deny All © 2012 15 +10 Years of Innovation Reverse Proxy High Availability Application Acceleration Standard Web App Security User Security XML Security Advanced Web App SecurityProtect Distributivity Active-Passive Active-Active Caching Compression TCP Multiplexing SSL Offloading Server Load- Balancing Deep Inspection Transformation Black List Scoring List White List Stateful User Behavior Tracking Client Shield Model Validation XML Validation Transformation Black List Stateful SOAP Attachments ACL Client Certificates User Authentication SSO integration Cookie Tracking
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 16Deny All © 2012 16 Protection Products Plug & Play Web Application Firewall Best-in-class Web Services Firewall Next Generation Web Application Firewall NextGen WAF with Browser Security
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 17Deny All © 2012 17 • Plug & Play Web Application Firewall – Out-of-the-box security, no learning phase • Predefined security policies • Protection against zero day attacks with the scoring list • Upgradable to rXML and rWeb – Centralized Management with DAMC • For non-critical corporate applications, websites, Webmail & collaboration portals sProxy Reverse Proxy High Availability Application Acceleration Standard Web App Security User Security User Security
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 18Deny All © 2012 18 • Best-in-class Web Services Firewall – State-of-the-art XML/SOAP security – Built-in Web Application Firewall (sProxy) • Upgradable to rWeb – Centralized management with DAMC • For Web Services and in-house applications based on Service Oriented Architectures rXML Reverse Proxy High Availability Application Acceleration Standard Web App Security User Security User Security XML Security
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 19Deny All © 2012 19 • Next Generation Web Application Firewall – State-of-the-art, negative & positive security models • Whitelist, Stateful, User Behavior Tracking, Client Shield • Authentication, SSO integration, cookie tracking – Centralized management with DAMC • For transactional sites, critical Web-enabled corporate applications, Web Services & SOA rWeb Reverse Proxy High Availability Application Acceleration Standard Web App Security User Security XML Security Advanced Web App Security
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 20Deny All © 2012 20 • rWeb optional module • Protection against “Man-in-the-Browser” trojans and spyware – Enforces the load of a new browser window – Protects connecting browser from illegal operations • Hooks, remote threads injections, keystrokes sniffing • Transparent deployment – No change on protected application – No end-user configuration, no admin rights needed – No redirection, your data remains in your control Client Shield
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 21Deny All © 2012 21 A Product For Every Need sProxy rXML rWeb rWeb + Client Shield Application Acceleration √ √ √ √ High Availability & Scalability √ √ √ √ Manageability (via DAMC) √ √ √ √ Standard Web Application Security √ √ √ √ XML/SOAP security √ √* √* Advanced Web Application Security √ √ User Security √ √ Browser Security √ * = optional
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 22Deny All © 2012 22 • Software – Running on Linux kernel 2.6.19 or above – Tested on RedHat, Debian and Ubuntu • Virtual Appliances – Running on VMWare ESX 3.5 and 4.0 • Hardware Appliances – HP blade servers – Running on Deny All OS v10 Distributions
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 23Deny All © 2012 23 Differentiators 1. A product for every need – All based on a modern, scalable and proven platform 2. Scoring List – Protection against zero day attacks, fewer less positives 3. User Behavioral Tracking – Prevents Denial of Service and site crawling attacks 4. Multi DMZ diode mode – Maximum infrastructure security 5. XML Security – Full XML/SOAP security, beyond schema validation 6. Client Shield – Protects connecting clients against spyware and trojans 7. Form factor choice
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 24Deny All © 2012 24 Management Products Splunk-based advanced reporting Central management of applications & devices
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 25Deny All © 2012 25 • Central management of applications & devices – sProxy, rXML and rWeb – Secure point-and-click web interface • Distribution of tasks amongst team members – Device inventory & creation, clustering, server load balancing, etc – Application policy configuration (security, authentication, acceleration) – Performance monitoring, central reporting • Increased control, reduced Total Cost of Ownership Management Console Provisioning Monitoring Reporting Role Management
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 26Deny All © 2012 26 • Splunk-based advanced reporting • Easy manipulation of DASP logs and events – Security, errors, performance, etc – Predefined metrics – Detailed views per application and per device – Point and click drilldown capability – Custom search & reports • Free download on Splunk base Application Security Dashboard Reporting
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 27Deny All © 2012 27 Plug & play, internal vulnerability scanning Detection Products Virtual appliance-based, internal vulnerability scanning & monitoring SaaS-based, outfacing application and network vulnerability detection
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 28Deny All © 2012 28 Comprehensive Testing
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 29Deny All © 2012 29 • Plug & play, internal vulnerability scanning – Delivered on bootable USB key – Save scan reports on key – Unlimited number of scans – Includes ability to test WiFi access points • For internal and external auditors – Ideal for remote site testing Auditor NetworksSystems Databases File SharesWeb Apps WiFi Asset Discovery Vulnerability Detection Reporting
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 30Deny All © 2012 30 • Virtual appliance-based, internal vulnerability scanning & monitoring – Compatible with VMware, Virtualbox, Xen & Hyper-V – Plan automatic scans of IT infrastructure – Ticketing for remediation management over time – Identify vulnerabilities of internal applications • For IT and security teams Vulnerability Manager NetworksSystems Databases File SharesWeb Apps Asset Discovery Vulnerability Detection Reporting
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 31Deny All © 2012 31 • SaaS-based, outfacing application and network vulnerability detection – No deployment, tests performed from the cloud – Plan automatic scans of applications – Full scan option also tests system & network – Vulnerability data not stored in the cloud • For auditors, IT and security teams Edge Tester NetworksSystems Databases File SharesWeb Apps Asset Discovery Vulnerability Detection Reporting
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 32Deny All © 2012 32 A Product For Every Need Auditor Vulnerability Manager Edge Tester Executive dashboard, detailed reports √ √ √ Application-layer vulnerabilities √ √ √ Network & system vulnerabilities √ √ √ Password & file share vulnerabilities √ √ Automation √ √ Remediation tickets √ Multiple sites support √ √ Wifi vulnerabilities √
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 33Deny All © 2012 33 Virtual Patching 2. Identify vulnerability 3. Adjust WAF policy4. Adjust code, apply patch 1. Test Web application
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 34Deny All © 2012 34 Differentiators 1. A product for every need 2. Easier to use 3. More concise, actionable reports 4. Vulnerability stored inside your network, even in SaaS mode 5. Virtual patching (tight integration with rWeb) 6. Based on reputable Open Source scanners 7. Less expensive 8. European vendor (non American)
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 35Deny All © 2012 35 • Attackers target your Web-enabled applications – New languages, evasion and obfuscation techniques require application security expertise and focused innovation • Next Generation Firewalls and IPS can only stop attacks that are visible from the network layer – WAFs understand the internals of the web traffic – They complement network firewalls and other security controls • A solid application security policy relies on 3 pillars – Source code audits – Penetration testing – Deploying Web Application / Web Services Firewalls • At Deny All, we know application security – You can count on us to keep innovating Key Takeaways
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 36Deny All © 2012 36 Call to Action • Read our latest white paper – “10 years of application security, retrospective and future prospects” • Join our upcoming webinars – www.denyall.com • Let’s talk about your applications security challenges – Email or call us to schedule a webex – info@denyall.com – +33 1 46 20 96 00
    • Securing & Accelerating Your Applications 7/31/2013 Deny All © 2012 37Deny All © 2012 37 Thank you! opuchadez@denyall.com +331 46 20 96 11