D3NY17- Customizing Incapsula to Accommodate Single Sign-On

•Download as PPTX, PDF•

1 like•331 views

In this session, learn how the Greek Orthodox Archdiocese of America was able to customize their Incapsula service to accommodate a single sign-on solution.

Technology

Liferay, Okta & Incapsula
A Non-Profit Perspective

© 2016 Imperva, Inc. All rights reserved.
Non-Profits and Cybersecurity
• IT Consumerization and the blending of Personal and Business use of
technology Devices and Applications demand more from any organization
today.
• Non-Profit IT challenges
– Cybersecurity threats
– Limited Budget
– Less time, Less resources, need to embrace more technologies
• Management Responsibility with keeping up with trending technologies.
• IT director and manager’s role playing a Strategist, Catalyst, Technologist
and Operator.
• Cloud Services - A boon to IT Value Optimization and Cost Efficiency.
© 2017 Imperva, Inc. All rights reserved.2

© 2016 Imperva, Inc. All rights reserved.
CMS & SSO
• Liferay Enterprise CMS is a Java based multi-site environment that
GOARCH uses to serve all of its websites and interactive portals
• We use Okta to integrate Single Sign-On (SSO) to enable our users to
login to the Liferay CMS software.
• With Liferay being a dynamic web application server, our team had to
ensure that our CDN supported Dynamic Site Caching
• POC and trial with several CDN including Akamai, Incapsula, Cloudflare,
Verizon and Limelight
• Top Issues: Dynamic Caching, SSO Session Caching Prevention,
Cost efficiency.
© 2017 Imperva, Inc. All rights reserved.3

© 2016 Imperva, Inc. All rights reserved.
Incapsula CDN
• Incapsula CDN was shortlisted soon after our team had confirmed all the
required functionality, the top priority in our selection criteria was the following
Dynamic Caching
Cybersecurity
Reporting
© 2017 Imperva, Inc. All rights reserved.6

© 2016 Imperva, Inc. All rights reserved.
• Dynamic Site Caching.
• URL/Regex based cache exclusion list.
• Efficient robots.txt to permit only known crawling bots to
index the site.
• Rate Limiting based on preset threshold limit and Advanced
DDoS Protection.
• Known URL pattern based XSS attack prevention.
• IP and Geo-Location based exclusion list.
© 2017 Imperva, Inc. All rights reserved.7

© 2016 Imperva, Inc. All rights reserved. © 2017 Imperva, Inc. All rights reserved.8

© 2016 Imperva, Inc. All rights reserved.
• WAF Rules and advanced firewall with Automatic Blocking
preventing Backdoors, Remote File Inclusion, SQL Injection,
XSS, Illegal Resource Access and DDoS.
• Cookie caching prevention rules to exclude Okta SSO Cookies
from being cached.
• Live Site Monitoring and Automatic Failover.
• Automatic on-the-fly Dynamic Content Minification and
Image Compression.
• Real-time Logging/Network Dashboard/Notification Alerts.
© 2017 Imperva, Inc. All rights reserved.9

© 2016 Imperva, Inc. All rights reserved.
WAF Whitelist & XSS Rules
URL
Exception
HTTP
Parameter
IP Based
Exception
© 2017 Imperva, Inc. All rights reserved.10

D3NY17- Customizing Incapsula to Accommodate Single Sign-On

IncapRules are an integral method to customize Incapsula for your specific applications and environment. However, we find that our enterprise clients may have questions on building advanced rules or need help understanding how to write them for complex scenarios. In this session, Jeff Serota, Technical Account Manager, discusses the interface, some of the most common filters and actions, and how a large client collaborated with our security team to thwart credential stuffing on their client self-service portal.

Is Wi-Fi Enterprise so perfect?

Aleksandr Demchenko

Data Breaches: Protecting Your Database from the Evening News

SolarWinds

GWAVACon 2015: GWAVA - Backup, manage & monitor your GroupWise server

GWAVA

As you're expanding your business into regulated markets, addressing compliance requirements can feel overwhelming. AWS has developed a robust compliance portfolio designed to help you and your customers meet compliance goals. During this session we will discuss ways to implement, market, and communicate compliance to your customers and grow your business in regulated industries. We’ll also cover common objections from customers and how you can find information to counter these concerns—and you’ll have time to discuss and share your own customer’s objections. Speakers: Kristin Haught - Technical PM III, AWS Bill Reid - Sr Mgr, Solutions Architecture, AWS

GWAVACon 2015: GWAVA - Three dimensional security for Novell GroupWise

GWAVA

The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...

AirTight Networks

The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carriers - by AirTight CEO David King @WBAlliance #WGCSFO October 10th 2014 Outline (1) The Sweet Spot of Adoption = Technology Drivers + Customer Expectations + Service Provider Needs We’ll focus on what is disrupting the Wi-Fi space today and how carriers can take advantage of the inflection points happening in the industry, such as cloud, HotSpot 2.0, 802.11ac and IoT. We will cover how Wi-Fi can address key concerns of carriers as they face the threat of shrinking margins, high customer acquisition costs and a lack of customer loyalty. We will address how to use Wi-Fi to: - Reduce the cost of onboarding and supporting new customers - Provide higher value, context-driven engagement - Deliver relevant offerings driven by context-based analytics – based on location, social profiles, loyalty (2) There’s a New Stack in Town What will the new mobile stack look like and what can carriers learn from the Wi-Fi industry? - Software driven approach is re-allocating money from HW manufacturers - Revenues are moving towards those who can build applications and ecosystems around the new value of Wi-Fi – those who can help customers monetize the connectivity. - What are the components of the new stack? - Wi-Fi is a proof point of what the new mobile stack will look like o Monetization o Brand Engagement o Actionable Analytics o Behavioral Security and Onboarding o High Performance Access (3) Service provider enablement through secure cloud-managed Wi-Fi Why has cloud-managed Wi-Fi has garnered so much interest from the carrier side? It starts with faster time to market – being able to - test and deploy new business programs quickly - conduct rapid trials across geographies and customer bases - accelerate response time to security threats. The low hanging fruit for carriers are distributed business customers; they are an underserved segment – simply because there are no efficiencies of scale. Cloud Wi-Fi gives you the ability to serve this customer base profitably. It delivers shorter onboarding times and easier connection management and troubleshooting for these types of customers. (4) New paradigm in cloud management What does it mean to have a scalable and cost-efficient cloud, and why should carriers care? The economics of carrier business put emphasis on manageability and scale. Operational efficiencies are now just as important as AP performance. Cost efficiencies will drive cost of adding new customers down. What should carriers look for in cloud Wi-Fi? We’ll discuss the critical components of a carrier-grade cloud backend: - Scalability - Manageability - Security - Cost efficient architecture - Super tenancy to manage multiple customers [What are our proof points? Largest cloud footprint with 17,000 locations.

Simplify security with Trend Micro Managed Rules for AWS WAF

Amazon Web Services

Gwava gwava6

GWAVA

Kubernetes meetup k8s_aug_2019

dhubbard858

Cisco Connect 2018 Malaysia - Next-generation hyperconverged infrastructure-s...

NetworkCollaborators

Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...

Evident.io

GPSTEC311_Enhancing customer security using AIML on AWS

Amazon Web Services

Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.

Automating your AWS Security Operations

Evident.io

You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next? Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages. It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations. In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies. This slide deck covers: - How security will be integrated into the overall processes of development and deployment. - How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed. - How to be successful with API-enabled, continuous security tools in the cloud. - How to operationalize security alarms, enabling world-class incident response and remediation capabilities.

Unlock the Intelligent Data Center with VMware & Zenoss

Zenoss

Data centers are dynamic creatures of rapid change. Virtualization, micro-services, containers, software-defined solutions—there are so many IT components being adopted and enhanced every single day. And, frankly, the complexity of these technologies make it extremely difficult to digest and analyze issues, and, ultimately, avoid service disruptions. Identifying issues through layers of abstraction delays resolution and costs your team, your clients, and your business time, money and credibility. So how do you avoid service disruptions, and, when issues do arise, expedite root cause analysis without missing something important? Join us for our webinar Unlock the Intelligent Data Center with VMware & Zenoss, where we’ll show you an abundance of options for agentless network support, faster MTTR, and how to make your data center intelligent.

Prevent Hacking: 10 Steps to Secure your WordPress Site

Dr. Rachna Jain

Why should you care to prevent hacking of your WordPress site? Because your website is the home of your online business- and when it gets hacked, it can be upsetting, frustrating, and feel violating, not to mention expensive in terms of lost business. Even if your site receives very few visitors, or you have set your site up for some private purpose- if it appears online, you need to take certain steps to prevent hacking. Unfortunately, hacking is becoming increasingly common, as more and more websites are brought online and owned by businesses who do not understand how to keep them updated and secure. There are 10 steps you can take, ahead of time, to prevent your website from being hacked.

Velocity 2015-tim-prendergast-continuous-security-the-devops-way

Evident.io

A Culture Of Innovation powered by AWS

Amazon Web Services

GPSTEC318-IoT Security from Manufacturing to Maintenance

Amazon Web Services

The threat model for IoT devices is very different from the threat model for cloud applications. Customers must understand what these threats are, prioritize them effectively, and navigate the growing ecosystem of partners that give customers tools to build secure IoT solutions. We showcase how to leverage partner solutions to mitigate threats, explain how to avoid common pitfalls, and make it clear that all IoT solutions must incorporate end-to-end security from the start. We begin with the steps to take in the manufacturing process, how to provision and authenticate devices in the field, and we cover solutions that can help customers comply with IT requirements in the maintenance phase of the product lifecycle.

Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation

Imperva

Introduction to the Security Perspective of the Cloud Adoption Framework

Amazon Web Services

The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS Cloud. The Security Perspective of the CAF provides a set of five core foundational themes designed to help you structure your selection and implementation of controls that are right for your business: AWS Identity and Access Management, detective controls, infrastructure security, data protection, and incident response. During this session, you will learn how to put the Security Perspective of the CAF into practice. Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS

Lacework Kubernetes Meetup | August 28, 2018

Lacework

SAP Concur’s Cloud Journey

SBWebinars

The journey of cloud migration isn’t a straight and narrow path, and enterprise DevSecOps teams generally use a variety of tools to reach their goal. In this webinar, we will deep dive into SAP Concur’s journey, and how they are leveraging Contrast Security’s embedded application security model and AWS in tandem to “shift left”, create a seamless developer experience, and deliver secure application workloads on the cloud. Join key executives from SAP Concur, AWS and Contrast Security as they discuss how to avoid the pitfalls and pioneer a secure cloud path to success. In this webinar, you will learn: The start: Why SAP Concur moved to AWS The next step: Cloud enables increased velocity The chutes and ladders: Security challenges with increased software velocity The resolution: Design Architectures and Deployment Models between Contrast Security and AWS The lessons learned: Continuous Improvement & Best Practices.

Cisco Connect 2018 Singapore - Cisco SD-WAN

NetworkCollaborators

Agoda open stack in a large scale deployment

Sharkrit JOBBO

SOUG Day - autonomous what is next

Thomas Teske

What's hot

Why Your Customers Care About Compliance and You Should Too

Amazon Web Services

GWAVACon 2015: GWAVA - Three dimensional security for Novell GroupWise

GWAVA

The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...

AirTight Networks

Simplify security with Trend Micro Managed Rules for AWS WAF

Amazon Web Services

Gwava gwava6

GWAVA

Kubernetes meetup k8s_aug_2019

dhubbard858

Cisco Connect 2018 Malaysia - Next-generation hyperconverged infrastructure-s...

NetworkCollaborators

Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...

Evident.io

GPSTEC311_Enhancing customer security using AIML on AWS

Amazon Web Services

Automating your AWS Security Operations

Evident.io

Unlock the Intelligent Data Center with VMware & Zenoss

Zenoss

Prevent Hacking: 10 Steps to Secure your WordPress Site

Dr. Rachna Jain

Velocity 2015-tim-prendergast-continuous-security-the-devops-way

Evident.io

A Culture Of Innovation powered by AWS

Amazon Web Services

GPSTEC318-IoT Security from Manufacturing to Maintenance

Amazon Web Services

Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation

Imperva

Introduction to the Security Perspective of the Cloud Adoption Framework

Amazon Web Services

Lacework Kubernetes Meetup | August 28, 2018

Lacework

SAP Concur’s Cloud Journey

SBWebinars

Cisco Connect 2018 Singapore - Cisco SD-WAN

NetworkCollaborators

What's hot (20)

Why Your Customers Care About Compliance and You Should Too

GWAVACon 2015: GWAVA - Three dimensional security for Novell GroupWise

The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...

Simplify security with Trend Micro Managed Rules for AWS WAF

Gwava gwava6

Kubernetes meetup k8s_aug_2019

Cisco Connect 2018 Malaysia - Next-generation hyperconverged infrastructure-s...

Security Threats, the Cloud and Your Responsibilities - Evident.io @AWS Pop-u...

GPSTEC311_Enhancing customer security using AIML on AWS

Automating your AWS Security Operations

Unlock the Intelligent Data Center with VMware & Zenoss

Prevent Hacking: 10 Steps to Secure your WordPress Site

Velocity 2015-tim-prendergast-continuous-security-the-devops-way

A Culture Of Innovation powered by AWS

GPSTEC318-IoT Security from Manufacturing to Maintenance

Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation

Introduction to the Security Perspective of the Cloud Adoption Framework

Lacework Kubernetes Meetup | August 28, 2018

SAP Concur’s Cloud Journey

Cisco Connect 2018 Singapore - Cisco SD-WAN

Similar to D3NY17- Customizing Incapsula to Accommodate Single Sign-On

Agoda open stack in a large scale deployment

Sharkrit JOBBO

SOUG Day - autonomous what is next

Thomas Teske

Oracle IaaS including OCM and Ravello

Andrey Akulov

Secure Real-Time Customer Communications with AWS

Amazon Web Services

: FICO® Customer Communication Services (CCS) is an analytically powered cloud-based communication service that helps Financial Services organizations optimize the customer experience by providing important account alerts such as fraud detection, payment validations, loan application status, and renewal reminders. As described by VP Simon Woollett, while utilizing the AWS cloud brought numerous benefits to FICO® CSS, the platform’s security features have provided the assurance that all data (including credit card information) is protected, a sentiment that FICO® can confidently pass on to their customers.

01 oracle application integration overview

nksolanki

Grid Computing for Financial Services

Amazon Web Services

: Grid Computing in the cloud is driven by numerous motivations – scalability, agility, security, price, enterprise data governance, just to name a few. The results are the ability to innovate faster and experiment with less risks and costs. AWS Financial Services Technology Leader Yinal Ozkan and Intel Sales Development Manager Steve Conn go through specific benefits grid computing in the cloud can bring to all organizations (particularly in Financial Services), share customer use cases, and discuss different computing consumption models.

Microservices: Why Should Businesses Care?Akana

SpringPeople Introduction to Cloud Computing

SpringPeople

Oracle: Building Cloud Native Applications

Kelly Goetsch

Introduction to Serverless on AWS - Builders Day Jerusalem

Amazon Web Services

Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, we will learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers.

18BC03_Discovery_Enables_Accurate_CMDB_Hinkle_DiscoverFinancialTim Hinkle

Intel Cloud Foundry and OpenStack

Silicon Valley Cloud Foundry Meetup

Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018

Amazon Web Services

Modernization involves implementing business processes and technology that provide your business applications with high availability, agility, and elasticity. Nowhere is this more important than in breaking apart the monolith. Modernizing an application as part of a migration can be extremely successful if you follow the AWS migration methodology of “discover, plan, migrate, and optimize” as you move that application to the cloud. In this session, we share what we learned from over 400 successful migrations. We also show you how to virtually break a monolith to a modernized architecture as part of the planning phase and accelerate your migration using container technologies and application discovery tools.

Brocade vADC Portfolio Overview 2016

Scott Sims

Building the Glue for Service Discovery & Load Balancing Microservices

Sargun Dhillon

One of the challenges that comes from deploying multi-tiered distributed systems, or microservices, atop a dynamic scheduler is the introduction of new problems surrounding load balancing. There are some inherent challenges in building a load balancer that's meant to operate in a highly available way, without any single points of failure. In this talk, Sargun Dhillon will walk through the distributed load balancing mechanism that he built for Mesos. This service discovery mechanism is meant to have the same kinds of features, api, and availability that existed in legacy, statically partitioned environments. The purpose of this is to ease the transition, and remove some of the largest road blocks in moving applications over to modern datacenters. In addition, he will speak to why he built it as opposed to other alternatives for service discovery and load balancing such as using Zookeeper, and the challenges that came from it. We built a library called Lashup that has a membership protocol, a multicast layer, failure detector, and CRDT key/value store. This has allowed us to build applications that orchestrate Mesos clusters with great ease.

OOW-5185-Hybrid CloudBen Duan

C3 bringing the_power_of_the_public_cloud_to_your_secure_data_center

Dr. Wilfred Lin (Ph.D.)

Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...

Amazon Web Services

With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime.

API Design Essentials - Akana Platform Overview

Akana

API Management has changed a lot in the past four years. It has gone from a toy prototype to a required foundational component in every enterprise architecture. Being foundational, an API management solution must address the needs of each role that takes part in an API’s success. The Akana Platform provides an end-to-end API Management solution. It enables each role with the tools needed for designing, implementing, securing, managing, monitoring, and publishing APIs in the cloud, hybrid, or on premises. This webinar we will provide a detailed look into Akana’s Platform API design capabilities with a live demo. In this webinar, you will learn: • What roles play a key part in an enterprise API management solution? • Where does API Management fit within your enterprise architecture? • What capabilities does the Akana Platform provide? • Demo of how to design APIs in the Akana Platform

Making Cloud Deployment A Reality For End-To-End Policy Administration

Accenture Insurance

Similar to D3NY17- Customizing Incapsula to Accommodate Single Sign-On (20)

Agoda open stack in a large scale deployment

SOUG Day - autonomous what is next

Oracle IaaS including OCM and Ravello

Secure Real-Time Customer Communications with AWS

01 oracle application integration overview

Grid Computing for Financial Services

Microservices: Why Should Businesses Care?

SpringPeople Introduction to Cloud Computing

Oracle: Building Cloud Native Applications

Introduction to Serverless on AWS - Builders Day Jerusalem

18BC03_Discovery_Enables_Accurate_CMDB_Hinkle_DiscoverFinancial

Intel Cloud Foundry and OpenStack

Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018

Brocade vADC Portfolio Overview 2016

Building the Glue for Service Discovery & Load Balancing Microservices

OOW-5185-Hybrid Cloud

C3 bringing the_power_of_the_public_cloud_to_your_secure_data_center

Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...

API Design Essentials - Akana Platform Overview

Making Cloud Deployment A Reality For End-To-End Policy Administration

More from Imperva Incapsula

D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...

D3NY17- Customizing Incapsula to Accommodate Single Sign-On

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to D3NY17- Customizing Incapsula to Accommodate Single Sign-On

Similar to D3NY17- Customizing Incapsula to Accommodate Single Sign-On (20)

More from Imperva Incapsula

More from Imperva Incapsula (20)

Recently uploaded

Recently uploaded (20)

D3NY17- Customizing Incapsula to Accommodate Single Sign-On