SlideShare a Scribd company logo

D3NY17- Using IncapRules to Customize Security

Download as PPTX, PDF
Imperva Incapsula
Imperva Incapsula

IncapRules are an integral method to customize Incapsula for your specific applications and environment. However, we find that our enterprise clients may have questions on building advanced rules or need help understanding how to write them for complex scenarios. In this session, Jeff Serota, Technical Account Manager, discusses the interface, some of the most common filters and actions, and how a large client collaborated with our security team to thwart credential stuffing on their client self-service portal.

Technology
1 of 22
Using IncapRules to Customize Your Security and Access Control Jeff Serota Technical Account Manager, Imperva
© 2016 Imperva, Inc. All rights reserved. Audience Poll How many organizations use IncapRules in production today? © 2017 Imperva, Inc. All rights reserved.2
© 2016 Imperva, Inc. All rights reserved. Audience Poll How many IncapRules do you have defined? a) 0 – 5 b) 5 – 10 c) 10 – 50 d) 50+ © 2017 Imperva, Inc. All rights reserved.3
© 2016 Imperva, Inc. All rights reserved. © 2017 Imperva, Inc. All rights reserved.4
© 2016 Imperva, Inc. All rights reserved. IncapRules to the Rescue! © 2017 Imperva, Inc. All rights reserved.5
© 2016 Imperva, Inc. All rights reserved. What are IncapRules? • IncapRules are a proprietary language for building custom security rules • Rules are built using Filters, Operators, and Values and combined using Boolean logic • If a rule evaluates to True, an Action is taken Filter Operator Value Filter Operator Value Predicate and Predicate URL contains ″˄/admin″ & ClientIP != 168.132.54.5 © 2017 Imperva, Inc. All rights reserved.6
© 2016 Imperva, Inc. All rights reserved. © 2017 Imperva, Inc. All rights reserved.7
© 2016 Imperva, Inc. All rights reserved. Actions Anatomy of IncapRules © 2017 Imperva, Inc. All rights reserved.8
© 2016 Imperva, Inc. All rights reserved. Actions Challenge Require the client to pass a Cookie, JavaScript, or CAPTCHA challenge in order to complete the request Alert Generate a non-blocking alert for the event Block Block the current request and generate an alert © 2017 Imperva, Inc. All rights reserved.9
© 2016 Imperva, Inc. All rights reserved. Actions Action Description Notes Alert Generates a non-blocking alert for this event. Great for testing new rules Block Request Blocks the current request and generates an alert. Preferred block action Block Session Blocks the current session and generates an alert. Any subsequent request from the same session is blocked. Session is based upon the Incap_session cookie – NOT the application’s session (JSESSIONID, etc.) Block IP Blocks the current IP and generates an alert. Any subsequent request from the same IP is blocked for a period of 10 minutes. Use with caution, clients originating from a VPN, Proxy, or NAT may be inadvertently blocked Require Cookie Support Requires any client that matches the rule filters to support cookies in order to complete the request. May be of limited value when working with API’s. Require JavaScript Support Requires any client that matches the rule filters to support JavaScript in order to complete the request. Since the JavaScript test is embedded in an HTML page, this action should only be enabled for HTML resources. Require CAPTCHA Support Requires any client matching the rule filters to pass a CAPTCHA test in order to complete the request. Since the CAPTCHA test is embedded in an HTML page, this action should only be enabled for HTML resources. © 2017 Imperva, Inc. All rights reserved.10
© 2016 Imperva, Inc. All rights reserved. Filters Anatomy of IncapRules © 2017 Imperva, Inc. All rights reserved.11
© 2016 Imperva, Inc. All rights reserved. Filters Client Request Counters Information about the connecting client Information about the current HTTP Request A running count of the number of actions performed • ASN • Client IP • Client ID • Client Type • Country Code • User Agent • ... • Any Header Value • Any Param Value • Full URL • Method • Post Data • Query String • ... • Attack • Attacks Count • GET Page IP Rate • Num of User Agent • Num on Session • Post Rate • ... © 2017 Imperva, Inc. All rights reserved.12
© 2016 Imperva, Inc. All rights reserved. Notable Client Filters Client Type Client ID © 2017 Imperva, Inc. All rights reserved.13
© 2016 Imperva, Inc. All rights reserved. Notable Request Filters Any Header/Param Value Header/Param Value © 2017 Imperva, Inc. All rights reserved.14
© 2016 Imperva, Inc. All rights reserved. Notable Counter Filters – Attacks Count 1. <IMG SRC="javascript:alert('XSS');"> 2. <IMG SRC=javascript:alert('XSS')> 3. <IMG SRC=JaVaScRiPt:alert('XSS')> 4. <IMG SRC=javascript:alert("XSS")> 5. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> 6. ... <All Subsequent Requests Blocked> © 2017 Imperva, Inc. All rights reserved.15
© 2016 Imperva, Inc. All rights reserved. Common Rules Putting it all Together © 2017 Imperva, Inc. All rights reserved.16
© 2016 Imperva, Inc. All rights reserved. Block Malicious Clients Similar to “Block Bad Bots” setting but more aggressive © 2017 Imperva, Inc. All rights reserved.17
© 2016 Imperva, Inc. All rights reserved. CAPTCHA for High Rate of Access Matches the index of the current request in the Incap session Measures the rate of requests per Incap session over a one minute timeframe Excludes good bots and browsers Rule action set to “Require CAPTCHA Support” © 2017 Imperva, Inc. All rights reserved.18
© 2016 Imperva, Inc. All rights reserved. Block CSRF Attacks Check to see if the request has a Session Cookie Validate the browser’s CORS Origin Header (HTTPS Only) (Optional) Check the Referer header Potential Enhancements: - Apply only to GET requests - Add a URL predicate to apply it to the specific URL that is vulnerable © 2017 Imperva, Inc. All rights reserved.19
© 2016 Imperva, Inc. All rights reserved. Questions? © 2017 Imperva, Inc. All rights reserved.20
D3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize Security

Recommended

D3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlD3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access Control
Imperva Incapsula
 
D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?
Imperva Incapsula
 
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Tirza DiOro
 
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-OnD3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
Imperva Incapsula
 
D3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudD3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the Cloud
Imperva Incapsula
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Imperva Incapsula
 
D3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation TechniquesD3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation Techniques
Imperva Incapsula
 
AWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAF
Amazon Web Services
 

Recommended

D3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlD3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access Control
Imperva Incapsula
 
D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?
Imperva Incapsula
 
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...
Tirza DiOro
 
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-OnD3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
Imperva Incapsula
 
D3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudD3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the Cloud
Imperva Incapsula
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Imperva Incapsula
 
D3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation TechniquesD3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation Techniques
Imperva Incapsula
 
AWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAF
Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
Amazon Web Services
 
A Culture Of Innovation powered by AWS
A Culture Of Innovation powered by AWSA Culture Of Innovation powered by AWS
A Culture Of Innovation powered by AWS
Amazon Web Services
 
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing DataI Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
Apigee | Google Cloud
 
Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)
Sqreen
 
Ruby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous IntegrationRuby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous Integration
Sqreen
 
Instrument Rack to visualize
 Rails requests processing
Instrument Rack to visualize
 Rails requests processing Instrument Rack to visualize
 Rails requests processing
Instrument Rack to visualize
 Rails requests processing
Sqreen
 
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
Amazon Web Services
 
GPSWKS402_GPS- Architecture Rodeo
GPSWKS402_GPS- Architecture RodeoGPSWKS402_GPS- Architecture Rodeo
GPSWKS402_GPS- Architecture Rodeo
Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Amazon Web Services
 
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
Yukihiro Kikuchi
 
12 Days of Coding Errors
12 Days of Coding Errors12 Days of Coding Errors
12 Days of Coding Errors
Erika Barron
 
Authentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Authentication and Identity with Amazon Cognito & Analytics with Amazon PinpointAuthentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Authentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Amazon Web Services
 
Introducing Amazon SageMaker - AWS Online Tech Talks
Introducing Amazon SageMaker - AWS Online Tech TalksIntroducing Amazon SageMaker - AWS Online Tech Talks
Introducing Amazon SageMaker - AWS Online Tech Talks
Amazon Web Services
 
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Amazon Web Services
 
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
AWS User Group Bengaluru
 
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Pranesh Vittal
 
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPPFosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Joachim Lindborg
 
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Amazon Web Services
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
Amazon Web Services
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
Amazon Web Services
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
Rogue Wave Software
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to Maintenance
Amazon Web Services
 

More Related Content

What's hot

NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
Amazon Web Services
 
A Culture Of Innovation powered by AWS
A Culture Of Innovation powered by AWSA Culture Of Innovation powered by AWS
A Culture Of Innovation powered by AWS
Amazon Web Services
 
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing DataI Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
Apigee | Google Cloud
 
Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)
Sqreen
 
Ruby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous IntegrationRuby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous Integration
Sqreen
 
Instrument Rack to visualize
 Rails requests processing
Instrument Rack to visualize
 Rails requests processing Instrument Rack to visualize
 Rails requests processing
Instrument Rack to visualize
 Rails requests processing
Sqreen
 
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
Amazon Web Services
 
GPSWKS402_GPS- Architecture Rodeo
GPSWKS402_GPS- Architecture RodeoGPSWKS402_GPS- Architecture Rodeo
GPSWKS402_GPS- Architecture Rodeo
Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Amazon Web Services
 
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
Yukihiro Kikuchi
 
12 Days of Coding Errors
12 Days of Coding Errors12 Days of Coding Errors
12 Days of Coding Errors
Erika Barron
 
Authentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Authentication and Identity with Amazon Cognito & Analytics with Amazon PinpointAuthentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Authentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Amazon Web Services
 
Introducing Amazon SageMaker - AWS Online Tech Talks
Introducing Amazon SageMaker - AWS Online Tech TalksIntroducing Amazon SageMaker - AWS Online Tech Talks
Introducing Amazon SageMaker - AWS Online Tech Talks
Amazon Web Services
 
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Amazon Web Services
 
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
AWS User Group Bengaluru
 
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Pranesh Vittal
 
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPPFosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Joachim Lindborg
 
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Amazon Web Services
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
Amazon Web Services
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
Amazon Web Services
 

What's hot (20)

NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
 
A Culture Of Innovation powered by AWS
A Culture Of Innovation powered by AWSA Culture Of Innovation powered by AWS
A Culture Of Innovation powered by AWS
 
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing DataI Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
I Love APIs 2015: The "State" of your API: Common Use Cases for Storing Data
 
Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)Tune your App Perf (and get fit for summer)
Tune your App Perf (and get fit for summer)
 
Ruby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous IntegrationRuby on Rails security in your Continuous Integration
Ruby on Rails security in your Continuous Integration
 
Instrument Rack to visualize
 Rails requests processing
Instrument Rack to visualize
 Rails requests processing Instrument Rack to visualize
 Rails requests processing
Instrument Rack to visualize
 Rails requests processing
 
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
LFS305_Automated Policy Enforcement for Real-Time Operations, Security, and C...
 
GPSWKS402_GPS- Architecture Rodeo
GPSWKS402_GPS- Architecture RodeoGPSWKS402_GPS- Architecture Rodeo
GPSWKS402_GPS- Architecture Rodeo
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
AWSの最新ネットワーク機能(2019/09/17 NW-JAWS)
 
12 Days of Coding Errors
12 Days of Coding Errors12 Days of Coding Errors
12 Days of Coding Errors
 
Authentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Authentication and Identity with Amazon Cognito & Analytics with Amazon PinpointAuthentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
Authentication and Identity with Amazon Cognito & Analytics with Amazon Pinpoint
 
Introducing Amazon SageMaker - AWS Online Tech Talks
Introducing Amazon SageMaker - AWS Online Tech TalksIntroducing Amazon SageMaker - AWS Online Tech Talks
Introducing Amazon SageMaker - AWS Online Tech Talks
 
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
Testing and Troubleshooting with AWS Device Farm - MBL301 - re:Invent 2017
 
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success story of migrating entire infrastructure from AWS Singapore to AWS Mu...
 
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
Success Story of migrating entire infrastructure from AWS Singapore to AWS Mu...
 
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPPFosdem IoT devroom, 2015, open scalable IoT systems with XMPP
Fosdem IoT devroom, 2015, open scalable IoT systems with XMPP
 
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
Tracking and Optimizing Ad Monetization for Your Mobile App - MBL307 - re:Inv...
 
ARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at ScaleARC325_Managing Multiple AWS Accounts at Scale
ARC325_Managing Multiple AWS Accounts at Scale
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
 

Similar to D3NY17- Using IncapRules to Customize Security

Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
Rogue Wave Software
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to Maintenance
Amazon Web Services
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
Apigee | Google Cloud
 
AWS Startup Day Kyiv: AWS Security Best Practices
AWS Startup Day Kyiv: AWS Security Best PracticesAWS Startup Day Kyiv: AWS Security Best Practices
AWS Startup Day Kyiv: AWS Security Best Practices
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Aleksandr Maklakov
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
Amazon Web Services
 
Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017
Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017
Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017
Amazon Web Services
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)
DNIF
 
Deep Dive - Amazon Kinesis Video Streams - AWS Online Tech Talks
Deep Dive - Amazon Kinesis Video Streams - AWS Online Tech TalksDeep Dive - Amazon Kinesis Video Streams - AWS Online Tech Talks
Deep Dive - Amazon Kinesis Video Streams - AWS Online Tech Talks
Amazon Web Services
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Amazon Web Services
 
The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...
The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...
The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...
Amazon Web Services
 
Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...
Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...
Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...
Amazon Web Services
 
Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...
Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...
Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...
Amazon Web Services
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
Tom Freestone
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
Amazon Web Services
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
Amazon Web Services
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
💻 Javier Garza
 
D-CAST Real Life TestOps Environment
D-CAST Real Life TestOps EnvironmentD-CAST Real Life TestOps Environment
D-CAST Real Life TestOps Environment
Adam Sandman
 
DevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
DevGeekWeek 2017 Inflectra Meetup in Herzliya PresentationDevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
DevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
Adam Sandman
 

Similar to D3NY17- Using IncapRules to Customize Security (20)

Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to Maintenance
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
 
AWS Startup Day Kyiv: AWS Security Best Practices
AWS Startup Day Kyiv: AWS Security Best PracticesAWS Startup Day Kyiv: AWS Security Best Practices
AWS Startup Day Kyiv: AWS Security Best Practices
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017
Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017
Save up to 90% and Run Production Workloads on Spot - CMP307 - re:Invent 2017
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)
 
Deep Dive - Amazon Kinesis Video Streams - AWS Online Tech Talks
Deep Dive - Amazon Kinesis Video Streams - AWS Online Tech TalksDeep Dive - Amazon Kinesis Video Streams - AWS Online Tech Talks
Deep Dive - Amazon Kinesis Video Streams - AWS Online Tech Talks
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
 
The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...
The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...
The Gronk Effect: Efficiently Handling Huge Spikes in Traffic Using Predictiv...
 
Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...
Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...
Fully Realizing the Microservices Vision with Service Mesh (DEV312-S) - AWS r...
 
Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...
Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...
Petabytes of Data & No Servers: Corteva Scales DNA Analysis to Meet Increasin...
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
D-CAST Real Life TestOps Environment
D-CAST Real Life TestOps EnvironmentD-CAST Real Life TestOps Environment
D-CAST Real Life TestOps Environment
 
DevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
DevGeekWeek 2017 Inflectra Meetup in Herzliya PresentationDevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
DevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
 

More from Imperva Incapsula

D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
Imperva Incapsula
 
D3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the BrowserD3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the Browser
Imperva Incapsula
 
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
Imperva Incapsula
 
D3LDN17 - Keynote
D3LDN17 - KeynoteD3LDN17 - Keynote
D3LDN17 - Keynote
Imperva Incapsula
 
D3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery RulesD3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery Rules
Imperva Incapsula
 
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
Imperva Incapsula
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
Imperva Incapsula
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedD3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
Imperva Incapsula
 
D3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the CurveD3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the Curve
Imperva Incapsula
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
Imperva Incapsula
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
Imperva Incapsula
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
Imperva Incapsula
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
Imperva Incapsula
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
Imperva Incapsula
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula
 
Is the Cloud Going to Kill Traditional Application Delivery?
Is the Cloud Going to Kill Traditional Application Delivery?Is the Cloud Going to Kill Traditional Application Delivery?
Is the Cloud Going to Kill Traditional Application Delivery?
Imperva Incapsula
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessImperva Incapsula
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Imperva Incapsula
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
Imperva Incapsula
 

More from Imperva Incapsula (20)

D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
 
D3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the BrowserD3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the Browser
 
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
 
D3LDN17 - Keynote
D3LDN17 - KeynoteD3LDN17 - Keynote
D3LDN17 - Keynote
 
D3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery RulesD3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery Rules
 
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedD3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
 
D3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the CurveD3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the Curve
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
 
Is the Cloud Going to Kill Traditional Application Delivery?
Is the Cloud Going to Kill Traditional Application Delivery?Is the Cloud Going to Kill Traditional Application Delivery?
Is the Cloud Going to Kill Traditional Application Delivery?
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your Business
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

D3NY17- Using IncapRules to Customize Security

  • 1. Using IncapRules to Customize Your Security and Access Control Jeff Serota Technical Account Manager, Imperva
  • 2. © 2016 Imperva, Inc. All rights reserved. Audience Poll How many organizations use IncapRules in production today? © 2017 Imperva, Inc. All rights reserved.2
  • 3. © 2016 Imperva, Inc. All rights reserved. Audience Poll How many IncapRules do you have defined? a) 0 – 5 b) 5 – 10 c) 10 – 50 d) 50+ © 2017 Imperva, Inc. All rights reserved.3
  • 4. © 2016 Imperva, Inc. All rights reserved. © 2017 Imperva, Inc. All rights reserved.4
  • 5. © 2016 Imperva, Inc. All rights reserved. IncapRules to the Rescue! © 2017 Imperva, Inc. All rights reserved.5
  • 6. © 2016 Imperva, Inc. All rights reserved. What are IncapRules? • IncapRules are a proprietary language for building custom security rules • Rules are built using Filters, Operators, and Values and combined using Boolean logic • If a rule evaluates to True, an Action is taken Filter Operator Value Filter Operator Value Predicate and Predicate URL contains ″˄/admin″ & ClientIP != 168.132.54.5 © 2017 Imperva, Inc. All rights reserved.6
  • 7. © 2016 Imperva, Inc. All rights reserved. © 2017 Imperva, Inc. All rights reserved.7
  • 8. © 2016 Imperva, Inc. All rights reserved. Actions Anatomy of IncapRules © 2017 Imperva, Inc. All rights reserved.8
  • 9. © 2016 Imperva, Inc. All rights reserved. Actions Challenge Require the client to pass a Cookie, JavaScript, or CAPTCHA challenge in order to complete the request Alert Generate a non-blocking alert for the event Block Block the current request and generate an alert © 2017 Imperva, Inc. All rights reserved.9
  • 10. © 2016 Imperva, Inc. All rights reserved. Actions Action Description Notes Alert Generates a non-blocking alert for this event. Great for testing new rules Block Request Blocks the current request and generates an alert. Preferred block action Block Session Blocks the current session and generates an alert. Any subsequent request from the same session is blocked. Session is based upon the Incap_session cookie – NOT the application’s session (JSESSIONID, etc.) Block IP Blocks the current IP and generates an alert. Any subsequent request from the same IP is blocked for a period of 10 minutes. Use with caution, clients originating from a VPN, Proxy, or NAT may be inadvertently blocked Require Cookie Support Requires any client that matches the rule filters to support cookies in order to complete the request. May be of limited value when working with API’s. Require JavaScript Support Requires any client that matches the rule filters to support JavaScript in order to complete the request. Since the JavaScript test is embedded in an HTML page, this action should only be enabled for HTML resources. Require CAPTCHA Support Requires any client matching the rule filters to pass a CAPTCHA test in order to complete the request. Since the CAPTCHA test is embedded in an HTML page, this action should only be enabled for HTML resources. © 2017 Imperva, Inc. All rights reserved.10
  • 11. © 2016 Imperva, Inc. All rights reserved. Filters Anatomy of IncapRules © 2017 Imperva, Inc. All rights reserved.11
  • 12. © 2016 Imperva, Inc. All rights reserved. Filters Client Request Counters Information about the connecting client Information about the current HTTP Request A running count of the number of actions performed • ASN • Client IP • Client ID • Client Type • Country Code • User Agent • ... • Any Header Value • Any Param Value • Full URL • Method • Post Data • Query String • ... • Attack • Attacks Count • GET Page IP Rate • Num of User Agent • Num on Session • Post Rate • ... © 2017 Imperva, Inc. All rights reserved.12
  • 13. © 2016 Imperva, Inc. All rights reserved. Notable Client Filters Client Type Client ID © 2017 Imperva, Inc. All rights reserved.13
  • 14. © 2016 Imperva, Inc. All rights reserved. Notable Request Filters Any Header/Param Value Header/Param Value © 2017 Imperva, Inc. All rights reserved.14
  • 15. © 2016 Imperva, Inc. All rights reserved. Notable Counter Filters – Attacks Count 1. <IMG SRC="javascript:alert('XSS');"> 2. <IMG SRC=javascript:alert('XSS')> 3. <IMG SRC=JaVaScRiPt:alert('XSS')> 4. <IMG SRC=javascript:alert("XSS")> 5. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> 6. ... <All Subsequent Requests Blocked> © 2017 Imperva, Inc. All rights reserved.15
  • 16. © 2016 Imperva, Inc. All rights reserved. Common Rules Putting it all Together © 2017 Imperva, Inc. All rights reserved.16
  • 17. © 2016 Imperva, Inc. All rights reserved. Block Malicious Clients Similar to “Block Bad Bots” setting but more aggressive © 2017 Imperva, Inc. All rights reserved.17
  • 18. © 2016 Imperva, Inc. All rights reserved. CAPTCHA for High Rate of Access Matches the index of the current request in the Incap session Measures the rate of requests per Incap session over a one minute timeframe Excludes good bots and browsers Rule action set to “Require CAPTCHA Support” © 2017 Imperva, Inc. All rights reserved.18
  • 19. © 2016 Imperva, Inc. All rights reserved. Block CSRF Attacks Check to see if the request has a Session Cookie Validate the browser’s CORS Origin Header (HTTPS Only) (Optional) Check the Referer header Potential Enhancements: - Apply only to GET requests - Add a URL predicate to apply it to the specific URL that is vulnerable © 2017 Imperva, Inc. All rights reserved.19
  • 20. © 2016 Imperva, Inc. All rights reserved. Questions? © 2017 Imperva, Inc. All rights reserved.20