SlideShare a Scribd company logo

NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Security

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

Array Networks - A Layered Approach to Web and Application Security Encryption creates the need for at least two levels of security. ADC’s provide high availability and a secure layer for SSL traffic termination, decryption, inspection and forwarding to advanced security appliances for further inspection. Ed Keiper is a senior systems engineer with Array Networks. His background includes 10+ years of experience in cloud computing, infrastructure and security.

Internet
1 of 18
Download to read offline
@NTXISSA #NTXISSACSC4 Array Networks “A Layered Approach to Web & Application Security” Edward Keiper Senior Systems Engineer Array Networks October 7 , 2016
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 2 Array Networks at-a-glance Founded 2000 Headquarters Milpitas, CA, USA Employees 250+ Market Application Delivery Networking Products Application Delivery Controllers (ADC) Secure Access Gateways (SSL VPN) Segments Enterprise, Service Provider, Public Sector Technology 30+ Patents Customers 5000+ Worldwide Meeting Enterprise-Class Requirements For Over 10Years
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 3 Why a multi-layer approach? § Encryption creates the need for at least two levels of security - SSL (HTTPS) traffic passes directly through traditional firewalls, bypassing rules, policies and inspection - SSL traffic on the rise, used for both remote and mobile access and for an ever increasing number of Web sites and applications SSL
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 4 multi-layer security protects against… DoS (Deny Of Service) Back Doors Flash Events Web Exploitation& DefacingLand Attack Ping Attack SynFlood Attack Unreachable Host Attack Tear Drop Attack Buffer Overflow Attack Parser Evasion Attacks Directory Traversal Attack High Bit Shellcode Protection Security Exploitation (Port scan) Cross Site Scripting Impersonation & Breach of Privacy Code Red SQL InjectionHeartbleed
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 5 Multi-layer security architecture (cont.) § Firewall perimeter security - The first line of defense, rules-based network level packet filtering; no visibility to SSL § SSL termination and traffic inspection - Traffic from secure applications are terminated on ADCs, decrypted and inspected traffic may be sent to servers or to advanced security appliances for further inspection - Traffic from remote access users are terminated on SSL VPNs, decrypted and inspected traffic may be sent to servers or to advanced security appliances § Advanced security appliances - Further inspection of smaller volume of pre-screened traffic
@NTXISSA #NTXISSACSC4 NTX ISSA Cyber Security Conference – October 7-8, 2016 6 Multi-layer security architecture Firewall Perimeter Security IPS/IDS ATP Malware ADC HTTP/S Web App Traffic SSL VPN HTTPS Remote Access Traffic External & Remote Users Networks Apps Data
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 7 Multi-layer security architecture (cont.) § Layer-3 stateful packet filtering - Per-customer interface (VLAN/MNET), ingress packet filtering (source/destination IP, port, protocol), 1000 ACLs, packet deny/drop log, dynamic access list, permit-only network access § Layer-4 TCP stateful inspection - TCP stateful inspection, L4 packet sanitization, reverse proxy (client packet does not touch server), syn-cookie protection against TCP syn floods and DOS attacks § Layer-7 content filtering, WAF & DDoS - URL filtering, configurable access control (limit connections per port to prevent DDoS attack), application session control, HTTP protocol validation and policy filtering, attack signature filtering, input validation, XSS prevention, virtual patching
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 8 SSL VPN multi-layer security § End-point security - Scan for personal firewalls, anti-virus software, browsers, operating systems, service packs, patches – apply adaptable remediation options for non-compliant clients § Advanced authentication, authorization and auditing - LDAP, Microsoft Active Directory, RADIUS, RSA SecurID, LocalDB, SSL client certificates, multi-factor authentication including RSA, Duo, Swivel, Syferlock and others § Deep packet inspection and WRM - Buffer overflow protection, syn-flood protection, URL filtering, configurable access control (limit connections per port to prevent DDoS attack), Web resource mapping with payload inspection and HTTP NATing
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 9 SSL VPN security architecture End Point Security Host Checking Adaptive Policies Secure Desktop Cache Cleaning • Eliminates all elements of browser cache • Local sandbox prevents data leakage S S L AAA • Supports all industry standards (AD, RADIUS, LDAP, SecureID) • RSA certified • Unique SSL integration • Fine grain ACLs • L3, L4 and L7 • External mapping • Black list and white list • Full audit trail • Who, what and when • Syslog support • Configurable email alerts F W P r o x y File Shares • Clientless access to shared directories • CIFS/NFS Web Apps • Clientless Web application support Networks • Full L3 VPN • Any IP protocol • L4 redirection • Denial of Service (DoS) attack protection • ACLs (Layer 4) • URL filtering (Layer 7) • Network probe logging • All standard cipher-suites • Hardware-accelerated • 2048-bit key lengths • Client-side certificates • Complete separation between non-secured and secured networks Desktops • Desktops • Terminal Server Applications
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 10 SSL VPN secure remote and mobile access § Any resource, any access method, any device, anywhere Remote Workers & Road Warriors on Laptops Home & Small Office Workers on PCs Mobile Workers on Smart Phones & Tablets Physical & Virtual Desktops Client Server & Mobile Apps File Sharing Web Applications Limits network exposure and guards against data leakageImproves productivity Remote Networks & Infrastructure
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 11 Multi-layer security architecture (cont.) § Security - SSL encryption, WAF, Web proxy - Application-level data protection § Acceleration - SSL offloading, compression, caching, traffic shaping, etc. - 10x better server efficiency and application performance § High availability - Server load balancing, GSLB, link load balancing - 24/7 application uptime Application Servers External Users Internal Users Storage
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 12 Hardware and software portfolio APV Series Application Delivery Controllers AG Series Secure Access Gateways Availability, scalability, performance, control and security for applications, Web sites, online transactions and cloud services Load balancing, SSL offloading, caching, compression, application security, L7 scripting and other network functions Achieves ROI by improving application performance and server efficiency Secure access to business applications from any remote or mobile device for any user anywhere SSL VPN virtual portals, L3 – L7 access, AAA, end-point security, single sign-on, Web firewall and dual-factor authentication Achieves ROI by increasing productivity and mitigating business disruptions
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 13 Security-hardened OS and platform § Only exposes service ports – no backdoors § Secured network management – SSL and HTTPS - Explicit disallows Telnet due to security risk of account/password sniffing § Tested and hardened against a range of network attacks - Hacking tools from eEye (ncx.exe, iishack.exe) - Nessus scan - NMAP - Filters malformed packets such as Smurf attach and local broadcast attacks § High-availability and cluster capability
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 14 Proprietary secured SSL stack § Used for all production traffic, proven immune to Heartbleed, Bash, Shellshock and other recent vulnerabilities - Customers did not need to patch or remediate any Array products - Bought time for remediation and patching of backend servers as necessary § Delivers both better security and higher levels of performance - Pared-back, buttoned-down design runs faster and presents fewer attack vectors - Cannot guarantee 100% immune for all potential vulnerabilities, but has proven provide a higher level of security and immunity vs. OpenSSL
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 15 Flexible appliance options • Dedicated, multi-tenant and virtual ADC appliances • Enables IaaS providers to offer customers a full range of load balancing service options optimized either for flexibility or performance • VMware, XenServer, OpenXen and KVM • Scalable from 10Mbps to 4Gbps • Up to 32 vAPV ADC instances • Dedicated SSL, I/O, compute resources • Scalable from 2Gbps to 120Mbps • Proven cloud track record vAPV Virtual ADC AVX10650 Multi-Tenant ADC APV Series Dedicated ADCs Flexibility Performance
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 16 APV Series platforms APV1600/T 3.5/2.5 Gbps 2/2K SSL TPS APV2600 18 Gbps 5.5K SSL TPS APV6600 35 Gbps 25K SSL TPS APV10650 120 Gbps 70K SSL TPS APV7600 80 Gbps 70K SSL TPS APV11600 140 Gbps 70K SSL TPS APV3600 37 Gbps 35K SSL TPS APV3650 30 Gbps 25K SSL TPS Supports 1 to 16 vCPUs VMware, XenServer, OpenXen, KVM, Hyper-V AVX Series Virtualized multi-tenant appliances – up to 16 or 32 vAPV instances, 65 or 115 Gbps and 35K or 70K SSL TPS per system APV6600FIPS 35 Gbps 9K SSL TPS PHYSICAL & VIRTUAL APPLIANCES SCALING UP & OUTFOR
@NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 17 AG Series product line PHYSICAL & VIRTUAL APPLIANCES SCALING UP & OUTFOR 10,000 Concurrent Users VMware, XenServer, OpenXen, KVM AG1000 300 Concurrent Users AG1100 3000 Concurrent Users AG1200 25,000 Concurrent Users AG1600 128,000 Concurrent Users AG1500/ AG1500FIPS 72,000 Concurrent Users AG1150 10,000 Concurrent Users AG1000T 600 Concurrent Users
@NTXISSA #NTXISSACSC4@NTXISSA #NTXISSACSC4 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – October 7-8, 2016 18 Thank you

Recommended

NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3North Texas Chapter of the ISSA
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5North Texas Chapter of the ISSA
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?North Texas Chapter of the ISSA
 

Recommended

NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3North Texas Chapter of the ISSA
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5North Texas Chapter of the ISSA
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?North Texas Chapter of the ISSA
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JSFestUA
 
NTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...PROIDEA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
SecureData GI
SecureData GISecureData GI
SecureData GISecureData Europe
 
Cybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingCybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingDavid Fry
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNorth Texas Chapter of the ISSA
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttNorth Texas Chapter of the ISSA
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerRahul Neel Mani
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNorth Texas Chapter of the ISSA
 

More Related Content

What's hot

NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNorth Texas Chapter of the ISSA
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JSFestUA
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...PROIDEA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
Cybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingCybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingDavid Fry
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerRahul Neel Mani
 

What's hot (20)

NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
 
NTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic Failures
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
SecureData GI
SecureData GISecureData GI
SecureData GI
 
Cybersecurity is the Future of Computing
Cybersecurity is the Future of ComputingCybersecurity is the Future of Computing
Cybersecurity is the Future of Computing
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the ServerThe Perimeter Security Retreat: Fall Back, Fall Back to the Server
The Perimeter Security Retreat: Fall Back, Fall Back to the Server
 

Viewers also liked

NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...North Texas Chapter of the ISSA
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNorth Texas Chapter of the ISSA
 
London Devops #9 - Security at a startup
London Devops #9 - Security at a startupLondon Devops #9 - Security at a startup
London Devops #9 - Security at a startupNeil Saunders
 
How to Automate User Provisioning
How to Automate User Provisioning How to Automate User Provisioning
How to Automate User Provisioning OneLogin
 
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesLeading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesOneLogin
 
How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...LeanIX GmbH
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 

Viewers also liked (13)

NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
 
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of Discovery
 
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdANTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
NTXISSACSC4 - Identity as a Threat Plane Leveraging UEBA and IdA
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
 
NTXISSACSC4 - A Day in the Life of a CISO
NTXISSACSC4 - A Day in the Life of a CISONTXISSACSC4 - A Day in the Life of a CISO
NTXISSACSC4 - A Day in the Life of a CISO
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
 
London Devops #9 - Security at a startup
London Devops #9 - Security at a startupLondon Devops #9 - Security at a startup
London Devops #9 - Security at a startup
 
How to Automate User Provisioning
How to Automate User Provisioning How to Automate User Provisioning
How to Automate User Provisioning
 
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud InitiativesLeading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
Leading Trends in IAM Webinar 3: Optimizing User Experience in Cloud Initiatives
 
How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...How to increase your understanding of application usage with LeanIX and OneLo...
How to increase your understanding of application usage with LeanIX and OneLo...
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 

Similar to NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Security

Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...North Texas Chapter of the ISSA
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Michael Swinarski
 
Mạng chuyển mạch thế hệ mới
Mạng chuyển mạch thế hệ mớiMạng chuyển mạch thế hệ mới
Mạng chuyển mạch thế hệ mớiSunmedia Corporation
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Keith Kraus
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
CL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCisco
 
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...North Texas Chapter of the ISSA
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Canada
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Canada
 
Smau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSmau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSMAU
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNorth Texas Chapter of the ISSA
 
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsCisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsNetworkCollaborators
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Canada
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Cisco Russia
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Positive Hack Days
 

Similar to NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Security (20)

Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
NTXISSACSC3 - Cyber Warfare: Identifying Attackers Hiding Amongst the Flock b...
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)
 
MST
MSTMST
MST
 
Mạng chuyển mạch thế hệ mới
Mạng chuyển mạch thế hệ mớiMạng chuyển mạch thế hệ mới
Mạng chuyển mạch thế hệ mới
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
CL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and PlanningCL2015 - Datacenter and Cloud Strategy and Planning
CL2015 - Datacenter and Cloud Strategy and Planning
 
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
NTXISSACSC3 - Critical Criteria for (Cloud) Workload Security by Steve Armend...
 
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUICisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
Cisco Digital Network Architecture – Deeper Dive, “From the Gates to the GUI
 
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The GuiCisco Digital Network Architecture Deeper Dive From The Gates To The Gui
Cisco Digital Network Architecture Deeper Dive From The Gates To The Gui
 
Smau Padova 2018 - Cisco
Smau Padova 2018 - CiscoSmau Padova 2018 - Cisco
Smau Padova 2018 - Cisco
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 
Ukrtransgaz
UkrtransgazUkrtransgaz
Ukrtransgaz
 
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutionsCisco Connect 2018 Malaysia - Secure data center and mobility solutions
Cisco Connect 2018 Malaysia - Secure data center and mobility solutions
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
 

More from North Texas Chapter of the ISSA

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNorth Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (13)

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
 

Recently uploaded

定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 

NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Security

  • 1. @NTXISSA #NTXISSACSC4 Array Networks “A Layered Approach to Web & Application Security” Edward Keiper Senior Systems Engineer Array Networks October 7 , 2016
  • 2. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 2 Array Networks at-a-glance Founded 2000 Headquarters Milpitas, CA, USA Employees 250+ Market Application Delivery Networking Products Application Delivery Controllers (ADC) Secure Access Gateways (SSL VPN) Segments Enterprise, Service Provider, Public Sector Technology 30+ Patents Customers 5000+ Worldwide Meeting Enterprise-Class Requirements For Over 10Years
  • 3. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 3 Why a multi-layer approach? § Encryption creates the need for at least two levels of security - SSL (HTTPS) traffic passes directly through traditional firewalls, bypassing rules, policies and inspection - SSL traffic on the rise, used for both remote and mobile access and for an ever increasing number of Web sites and applications SSL
  • 4. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 4 multi-layer security protects against… DoS (Deny Of Service) Back Doors Flash Events Web Exploitation& DefacingLand Attack Ping Attack SynFlood Attack Unreachable Host Attack Tear Drop Attack Buffer Overflow Attack Parser Evasion Attacks Directory Traversal Attack High Bit Shellcode Protection Security Exploitation (Port scan) Cross Site Scripting Impersonation & Breach of Privacy Code Red SQL InjectionHeartbleed
  • 5. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 5 Multi-layer security architecture (cont.) § Firewall perimeter security - The first line of defense, rules-based network level packet filtering; no visibility to SSL § SSL termination and traffic inspection - Traffic from secure applications are terminated on ADCs, decrypted and inspected traffic may be sent to servers or to advanced security appliances for further inspection - Traffic from remote access users are terminated on SSL VPNs, decrypted and inspected traffic may be sent to servers or to advanced security appliances § Advanced security appliances - Further inspection of smaller volume of pre-screened traffic
  • 6. @NTXISSA #NTXISSACSC4 NTX ISSA Cyber Security Conference – October 7-8, 2016 6 Multi-layer security architecture Firewall Perimeter Security IPS/IDS ATP Malware ADC HTTP/S Web App Traffic SSL VPN HTTPS Remote Access Traffic External & Remote Users Networks Apps Data
  • 7. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 7 Multi-layer security architecture (cont.) § Layer-3 stateful packet filtering - Per-customer interface (VLAN/MNET), ingress packet filtering (source/destination IP, port, protocol), 1000 ACLs, packet deny/drop log, dynamic access list, permit-only network access § Layer-4 TCP stateful inspection - TCP stateful inspection, L4 packet sanitization, reverse proxy (client packet does not touch server), syn-cookie protection against TCP syn floods and DOS attacks § Layer-7 content filtering, WAF & DDoS - URL filtering, configurable access control (limit connections per port to prevent DDoS attack), application session control, HTTP protocol validation and policy filtering, attack signature filtering, input validation, XSS prevention, virtual patching
  • 8. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 8 SSL VPN multi-layer security § End-point security - Scan for personal firewalls, anti-virus software, browsers, operating systems, service packs, patches – apply adaptable remediation options for non-compliant clients § Advanced authentication, authorization and auditing - LDAP, Microsoft Active Directory, RADIUS, RSA SecurID, LocalDB, SSL client certificates, multi-factor authentication including RSA, Duo, Swivel, Syferlock and others § Deep packet inspection and WRM - Buffer overflow protection, syn-flood protection, URL filtering, configurable access control (limit connections per port to prevent DDoS attack), Web resource mapping with payload inspection and HTTP NATing
  • 9. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 9 SSL VPN security architecture End Point Security Host Checking Adaptive Policies Secure Desktop Cache Cleaning • Eliminates all elements of browser cache • Local sandbox prevents data leakage S S L AAA • Supports all industry standards (AD, RADIUS, LDAP, SecureID) • RSA certified • Unique SSL integration • Fine grain ACLs • L3, L4 and L7 • External mapping • Black list and white list • Full audit trail • Who, what and when • Syslog support • Configurable email alerts F W P r o x y File Shares • Clientless access to shared directories • CIFS/NFS Web Apps • Clientless Web application support Networks • Full L3 VPN • Any IP protocol • L4 redirection • Denial of Service (DoS) attack protection • ACLs (Layer 4) • URL filtering (Layer 7) • Network probe logging • All standard cipher-suites • Hardware-accelerated • 2048-bit key lengths • Client-side certificates • Complete separation between non-secured and secured networks Desktops • Desktops • Terminal Server Applications
  • 10. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 10 SSL VPN secure remote and mobile access § Any resource, any access method, any device, anywhere Remote Workers & Road Warriors on Laptops Home & Small Office Workers on PCs Mobile Workers on Smart Phones & Tablets Physical & Virtual Desktops Client Server & Mobile Apps File Sharing Web Applications Limits network exposure and guards against data leakageImproves productivity Remote Networks & Infrastructure
  • 11. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 11 Multi-layer security architecture (cont.) § Security - SSL encryption, WAF, Web proxy - Application-level data protection § Acceleration - SSL offloading, compression, caching, traffic shaping, etc. - 10x better server efficiency and application performance § High availability - Server load balancing, GSLB, link load balancing - 24/7 application uptime Application Servers External Users Internal Users Storage
  • 12. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 12 Hardware and software portfolio APV Series Application Delivery Controllers AG Series Secure Access Gateways Availability, scalability, performance, control and security for applications, Web sites, online transactions and cloud services Load balancing, SSL offloading, caching, compression, application security, L7 scripting and other network functions Achieves ROI by improving application performance and server efficiency Secure access to business applications from any remote or mobile device for any user anywhere SSL VPN virtual portals, L3 – L7 access, AAA, end-point security, single sign-on, Web firewall and dual-factor authentication Achieves ROI by increasing productivity and mitigating business disruptions
  • 13. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 13 Security-hardened OS and platform § Only exposes service ports – no backdoors § Secured network management – SSL and HTTPS - Explicit disallows Telnet due to security risk of account/password sniffing § Tested and hardened against a range of network attacks - Hacking tools from eEye (ncx.exe, iishack.exe) - Nessus scan - NMAP - Filters malformed packets such as Smurf attach and local broadcast attacks § High-availability and cluster capability
  • 14. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 14 Proprietary secured SSL stack § Used for all production traffic, proven immune to Heartbleed, Bash, Shellshock and other recent vulnerabilities - Customers did not need to patch or remediate any Array products - Bought time for remediation and patching of backend servers as necessary § Delivers both better security and higher levels of performance - Pared-back, buttoned-down design runs faster and presents fewer attack vectors - Cannot guarantee 100% immune for all potential vulnerabilities, but has proven provide a higher level of security and immunity vs. OpenSSL
  • 15. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 15 Flexible appliance options • Dedicated, multi-tenant and virtual ADC appliances • Enables IaaS providers to offer customers a full range of load balancing service options optimized either for flexibility or performance • VMware, XenServer, OpenXen and KVM • Scalable from 10Mbps to 4Gbps • Up to 32 vAPV ADC instances • Dedicated SSL, I/O, compute resources • Scalable from 2Gbps to 120Mbps • Proven cloud track record vAPV Virtual ADC AVX10650 Multi-Tenant ADC APV Series Dedicated ADCs Flexibility Performance
  • 16. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 16 APV Series platforms APV1600/T 3.5/2.5 Gbps 2/2K SSL TPS APV2600 18 Gbps 5.5K SSL TPS APV6600 35 Gbps 25K SSL TPS APV10650 120 Gbps 70K SSL TPS APV7600 80 Gbps 70K SSL TPS APV11600 140 Gbps 70K SSL TPS APV3600 37 Gbps 35K SSL TPS APV3650 30 Gbps 25K SSL TPS Supports 1 to 16 vCPUs VMware, XenServer, OpenXen, KVM, Hyper-V AVX Series Virtualized multi-tenant appliances – up to 16 or 32 vAPV instances, 65 or 115 Gbps and 35K or 70K SSL TPS per system APV6600FIPS 35 Gbps 9K SSL TPS PHYSICAL & VIRTUAL APPLIANCES SCALING UP & OUTFOR
  • 17. @NTXISSA #NTXISSACSC4NTX ISSA Cyber Security Conference – October 7-8, 2016 17 AG Series product line PHYSICAL & VIRTUAL APPLIANCES SCALING UP & OUTFOR 10,000 Concurrent Users VMware, XenServer, OpenXen, KVM AG1000 300 Concurrent Users AG1100 3000 Concurrent Users AG1200 25,000 Concurrent Users AG1600 128,000 Concurrent Users AG1500/ AG1500FIPS 72,000 Concurrent Users AG1150 10,000 Concurrent Users AG1000T 600 Concurrent Users
  • 18. @NTXISSA #NTXISSACSC4@NTXISSA #NTXISSACSC4 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – October 7-8, 2016 18 Thank you