SlideShare una empresa de Scribd logo

Mitigating Attacks on Your Applications & Data with AppWall's Auto Policy Generation

Andris Soroka
Andris Soroka

The document summarizes AppWall, a web application firewall that provides security for web applications. It discusses AppWall's product overview, security features like auto policy generation and role-based policies, and compliance reporting capabilities. AppWall can be deployed either as a physical or virtual appliance, and uses adaptive auto policy generation to analyze applications and threats to generate tailored security policies with minimal false positives. It also allows role-based access control and separation of duties through role-based policies.

Tecnología
1 de 37
Descargar para leer sin conexión
Mitigating Attacks on your Applications & Data With AppWall Igor Kontsevoy November, 2012
Agenda • The Solution: AppWall Web Application Firewall – Product overview – Security – Auto Policy Generation – Security & Compliance Reporting – Role Based Policy • Summary Slide 2
The Solution: AppWall
Introducing AppWall • AppWallTM is a WAF that secures Web applications and enables PCI compliance by: – Blocking attacks on Web application – Preventing data theft and manipulation of sensitive data • Available either as Physical or Virtual Appliance. Slide 4
Introducing AppWall • AppWallTM is a WAF that secures Web applications and enables PCI compliance by: – Blocking attacks on Web application – Preventing data theft and manipulation of sensitive data • Available either as Physical or Virtual Appliance. Slide 5
AppWall Overview Out-of-the-Box PCI Compliance Fast Implementation • WAF + IPS (PCI 6.6 & 11.4) • Simple initial deployment • PCI Compliance Reporting • Best in class Auto-Policy Generation Risk Management APSolute Vision SIEM • Unified and AppWall Correlated reporting across the network • Security reporting Scalability Complete Web App Protection • Cluster deployment • Full coverage of OWASP Top-10 • Centralized policy management • Negative & positive security models • Scalable by Device
Complete Web Application Protection Signature & • Cross site scripting (XSS) Rule • SQL injection, LDAP injection, Protection OS commanding Terminate TCP, • Evasions Normalize, • HTTP response splitting (HRS) HTTP RFC • Credit card number (CCN) / Data Leak Social Security (SSN) Prevention • Regular Expression
Complete Web Application Protection Parameters • Buffer overflow (BO) Inspection • Zero-day attacks • Cross site request forgery User • Cookie poisoning, session Behavior hijacking • Folder / file level access control Layer 7 ACL • White listing or black listing XML & Web • XML Validity and schema Services enforcement Role Based • Authentication Policy • User Tracking
Flexible Deployment Strategies Access Virtual IP Public IP IP AppWall Firewall Router ADC Internet AppWall Web Servers • Transparent bridge mode – No network topology changes required – Transparent to non-HTTP traffic – Fail-open interfaces AppWall Array • Transparent Reverse proxy – HTTP Proxy for maximum security – Preserves Original Client IP address • Reverse proxy – HTTP Proxy for maximum security • Cluster deployment – ADC farm deployment – Auto policy synchronization within the farm Slide 9
Multi-Tenancy • AppWall defines web application by any combination of: – Secured Web Server IP/Port – Secured Host name – Secured Application Tree (Folder) • AppWall enables complete multi-tenancy with: – Policy separation per Web Application – RBAC per Web Application – Reporting per Web Application Slide 10
Patent Protected “App Path” Technology AppWall Policy Lightweight Policy, Negative security Policy only. Negative + Positive Intensive security Application Inspection Scope Policy Fully restricted access for others Other WAFs than the App Admin. Slide 11
AppWall’s Adaptive Auto Policy Generation and Application Visibility
Adaptive Auto Policy Generation (1 of 4) App Mapping Reservations.com /config/ /admin/ /register/ /hotels/ /info/ /reserve/ Slide 13
Adaptive Auto Policy Generation (2 of 4) App Threat Mapping Analysis Reservations.com /config/ Risk analysis per “ application-path” Spoof identity, steal user information, data tampering /admin/ SQL Injection /register/ CCN breach Information leakage /hotels/ Gain root access control /info/ Directory Traversal /reserve/ Buffer Overflow Unexpected application behavior, system crash, full system compromise Slide 14
Adaptive Auto Policy Generation (3 of 4) App Threat Policy Mapping Analysis Generation Reservations.com /config/ Prevent access to /admin/ SQL Injection sensitive app sections /register/ CCN breach Mask CCN, SSN, etc. in ***********9459 responses. /hotels/ Traffic normalization & /info/ Directory Traversal HTTP RFC validation /reserve/ Buffer Overflow P Parameters inspection Slide 15
Adaptive Auto Policy Generation (4 of 4) App Threat Policy Policy Mapping Analysis Generation Activation Reservations.com Time to protect Virtually zero false positive /config/ /admin/ SQL Injection Optimize rules for /register/ CCN breach best ***********9459 accuracy /hotels/ /info/ Directory Traversal Add /reserve/ Buffer Overflow P tailored application rules Best Security coverage Slide 16
Application Visibility – Application Tree View Slide 17
Application Visibility – Parameters View Cookie Path Parameter Query Parameter Slide 18
Authentication Single-Sing-On Role Based Policy Slide 19
AppWall Role Based Policy AppWall Role Based Policy Enables defining different security policies for different users To provide flexible access to web application While properly securing the application. Slide 20
Role Based Policy Delivers: Authentication and login detection Authorization and access control Accounting and Auditing Web based Single Sign On Separation of duties Application Content Control Slide 21
Role Based Policy • Defining web app role based security policy • Retrieving the users’ group association from LDAP. • Configure different policies for different roles: – Admin – Employee – Partner – Customer – Public Slide 22
Radware.com - Employee Slide 23
Radware.com – admin user Slide 24
Slide 25
Role Based Policy Slide 26
Sharing Policy Among Roles Shared Policy Across Roles (new) Different Policies (old): • Customer – Access Prohibited • Partner - Access allowed but CCN Masked • Employee - Access allowed and see CNN Slide 27
Security & Compliance Reporting
Best Security & Compliance Reports • Network and application security correlation reports • Dozens of predefined security reports • Learning reports detailing learned app resources • Audit and access reports • PCI Compliance reports Slide 29
AppWall & DefensePro Correlation AppWall Blocked Attacks DefensePro Blocked Attacks Slide 30
The Reporting Dashboard Slide 31
Top Attacks by Source Slide 32
PCI Compliance Summary Report Compliance Status Analysis Info PCI Requirement Action Plan Slide 33
Summary
The Cost of Insecurity 035
AppWall Distinctive Competence • Cloud Ready Complete ADC solution • Unique Network & Application Attack mitigation • Adaptive Auto Policy Generation • Best security & compliance reports • Reduced Cost of Ownership Slide 36
The End

Recomendados

Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortTen Sistemas e Redes
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam Rodrigo Martini
 
Cr vs fortinet
Cr vs fortinetCr vs fortinet
Cr vs fortinetgopi123_ipog
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMAndris Soroka
 
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...LiveAction Next Generation Network Management Software
 
Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPNAjay Nawani
 
Cyberoam Unified Threat Management
Cyberoam Unified Threat ManagementCyberoam Unified Threat Management
Cyberoam Unified Threat ManagementVCW Security Ltd
 

Recomendados

Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortTen Sistemas e Redes
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam Rodrigo Martini
 
Cr vs fortinet
Cr vs fortinetCr vs fortinet
Cr vs fortinetgopi123_ipog
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMAndris Soroka
 
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...LiveAction Next Generation Network Management Software
 
Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPNAjay Nawani
 
Cyberoam Unified Threat Management
Cyberoam Unified Threat ManagementCyberoam Unified Threat Management
Cyberoam Unified Threat ManagementVCW Security Ltd
 
Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayLiberteks
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guidesupport_cyberoam
 
Wifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wiWifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15winiravmahida
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentationSoap MacTavish
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risksIslam Azeddine Mennouchi
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Featureslukky753
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto NetworksLaurent Daudré-Vignier
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
What You Cant See Can Hurt You
What You Cant See Can Hurt You What You Cant See Can Hurt You
What You Cant See Can Hurt You Castleforce
 
Why choose pan
Why choose panWhy choose pan
Why choose panAchmad Yudo
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityDirk Nicol
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperAjin Abraham
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019Miguel Angel Falcón Muñoz
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Silva_2
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-reviewRayan Darine
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
DSS ITSEC Conference 2012 - Radware WAF
DSS ITSEC Conference 2012 - Radware WAFDSS ITSEC Conference 2012 - Radware WAF
DSS ITSEC Conference 2012 - Radware WAFAndris Soroka
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 

Más contenido relacionado

La actualidad más candente

Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayLiberteks
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guidesupport_cyberoam
 
Wifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wiWifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15winiravmahida
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentationSoap MacTavish
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Featureslukky753
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
What You Cant See Can Hurt You
What You Cant See Can Hurt You What You Cant See Can Hurt You
What You Cant See Can Hurt You Castleforce
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityDirk Nicol
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperAjin Abraham
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Silva_2
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 

La actualidad más candente (20)

Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management Gateway
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guide
 
Wifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wiWifi Security for SOHOs: Cyberoam UTM CR15wi
Wifi Security for SOHOs: Cyberoam UTM CR15wi
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentation
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Palo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New FeaturesPalo Alto Networks PAN-OS 4.0 New Features
Palo Alto Networks PAN-OS 4.0 New Features
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
 
What You Cant See Can Hurt You
What You Cant See Can Hurt You What You Cant See Can Hurt You
What You Cant See Can Hurt You
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
 
OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall Presentation
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 

Similar a Mitigating Attacks on Your Applications & Data with AppWall's Auto Policy Generation

DSS ITSEC Conference 2012 - Radware WAF
DSS ITSEC Conference 2012 - Radware WAFDSS ITSEC Conference 2012 - Radware WAF
DSS ITSEC Conference 2012 - Radware WAFAndris Soroka
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...APIsecure_ Official
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityOry Segal
 
Firewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesFirewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesCYLK IT Solutions
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricDATA SECURITY SOLUTIONS
 
Palo alto safe application enablement
Palo alto safe application enablementPalo alto safe application enablement
Palo alto safe application enablementresponsedatacomms
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014Risk Analysis Consultants, s.r.o.
 
AWS Lambda Security Inside & Out
AWS Lambda Security Inside & OutAWS Lambda Security Inside & Out
AWS Lambda Security Inside & OutPureSec
 
Axxera Security Solutions Ver 2.0
Axxera Security Solutions Ver 2.0Axxera Security Solutions Ver 2.0
Axxera Security Solutions Ver 2.0Reddy Marri
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
Xoriant Smartphone apps accelerator
Xoriant Smartphone apps acceleratorXoriant Smartphone apps accelerator
Xoriant Smartphone apps acceleratorXoriant Corporation
 
IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015Sreeni Pamidala
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 

Similar a Mitigating Attacks on Your Applications & Data with AppWall's Auto Policy Generation (20)

DSS ITSEC Conference 2012 - Radware WAF
DSS ITSEC Conference 2012 - Radware WAFDSS ITSEC Conference 2012 - Radware WAF
DSS ITSEC Conference 2012 - Radware WAF
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
 
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
2022 APIsecure_Realizing the Full Cloud Native Potential With a Multi-Layered...
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application Security
 
Firewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesFirewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicações
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Palo alto safe application enablement
Palo alto safe application enablementPalo alto safe application enablement
Palo alto safe application enablement
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
 
AWS Lambda Security Inside & Out
AWS Lambda Security Inside & OutAWS Lambda Security Inside & Out
AWS Lambda Security Inside & Out
 
Forti web
Forti webForti web
Forti web
 
Forti web
Forti webForti web
Forti web
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Axxera Security Solutions Ver 2.0
Axxera Security Solutions Ver 2.0Axxera Security Solutions Ver 2.0
Axxera Security Solutions Ver 2.0
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
Xoriant Smartphone apps accelerator
Xoriant Smartphone apps acceleratorXoriant Smartphone apps accelerator
Xoriant Smartphone apps accelerator
 
IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 

Más de Andris Soroka

Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...
Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...
Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...Andris Soroka
 
Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...
Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...
Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...Andris Soroka
 
Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...
Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...
Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...Andris Soroka
 
Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...
Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...
Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...Andris Soroka
 
Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...
Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...
Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...Andris Soroka
 
Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...
Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...
Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...Andris Soroka
 
Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)
Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)
Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)Andris Soroka
 
Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...
Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...
Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...Andris Soroka
 
Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...
Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...
Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...Andris Soroka
 
Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi
Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi
Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi Andris Soroka
 
Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...
Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...
Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...Andris Soroka
 
Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...
Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...
Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...Andris Soroka
 
Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...
Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...
Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...Andris Soroka
 
Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...
Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...
Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...Andris Soroka
 
Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...
Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...
Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...Andris Soroka
 
Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...
Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...
Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...Andris Soroka
 
Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...
Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...
Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...Andris Soroka
 
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...Andris Soroka
 
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...Andris Soroka
 
Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...
Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...
Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...Andris Soroka
 

Más de Andris Soroka (20)

Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...
Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...
Digitala Era 2017 - TransactPro - Normunds Aizstrauts - Maksājumu un finansu ...
 
Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...
Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...
Digitala Era 2017 - Datu Valsts Inspekcija - Lauris Linabergs - Vispārīgā dau...
 
Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...
Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...
Digitala Era 2017 - PMLP - Vilnis Vītoliņš - Gaisa kuģu pasažieru datu apstrā...
 
Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...
Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...
Digitala Era 2017 - BOD LAW - Līva Aleksejeva - LIELIE DATI un personas datu ...
 
Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...
Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...
Digitala Era 2017 - Spridzans Law Office - Anna Vladimirova Krykova - Mobilo ...
 
Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...
Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...
Digitala Era 2017 - ZAB “BULLET” - Ivo Krievs - Vai uz valsti attiecināmi cit...
 
Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)
Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)
Digitala Era 2017 - LSPDSA - Arnis Puksts - Datu aizsardzības speciālists (DPO)
 
Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...
Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...
Digitala Era 2017 - IIZI - Lauris Kļaviņš - GDPR - Kādus izdevumus un riskus ...
 
Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...
Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...
Digitala Era 2017 - E-Risinajumi - Māris Ruķers - Vai ar vienu datu aizsardzī...
 
Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi
Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi
Digitala Era 2017 - Gints Puškundzis - Personas datu apstrādes līgumi
 
Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...
Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...
Digitala Era 2017 - DatuAizsardziba.LV - Agnese Boboviča - Datu aizsardzības ...
 
Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...
Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...
Digitala Era 2017 - NotAKey - Janis Graubins - Mobile technologies for single...
 
Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...
Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...
Digitala Era 2017 - Hermitage Solutions - Gatis Kaušs - Clearswift - Komunikā...
 
Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...
Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...
Digitala Era 2017 - Digital Mind - Leons Mednis - eDiscovery risinājums GDPR ...
 
Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...
Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...
Digitala Era 2017 - ALSO - Artjoms Krūmiņš - Personas datu regulas (EU GDPR) ...
 
Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...
Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...
Digitala Era 2017 - ZAB Skopiņa & Azanda - Jūlija Terjuhana - Tiesības uz dat...
 
Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...
Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...
Digitala Era 2017 - IT Centrs - Agris Krusts - Latvijas iedzīvotāju digitālo ...
 
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Datu Aizsardzības Tehnoloģiskā...
 
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...
Digitala Era 2017 - DSS.LV - Arturs Filatovs - Mobilitāte un Personas Datu Dr...
 
Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...
Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...
Digitala Era 2017 - DSS.LV - Andris Soroka - Personas datu regulas tehnoloģis...
 

Último

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 

Último (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 

Mitigating Attacks on Your Applications & Data with AppWall's Auto Policy Generation

  • 1. Mitigating Attacks on your Applications & Data With AppWall Igor Kontsevoy November, 2012
  • 2. Agenda • The Solution: AppWall Web Application Firewall – Product overview – Security – Auto Policy Generation – Security & Compliance Reporting – Role Based Policy • Summary Slide 2
  • 3. The Solution: AppWall
  • 4. Introducing AppWall • AppWallTM is a WAF that secures Web applications and enables PCI compliance by: – Blocking attacks on Web application – Preventing data theft and manipulation of sensitive data • Available either as Physical or Virtual Appliance. Slide 4
  • 5. Introducing AppWall • AppWallTM is a WAF that secures Web applications and enables PCI compliance by: – Blocking attacks on Web application – Preventing data theft and manipulation of sensitive data • Available either as Physical or Virtual Appliance. Slide 5
  • 6. AppWall Overview Out-of-the-Box PCI Compliance Fast Implementation • WAF + IPS (PCI 6.6 & 11.4) • Simple initial deployment • PCI Compliance Reporting • Best in class Auto-Policy Generation Risk Management APSolute Vision SIEM • Unified and AppWall Correlated reporting across the network • Security reporting Scalability Complete Web App Protection • Cluster deployment • Full coverage of OWASP Top-10 • Centralized policy management • Negative & positive security models • Scalable by Device
  • 7. Complete Web Application Protection Signature & • Cross site scripting (XSS) Rule • SQL injection, LDAP injection, Protection OS commanding Terminate TCP, • Evasions Normalize, • HTTP response splitting (HRS) HTTP RFC • Credit card number (CCN) / Data Leak Social Security (SSN) Prevention • Regular Expression
  • 8. Complete Web Application Protection Parameters • Buffer overflow (BO) Inspection • Zero-day attacks • Cross site request forgery User • Cookie poisoning, session Behavior hijacking • Folder / file level access control Layer 7 ACL • White listing or black listing XML & Web • XML Validity and schema Services enforcement Role Based • Authentication Policy • User Tracking
  • 9. Flexible Deployment Strategies Access Virtual IP Public IP IP AppWall Firewall Router ADC Internet AppWall Web Servers • Transparent bridge mode – No network topology changes required – Transparent to non-HTTP traffic – Fail-open interfaces AppWall Array • Transparent Reverse proxy – HTTP Proxy for maximum security – Preserves Original Client IP address • Reverse proxy – HTTP Proxy for maximum security • Cluster deployment – ADC farm deployment – Auto policy synchronization within the farm Slide 9
  • 10. Multi-Tenancy • AppWall defines web application by any combination of: – Secured Web Server IP/Port – Secured Host name – Secured Application Tree (Folder) • AppWall enables complete multi-tenancy with: – Policy separation per Web Application – RBAC per Web Application – Reporting per Web Application Slide 10
  • 11. Patent Protected “App Path” Technology AppWall Policy Lightweight Policy, Negative security Policy only. Negative + Positive Intensive security Application Inspection Scope Policy Fully restricted access for others Other WAFs than the App Admin. Slide 11
  • 12. AppWall’s Adaptive Auto Policy Generation and Application Visibility
  • 13. Adaptive Auto Policy Generation (1 of 4) App Mapping Reservations.com /config/ /admin/ /register/ /hotels/ /info/ /reserve/ Slide 13
  • 14. Adaptive Auto Policy Generation (2 of 4) App Threat Mapping Analysis Reservations.com /config/ Risk analysis per “ application-path” Spoof identity, steal user information, data tampering /admin/ SQL Injection /register/ CCN breach Information leakage /hotels/ Gain root access control /info/ Directory Traversal /reserve/ Buffer Overflow Unexpected application behavior, system crash, full system compromise Slide 14
  • 15. Adaptive Auto Policy Generation (3 of 4) App Threat Policy Mapping Analysis Generation Reservations.com /config/ Prevent access to /admin/ SQL Injection sensitive app sections /register/ CCN breach Mask CCN, SSN, etc. in ***********9459 responses. /hotels/ Traffic normalization & /info/ Directory Traversal HTTP RFC validation /reserve/ Buffer Overflow P Parameters inspection Slide 15
  • 16. Adaptive Auto Policy Generation (4 of 4) App Threat Policy Policy Mapping Analysis Generation Activation Reservations.com Time to protect Virtually zero false positive /config/ /admin/ SQL Injection Optimize rules for /register/ CCN breach best ***********9459 accuracy /hotels/ /info/ Directory Traversal Add /reserve/ Buffer Overflow P tailored application rules Best Security coverage Slide 16
  • 17. Application Visibility – Application Tree View Slide 17
  • 18. Application Visibility – Parameters View Cookie Path Parameter Query Parameter Slide 18
  • 20. AppWall Role Based Policy AppWall Role Based Policy Enables defining different security policies for different users To provide flexible access to web application While properly securing the application. Slide 20
  • 21. Role Based Policy Delivers: Authentication and login detection Authorization and access control Accounting and Auditing Web based Single Sign On Separation of duties Application Content Control Slide 21
  • 22. Role Based Policy • Defining web app role based security policy • Retrieving the users’ group association from LDAP. • Configure different policies for different roles: – Admin – Employee – Partner – Customer – Public Slide 22
  • 24. Radware.com – admin user Slide 24
  • 26. Role Based Policy Slide 26
  • 27. Sharing Policy Among Roles Shared Policy Across Roles (new) Different Policies (old): • Customer – Access Prohibited • Partner - Access allowed but CCN Masked • Employee - Access allowed and see CNN Slide 27
  • 29. Best Security & Compliance Reports • Network and application security correlation reports • Dozens of predefined security reports • Learning reports detailing learned app resources • Audit and access reports • PCI Compliance reports Slide 29
  • 30. AppWall & DefensePro Correlation AppWall Blocked Attacks DefensePro Blocked Attacks Slide 30
  • 32. Top Attacks by Source Slide 32
  • 33. PCI Compliance Summary Report Compliance Status Analysis Info PCI Requirement Action Plan Slide 33
  • 35. The Cost of Insecurity 035
  • 36. AppWall Distinctive Competence • Cloud Ready Complete ADC solution • Unique Network & Application Attack mitigation • Adaptive Auto Policy Generation • Best security & compliance reports • Reduced Cost of Ownership Slide 36