The document summarizes AppWall, a web application firewall that provides security for web applications. It discusses AppWall's product overview, security features like auto policy generation and role-based policies, and compliance reporting capabilities. AppWall can be deployed either as a physical or virtual appliance, and uses adaptive auto policy generation to analyze applications and threats to generate tailored security policies with minimal false positives. It also allows role-based access control and separation of duties through role-based policies.
4. Introducing AppWall
• AppWallTM is a WAF that secures Web applications
and enables PCI compliance by:
– Blocking attacks on Web application
– Preventing data theft and manipulation of sensitive data
• Available either as Physical or Virtual Appliance.
Slide 4
5. Introducing AppWall
• AppWallTM is a WAF that secures Web applications
and enables PCI compliance by:
– Blocking attacks on Web application
– Preventing data theft and manipulation of sensitive data
• Available either as Physical or Virtual Appliance.
Slide 5
6. AppWall Overview
Out-of-the-Box PCI Compliance Fast Implementation
• WAF + IPS (PCI 6.6 & 11.4) • Simple initial deployment
• PCI Compliance Reporting • Best in class Auto-Policy Generation
Risk Management APSolute Vision SIEM
• Unified and AppWall
Correlated reporting
across the network
• Security reporting
Scalability Complete Web App Protection
• Cluster deployment • Full coverage of OWASP Top-10
• Centralized policy management • Negative & positive security models
• Scalable by Device
7. Complete Web Application Protection
Signature & • Cross site scripting (XSS)
Rule • SQL injection, LDAP injection,
Protection OS commanding
Terminate
TCP, • Evasions
Normalize, • HTTP response splitting (HRS)
HTTP RFC
• Credit card number (CCN) /
Data Leak Social Security (SSN)
Prevention • Regular Expression
8. Complete Web Application Protection
Parameters • Buffer overflow (BO)
Inspection • Zero-day attacks
• Cross site request forgery
User
• Cookie poisoning, session
Behavior hijacking
• Folder / file level access control
Layer 7 ACL • White listing or black listing
XML & Web • XML Validity and schema
Services enforcement
Role Based • Authentication
Policy • User Tracking
9. Flexible Deployment Strategies
Access Virtual IP Public IP IP
AppWall
Firewall
Router ADC
Internet
AppWall
Web
Servers
• Transparent bridge mode
– No network topology changes required
– Transparent to non-HTTP traffic
– Fail-open interfaces
AppWall Array
• Transparent Reverse proxy
– HTTP Proxy for maximum security
– Preserves Original Client IP address
• Reverse proxy
– HTTP Proxy for maximum security
• Cluster deployment
– ADC farm deployment
– Auto policy synchronization within the farm
Slide 9
10. Multi-Tenancy
• AppWall defines web application by any
combination of:
– Secured Web Server IP/Port
– Secured Host name
– Secured Application Tree (Folder)
• AppWall enables complete multi-tenancy with:
– Policy separation per Web Application
– RBAC per Web Application
– Reporting per Web Application
Slide 10
11. Patent Protected “App Path” Technology
AppWall Policy
Lightweight Policy,
Negative security
Policy only.
Negative + Positive
Intensive security
Application Inspection
Scope
Policy Fully restricted
access for others
Other WAFs than the App Admin.
Slide 11
13. Adaptive Auto Policy Generation (1 of 4)
App
Mapping
Reservations.com
/config/
/admin/
/register/
/hotels/
/info/
/reserve/
Slide 13
14. Adaptive Auto Policy Generation (2 of 4)
App Threat
Mapping Analysis
Reservations.com
/config/ Risk analysis per “ application-path”
Spoof identity, steal user
information, data tampering
/admin/ SQL Injection
/register/ CCN breach Information leakage
/hotels/
Gain root access control
/info/ Directory Traversal
/reserve/ Buffer Overflow Unexpected application
behavior, system crash, full
system compromise
Slide 14
15. Adaptive Auto Policy Generation (3 of 4)
App Threat Policy
Mapping Analysis Generation
Reservations.com
/config/
Prevent access to
/admin/ SQL Injection sensitive app sections
/register/ CCN breach
Mask CCN, SSN, etc. in
***********9459 responses.
/hotels/
Traffic normalization &
/info/ Directory Traversal HTTP RFC validation
/reserve/ Buffer Overflow P Parameters inspection
Slide 15
16. Adaptive Auto Policy Generation (4 of 4)
App Threat Policy Policy
Mapping Analysis Generation Activation
Reservations.com
Time to protect
Virtually zero false positive
/config/
/admin/ SQL Injection Optimize
rules for
/register/ CCN breach best
***********9459 accuracy
/hotels/
/info/ Directory Traversal
Add
/reserve/ Buffer Overflow P tailored
application
rules
Best Security coverage Slide 16
20. AppWall Role Based Policy
AppWall Role Based Policy
Enables defining different security policies
for different users
To provide flexible access to web application
While properly securing the application.
Slide 20
21. Role Based Policy Delivers:
Authentication and login detection
Authorization and access control
Accounting and Auditing
Web based Single Sign On
Separation of duties
Application Content Control
Slide 21
22. Role Based Policy
• Defining web app role based security policy
• Retrieving the users’ group association from LDAP.
• Configure different policies for different roles:
– Admin
– Employee
– Partner
– Customer
– Public
Slide 22