DefenseFlow Security Operations Model · 2016-10-06 · Radware’s Attack Mitigation Network is an...

SHARE THIS WHITEPAPER

DefenseFlow Security Operations ModelWhitepaper

http://www.linkedin.com/shareArticle?mini=true&url=http://www.radware.com/PleaseRegister.aspx?returnUrl=6442456223

http://www.facebook.com/sharer/sharer.php?u=http://www.radware.com/PleaseRegister.aspx?returnUrl=6442456223

http://twitter.com/intent/tweet?text=Radware%20HTTP2%20and%20FastView%20Whitepaper%20%20-%20Download%20It%20Now%20-%20http://www.radware.com/PleaseRegister.aspx?returnUrl=6442456223

https://plus.google.com/share?url=http://www.radware.com/PleaseRegister.aspx?returnUrl=6442456223

DefenseFlow Security Operations Model Whitepaper

2

Table of Contents

Introduction ....................................................................................................................................................3

More Devices, More Data, More Threats ..................................................................................................3

Rise of the White Robots ..........................................................................................................................3

Radware Attack Mitigation Network ...............................................................................................................5

Distributed Detection ................................................................................................................................5

Distributed Mitigation ...............................................................................................................................5

Centralized Control ...................................................................................................................................5

Radware DefenseFlow Cyber Control .......................................................................................................5

DefenseFlow Key Capabilities ..................................................................................................................5

DefenseFlow 2.3 – Flexible SecOps Automation ............................................................................................7

Inbound Everything ...................................................................................................................................7

The Workflow – Let DefenseFlow Do All the Work ....................................................................................7

Operation ..................................................................................................................................................8

Criteria ......................................................................................................................................................8

Operational Modes ...................................................................................................................................9

DefenseFlow Operational Monitoring and Alerting ...................................................................................9

Example 1: Automated Hybrid Mitigation Workflow .................................................................................9

Example 2: SmartTAP Deployment Workflow ..........................................................................................11

Summary .......................................................................................................................................................13


3

IntroductionMore Devices, More Data, More Threats The landscape is changing. It is not only the IT infrastructure which is gaining ground in complexity, quantity and expectation, but attackers are utilizing newly available technology and the results of this are already being seen on the battlefield.

Statistics show that attack durations are getting shorter1. This doesn’t mean that attacks have become less impactful or that attackers have become less persistent. It means that campaigns are now characterized by short bursts of attacks, indicating that automation is used by attackers to their advantage. The ability to coordinate larger numbers of attacking bots and trigger them in a timely manner to generate damage is an indication that the infrastructure used to launch attacks is becoming increasingly sophisticated. It also means that the overall number of manifestations or single attacks which the Security Operations Center will have to handle is growing.

On the other hand, organizations continue to purchase more security solutions. The average enterprise manages over 50 different security vendors2. Over 80% of organizations report that their solutions for cyber-attacks require a medium to high degree of configuration or manual tuning, according to the 2015 – 2016 Global Application & Network Security Report (see Figure 1).

Rise of the White RobotsWhile it is hard to believe that planning and management of the security architecture will be fully automated by machines, many of the practices which are currently the security professional’s daily activities will be facilitated by automated systems. A simple evaluation of the costs and benefits associated with allowing bots to perform specific tasks is the reason.

Considering the level of automation in other industries, such as writing, trading of stocks, genetic research, etc., it is only a matter of time until more and more security operations become dominated by automated systems.

Security operations is considered one of those areas who are already under assault from automation. Handling security incidents is considered one of the most labor intensive and repetitive operations in the lifecycle of maintaining a secure organization. It involves a predefined set of indications and resulting actions taken until resolution. Normally, an organization will have a playbook which is followed by security professionals. This playbook defines the workflow the security professional is expected to follow when an attack occurs.

1 Radware 2015-2016 Global Application & Network Security Report2 Cisco 2016 Annual Security Report

2015

58%

24%High

Degree

17%Low

Degree

MediumDegree

Figure 1: Degree of Manual Tuningor Configuration Required


4

That said, what would it take to really enable organizations to entrust their most critical systems to the care of automated processes? There are a few key elements which must be present in order to enable such a transition:

• Simplicity – Security vendors are constantly required to adapt to today’s variation and rapidly changing environment and more complexity is added to security products in the form of configurations, checkboxes and controls. This makes the overall security environment complex to operate. Above all else, a system which aims to change the balance of operational overhead must truly generate a simpler operational process. If the price of automation becomes too high, such that planning, building and implementing the system becomes an impossible task, then efforts are simply shifted to a slightly different domain or group in the organization.

• Flexibility – The fast paced environments of today keep changing and every organization is never in a static position. Most networks and applications continually change due to new capabilities. The level of variation between organizations and within an organization is high and keeps increasing. A system which aims to introduce automation into today’s environments must be flexible enough to fit and accommodate any environment configuration, and at the same time, facilitate constant change to the ecosystem it resides in.

• Control and Visibility – It would be hard for any organization which already has established processes to trust a fully automated replacement. Take, for example, the self-driving automobile. How would you react taking a ride for the first time? For most, they would be terrified. Now, think of whether you would feel safer if you were in the driver seat with the ability to break or move the wheel in case of danger. Most people would prefer the second option. The same goes for automating critical processes in the network. A system which is able to provide operators the same level of control they had before, while implementing an automated process, would go a long way in enabling organizations a safe transition towards a fully automated process. This can be achieved via visibility tools that provide visibility into each step of the process while facilitating operational modes that allow users to validate the next step in the chain before it happens.

Radware Attack Mitigation Network Radware’s Attack Mitigation Network is an architecture which enables organizations to control the changing environment and complexity of threats. It includes three major components:

Distributed Detection The ability to detect a single threat across the entire network by utilizing dedicated security probes, existing network elements and additional 3rd party security components.

Distributed MitigationThe ability to mitigate attacks at the optimal location utilizing the proper mitigation components. Optimal means the furthest away from the protected infrastructure with the least disruption of traffic flow and impact on user experience. The optimal mitigation may be achieved by utilizing network infrastructure for applying mitigation rules or dedicated mitigation elements. Radware is a market leader in cyber-attack mitigation with DefensePro providing the most accurate and fastest mitigation of all types of availability-based threats.

Centralized ControlThe control function is the facilitator of the distributed AMN. It is able to collect input from distributed detection elements. It then aggregates, correlates and analyzes in the context of the protected service, implements security, and applies the optimal action based on the available mitigation components. The overall control operations of the AMN are realized by DefenseFlow.


5

Radware DefenseFlow Cyber ControlDefenseFlow is a software product that leverages network technologies and Radware attack detection and mitigation technologies to provide attack mitigation as a native network service.

DefenseFlow acts as a cyber defense control-plane that collects and analyzes various security telemetries, and based on this information, provides various intelligent security actions.

Together with DefensePro Attack Mitigation Device, DefenseFlow provides a comprehensive and programmable network-wide security solution that focuses on providing protection to the infrastructure of the carrier.

DefenseFlow Key CapabilitiesData CollectionDefenseFlow can collect various types of telemetry, statistics and events from various network elements and other control plane entities. This includes NetFlow, OpenFlow, DefensePro, Alteon, AppWall and more. In addition, the DefenseFlow collection interface is completely pluggable to enable the collection of data from a new type of network, security or control element is very quick.

Behavioral Detection DefenseFlow can collect various types of telemetries and statistics from various network elements and other control plane applications and apply behavioral algorithms for accurate and false positive free detection. The behavioral detection mechanism is fully compatible with mitigation behavioral mechanisms that allows for the fastest and most accurate mitigation in the industry.

Attack Lifecycle Management In order to handle several services, tenants or network elements in a reasonable TCO and with minimal effort, DefenseFlow employs strong algorithmic capabilities which enable automation of several common NOC/SOC operations within cyber-attack mitigation workflows. Examples for these are new service provisioning, mitigation activation, traffic blocking via RTBH or BGP Flowspec, traffic diversion / injection and attack termination. A key aspect of doing this successfully is complete synchronization of information such as statistics, configurations and previously learned baselines across systems, such that each participating element can act accurately and efficiently. This enables service providers to handle large amounts of customers efficiently and with minimal errors. Each of the automation algorithms also includes a user confirmation mode in which the operative can validate and approve each action before it happens.

Abstraction of the Physical LayersSecurity service provisioning, attack activation and traffic diversion/injection, and security monitoring are enabled in the context of the protected service across the different detection and mitigation systems involved.

Service CapacityAs mitigation is enabled only when needed, DefenseFlow enables provisioning of mitigation equipment to allow for a cost effective solution which is governed by the number of active attacks in the network rather than the number of customers. DefenseFlow allows simple building of mitigation device clusters so that the overall mitigation capacity can reach up to 3TB of mitigation. The cluster size can reach from one mitigation device and up to 10 devices with full support in a “pay as you grow” approach.

SDN Support DefenseFlow supports SDN-based networks for statistics collection and traffic diversion operations and allows for hybrid modes so that service providers moving from traditional to SDN-based controls can be fully supported. This capability enables a future proof solution which supports both traditional and SDN networks and allows for a smooth transition.


6

40.00%

51.76%

30.59%

41.18%

Additional routingconsiderations

Additional or optional securitydetection considerations

Additional or optionalload balancing

WAN / LANperformance monitoring

55%

50%

45%

40%

35%

30%

25%

20%

15%

10%

5%

0

In addition to the many advantages associated with moving to an SDN-based network, SDN-based DDoS detection enables more accurate and fast detection of DDoS attack than traditional network statistics methods.The DefenseFlow control plane architecture is aligned with the NFV reference architecture and with the OPNFV MOON project.

Figure 2: security risks associated with SDN

Figure 3: SDN Implementation Statistics

DefenseFlow 2.3 – Flexible SecOps Automation One of the key requirements for security operations is for the security control system to be flexible enough to integrate within any environment and enable integration of different systems, network elements and applications. Some of these may already exist in the environment and others may be new. On the other hand, this requirement, when interpreted in a trivial manner, comes in contrast to maintaining a simple system which enables low engagement from operatives and high levels of automation.

DefenseFlow aims to tackle this conflict by being flexible enough to be deployed within any environment while keeping things simple to operate and abstracting many of the underlying complexities. Here are the key components which enable this best both worlds approach:

47.92%

25.00%

39.58%

48.96%

37.50%

37.50%

10% 20% 30% 40% 50%

Centralized controller is a potential single point of attack and failure

Southbound interface between the controller and data-forwarding devices is vulnerable

(DDoS) attack protection is not a native network service

The technology is immature and potentially full of software vulnerabilities

High level of required proprietary customization needed for each implementation

Introduces ‘security sprawl’ by opening up the network to widespread automated provisioning

Figure 4: SecOps approach requires flexibility together with rapid development and operation

SE

RVICE ASSURANCE

SECURITY AR

CH

ITE

CT

UR

ESE

CU

RIT

Y O

PERATIONS

SECOPS


7

Inbound EverythingDefenseFlow already includes interfaces for NetFlow, OpenFlow, DefensePro, Alteon and AppWall. DefenseFlow also includes an interface which enables it to receive indications from additional sources. The interface allows for pluggable drivers for any type of telemetry and detection source which can send an indication over IP traffic. This can be syslog, HTTP or any other types of communication. The only requirement is that it contains the information which is relevant to a certain type of scenario which can be handled by DefenseFlow.

While DefenseFlow comes pre-packed with drivers for various security elements, implementing a new driver doesn’t require any development efforts. Customers who are interested in inclusion of their own indicators for DefenseFlow can obtain this support via Radware Professional Services.

The Workflow – Let DefenseFlow Do All the WorkDefenseFlow introduces the concept of workflows to bundle a group of scenarios for a specific protected asset or object. DefenseFlow workflows are similar to the playbook of actions taken by security operatives when an indication of threat or malicious activity is received from one of the security systems. The workflow enables DefenseFlow to automatically deduce the set of actions that are required with regards to an object which is in need of an operational change due to a security indication. Workflows are all reusable so that once a workflow is configured, it only has to be applied in order to enable protection of a new entity of a similar type.

The DefenseFlow workflow abstracts the security logic and decision-making process via an intuitive and easily accessible playbook scenario. In certain cases, a workflow can represent an operational logic which would have been owned by the SOC. In other cases, it may represent a more complex logic which was previously not accessible or unmanageable by the SOC due to quantity, complexity or speed.

DefenseFlow includes several predefined workflows which correspond to the common scenarios customers require, but users can create their own workflows in DefenseFlow such that any deployment, integration or actionable scenario can be supported.

Figure 5: Example WorkFlow with different criteria and operations

The DefenseFlow workflow is comprised of two main building blocks: operations and criteria.

Protected ObjectNetwork Infrastructure

WorkFlow – Infrastructure Protection

Provisioning Operation: None

AttackBW>1Gbps

AttackBW>10Gbps

AttackBW>40Gbps

AttackEnd

AttackEnd

AttackEnd

OutOfPathDivertMitigateInject

BGPFlowSpecMitigate

BlackHole

Enter Criteria Exit Criteria Operation


8

Operation An operation defines what operation DefenseFlow should execute upon criteria match. It could involve any of the security capabilities which DefenseFlow has access to within the environment, such as provisioning or tuning the mitigation infrastructure, manipulating the traffic, blocking a certain entity or any combination of them. The operation allows matching the security action taken to the specific security problem based on a specific criteria.

Each workflow can contain many operations. Each operation in the workflow will be the operation which is most appropriate for the specific criteria set it handles. This ensures a high level of flexibility, granularity and accuracy in terms of the actions to be taken, the configuration to be applied and how traffic is manipulated. At the same time, once architected, the entire process is automated.

CriteriaThe criteria engine allows DefenseFlow to define the system state to be satisfied in order to trigger an operation. This can be in the form of an inbound indication, a mitigation system status change or any other indication DefenseFlow is capable of processing. The criteria engine allows the definition of the values of each followed parameter required to trigger a match and launch an operation. For example, an operation can be triggered when an alert of high severity reaches the system to provision a specific type of security policy and mitigation, while a different security policy will be applied for the same alert at medium severity. In such a scenario, the high severity alert could trigger a mitigation in blocking mode while the medium severity could trigger mitigation in report only mode. Another example is selecting a different operation as a result of attack volume. A high-volume attack could trigger traffic blocking or black holing at the network entry while a medium volume attack could trigger mitigation at a regional scrubbing center.

Operational Modes In order to allow various levels of control to network operatives, DefenseFlow supports three different modes of operation:

Automatic – In this mode DefenseFlow fully automates attack lifecycle management end-to-end. For criteria match, DefenseFlow automatically activates the relevant operation associated with the criteria and automatically relaxes the system and cleans the configuration changes once the criteria have been satisfied.

User Confirmed – This mode is designed for customers who require a human eye to see pending changes before they are applied. It operates exactly like automatic mode only that before each step is performed, the user is prompted for confirmation before a change is executed. In addition, the user is allowed to edit several parameters related to the operation before they confirm it. If they are fine tuning events which are relevant for each specific activation, they are enabled by this mode. This mode enables the high level of simplification delivered by DefenseFlow, together with high level of confidence allowed by human confirmation of sensitive network changes.

Manual – Each of the building blocks of the DefenseFlow operation can be executed manually by the user either on detection and termination, or at any given time. It enables users to trigger or terminate operations whenever they see fit.

These different operational modes provide agility and flexibility to the operational approach and allow for the full range of options. This also allows for a safe and gradual transition from manual to automated processes.

DefenseFlow Operational Monitoring and AlertingAs DefenseFlow workflows abstract complex processes which may involve underlying components and steps, it is crucial for users to be able to follow, understand and, if necessary, troubleshoot these processes. Therefore, an integral part of the security operations and automation framework are the visibility and operational monitoring tools. DefenseFlow includes the following tools:


9

Planning Tool – The planning tool enables user to plan the entire underlying process which constitutes an operation in an easy and accessible description. It enables users to see what is going to happen exactly when an operation is triggered, i.e. what network elements will be involved, what mitigation elements and which individual actions are planned to be performed for each step. This is a "what-if" tool that allows users to follow complex decision-making processes visually and understand the outcome of each decision.

Process Visibility Tool – The process visibility tools provide visibility while an automated process is taking place. It allows the user to follow each step of the operation while it is happening or after the fact, and identify what was the result of each action taken.

Pending Actions Tool – The pending actions tool allows a centralized interface for all actions which are pending user confirmation. For each action which is pending, user confirmation is displayed in the interface and enables the user to see the details of the action, validate the action before it is confirmed, edit several parameters if needed, and confirm the operation.

Example 1: Automated Hybrid Mitigation WorkflowHybrid DDoS mitigation is widely considered as the most comprehensive DDoS protection architecture because it allows the widest coverage, highest accuracy and shortest time to mitigation. Many service providers target this architecture as a way to monetize their infrastructure and provide a high quality DDoS mitigation service to their customers. This could be via a “shared CPE” architecture in which the CPE element is placed at the aggregation layer and shared amongst several customers, or a dedicated CPE architecture where an actual CPE device is placed on-premise and managed by the service provider. This architecture may be appealing to customers due to the quality solution it delivers, but in practice, generates significant operational effort for the service provider. This effort is associated with the configuration and management of the CPE device and handling the operations of provisioning scrubbing protection in an attack scenario.

Figure 6: hybrid mitigation use case

Data Center/Customer Data Center/CustomerData Center/Customer

Signaling: No Attack.CPU=50%, I/F1 load=0.4G

Messaging: Attack #1 on IP1,Risk=LOW, Category=SYN Flood,BW=200M. CPU=60%, I/F1 load=0.5G

Messaging: Attack #1 on IP1,Risk=HIGH, Category=SYN Flood,BW=500M. CPU=85%, I/F1 load=0.8G

DefenseFlowCyber Defense Control-Plane

Signaling: No Attack.CPU=50%, I/F1 load=0.4G

SP Backbone/16

ScrubbingCenter

DP1Scrubbing

Center DP2

DPc

IPc

PE1

I/F1

PEER 2PEER 1

WWW

1

2

3

4

5

6

78 89

Delegation Criteria Triggered


10

DefenseFlow introduces a workflow which is designed to facilitate this operational scenario shown (see Figure 7). It includes the following operations:

• Stage 1 - Provisioning of the CPE device. • Stages 2, 3, 4, 5 - Monitoring of the CPE device for problems and attacks and deciding when to divert traffic to a scrubbing center. • Stages 6, 7 - Importing all information required from the CPE mitigation to the scrubbing mitigation. • Stage 8 - Diverting the traffic towards scrubbing and returning the legitimate traffic back to normal path. • Stage 9 - Monitoring both mitigation systems for attack end. • Stage 10 - Returning the system and traffic back to normal upon the conclusion of the attack.

In this scenario, the workflow and operation objects arrive preconfigured with DefenseFlow in order to provision a new protected object such as a customer or protected service, allowing the user to configure just the networks, select the operation mode and determine the preferred workflow. Protecting services and delegating the attack to a scrubbing center requires no human intervention or only human confirmation, depending on the selected operation mode.

Figure 7: hybrid mitigation workflow

WorkFlow – Hybrid

Provisioning Operation: AlwaysOnMitigateOnly

Operation –AlwaysOnMitigateOnly

Mitigation ModeMitigation PolicyMitigation Group

Operation –OutOfPathDivertMitigateInject

Mitigation ModeMitigation PolicyMitigation GroupTraffic Diversion GroupTraffic Diversion MethodTraffic Diversion GroupTraffic Diversion Method

AttackBW>1Gbps AttackEnd OutOfPathDivertMitigateInject


Protected Object – Example 1Networks = x.x.x.x/yy,...Mode = User ConfirmationWorkflow = Hybrid


11

Example 2: SmartTAP Deployment WorkflowIn many networks, either due to high sensitivity to latency or low tolerance to any point of failure added to the traffic path, the potential impact of introducing an additional “bump in the wire” cannot be tolerated. On the other hand, security has become a function which cannot be ignored for these types of networks.

SmartTAP deployment addresses the above scenario. It allows organizations to deploy the top security measures for their network, and at the same time, eliminate latency and risk of failure. This is achieved by using a smart mechanism which granularly diverts only the traffic to be cleaned via a local mitigation device. The mitigation device is deployed on a copy or a TAP port and receives a copy of the traffic at all times, eliminating latency and additional risk of failure. Once an attack is detected, only the relevant traffic is diverted through the device and the attack is prevented in seconds. “Clean” traffic is allowed to flow through the network freely. While this happens, the copy traffic is handled so the mitigation device only processes the traffic once so conflicts or duplications do not occur.

Figure 8: SmartTAP use case

The workflow which facilitates this deployment makes it easy to deploy, manage and monitor and includes the following operations (see Figure 8).

• Stage 1 - Provisioning of the initial policies within the mitigation device. • Stage 2 - Monitoring the device and the security indications it produces and detecting when the criteria is satisfied so traffic is diverted to the device. • Stage 3 - Diverting only relevant traffic via the mitigation device. Handling the copy traffic so no duplicate traffic arrives at the device. • Stage 4 - Monitoring criteria for attack conclusion and returning the system back to normal operation. The workflow and operations objects arrive preconfigured with DefenseFlow to provision a new SmartTAP object, the user only has to configure the networks, select the operation mode and the preferred workflow (see Figure 9).

DefenseFlowCyber DefenseControl-Plane

DefensePro inTransparent Mode

DP1 TAP / SPAN TAP / SPAN DP2

PEER 2PEER 1

IP1

1

1

2

3

1

2

3

WWWSPAN / TAP Configuration:Send All Port 1 IngressTraffic to Port 2


Attack Detected


PEER 2PEER 1

IP1

2

1

2

3

1

2

3

WWW Redirect Port 1 Traffic toPort 3 (through DP)

SP Backbone


DP1 TAP / SPAN TAP / SPAN

IP1

3

1

2

3

1

WWW DefenseFlowCyber DefenseControl-Plane

Attack Detected


PEER 2PEER 1

IP1

4

1

2

3

1

2

3

WWW SPAN / TAP Configuration:Send All Port 1 Ingress Traffic to Port 2

PEER 2PEER 1SP Backbone

2

3

DP2


12

Figure 9: SmartTAP workflowSummaryDefenseFlow allows service providers to easily automate incident response operations in the most complex and highly-distributed environments. The cyber command and control application maximizes security effectiveness with minimal operational effort and overhead.

DefenseFlow Version 2.3 extends Radware’s attack mitigation solution by adding always-on/SmarTap and hosted customer protection use cases to provide the widest attack detection coverage coupled with immediate attack mitigation.

• Fully automated incident response - DefenseFlow features a user friendly interface that enables operators to define actionable operations per security incident. Operations include: o Service provisioning per customer or network tenant o Attack detection using multiple detection sources: NetFlow-based, OpenFlow-based and inline/tap DefensePro. o Apply actionable attack mitigation operations such as: local mitigation, traffic diversion to scrubbing center or peering DefensePro, black holing, etc.

• Workflow-based model – assign an orchestrated and automated workflow per customer that includes service provisioning, attack detection criteria and actions

• Designed to fit various use cases – Flexible deployment models that fit into any environment, including infrastructure protection and per-tenant protection, to simplify service provider’s operations.

WorkFlow – SmartTAP

Provisioning Operation: SmartTapDetection

Operation –SmartTapDetection

Mitigation ModeMitigation PolicyMitigation GroupTraffic Diversion GroupTraffic Diversion Method

Operation –SmartTapDivertInject

Traffic Diversion GroupTraffic Diversion MethodTraffic Diversion GroupTraffic Diversion Method

AttackStart AttackEnd SmartTapDivertInject


Protected Object – Example 1Networks = x.x.x.x/yy,...Mode = User ConfirmationWorkflow = SmartTAP


13

• Always-on/SmarTap attack protection – DefensePro appliances deployed on-premise or at the provider’s network edge to offer the following benefits: o Widest attack coverage - mitigate all type of DoS/DDoS attacks, network intrusions, brute force attacks, application-level attacks and others in seconds o Highest mitigation accuracy - block attack traffic without blocking legitimate user traffic o Mitigate attacks in real time

• Best quality-of-mitigation solution in the industry - DefensePro devices deployed at the carrier/SP scrubbing center to remove volumetric attack traffic without blocking legitimate user traffic

About RadwareRadware® (NASDAQ: RDWR), is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers. Its award-winning solutions portfolio delivers service level assurance for business-critical applications, while maximizing IT efficiency. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.

Radware encourages you to join our community and follow us on: Facebook, Google+, LinkedIn, Radware Blog, SlideShare, Twitter, YouTube, Radware Connect app for iPhone® and our security center DDoSWarriors.com that provides a comprehensive analysis on DDoS attack tools, trends and threats.

This document is provided for information purposes only. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law. Radware specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. The technologies, functionalities, services, or processes described herein are subject to change without notice.

©2016 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks, patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/

PRD-DefenseFlow_Security_Operations-WP-01-2016/04-US

http://www.radware.com

http://www.radware.com/Solutions/ApplicationDelivery/

http://www.radware.com/Products/Application-Network-Security/

http://www.radware.com

https://www.facebook.com/Radware

https://plus.google.com/+radware/posts

http://www.linkedin.com/company/165642

http://blog.radware.com/

http://www.slideshare.net/Radware

http://twitter.com/#!/radware

http://www.youtube.com/radwareinc

http://itunes.apple.com/us/app/radware-connect/id391124100?mt=8

http://security.radware.com/

https://www.radware.com/LegalNotice/

DefenseFlow Security Operations Model · 2016-10-06 · Radware’s Attack Mitigation Network is an...

Documents

Transcript of DefenseFlow Security Operations Model · 2016-10-06 · Radware’s Attack Mitigation Network is an...