Www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved. Securing You Web...
-
Upload
brice-lewis -
Category
Documents
-
view
216 -
download
0
Transcript of Www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved. Securing You Web...
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Web Application Firewall Protection
CYBEROAM UTM’s
Unified Threat Management
Our Products
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Top 5 outcomes of Web Application Attacks
Leakage of Information 20.38%
Defacement 18.47%
Planting of Malware 14.01%
Monetary Loss 12.74%
Downtime 12.74%
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Types of Web App Attacks/Vulnerabilities:Types of Web App Attacks/Vulnerabilities:
VulnerabilitiesInvalidated Input
Broken access control
Broken Authentication/Session mgmt
denial of service
Cross site scripting flaws
Buffer overflows Attack Methods – the weapons SQL Injection
Cross-site scripting (XSS)
Cookie poisoning
Session hijacking, …
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
What is stopping majority of us from investing in a Web Application Firewall?
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
80% of web applications have a vulnerability waiting to be exploited.
90 percent of all attacks today are aimed at the website and its supporting applications.
Aren’t we leaving too much to luck?
Human NatureHuman Nature
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Most of us believe web application attacks cannot happen in our organization…
The “It can’t happen to me” syndrome!The “It can’t happen to me” syndrome!
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Slide 7
Attacks that made the news…Attacks that made the news…
XSS Vulnerability in Facebook Translations Posted on: 8 March 2011
September 16, 2010
Polish hacker gets inside US Military's
Defense Logistic Agency website
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Attacks that didn’t make the newsAttacks that didn’t make the news
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
The Powerful Hacker Community…The Powerful Hacker Community…
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Ignorance about attacks on Internal web applicationsIgnorance about attacks on Internal web applications
kb.abccorp.com
intranet.abccorp.com
anyintranet.com
anycamera.com
anypos.com
anypayroll.com
anysmall_erp.com
anyinternal_app.com
finally anything_over_http(s).com
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Traditional security solutions aren’t effective against web application attacks
Living under a false sense of security!Living under a false sense of security!
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
What your Firewall, IPS, UTM cannot do…What your Firewall, IPS, UTM cannot do…
Firewalls/IPS cannot protect a web application from unknown threats
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
But the biggest barriers to WAF purchase are… But the biggest barriers to WAF purchase are…
Cost of damage Vs Cost to Protect
Vs
Time To implement
To maintain
Fear of Complexity
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Cyberoam Web Application Firewall is the answer…Cyberoam Web Application Firewall is the answer…
Best of breed WAF:
Expensive
Time-consuming
Complex
Cyberoam WAF Subscription :
Affordable
Easy to deploy
Doesn’t require changes in existing set up
Vs
IT Manager
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
How does Cyberoam WAF work?How does Cyberoam WAF work?
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Positive protection model and No Signature Tables
Intuitive website flow detector Automatically adapts to website
changes
Protects against OWASP top 10 vulnerabilities
SSL Offloading
Monitoring & Reporting
Slide 16
Cyberoam UTM’s WAF – Feature SetCyberoam UTM’s WAF – Feature Set
www.cyberoam.com © Copyright 2012 Elitecore Technologies Ltd. All Rights Reserved.
Securing You
Thank you!
The WAF subscription is available on 50ia, 100ia, 200i, 300i, 500ia, 750ia, 1000ia, 1500ia series of UTM appliances.