ASM Presentation(2)

8/16/2019 ASM Presentation(2)

1/23


2/23

Applications Trends andDrivers

• Webifcation : Web-based interaces and connections are being applied to multipapplications and devices.

There is an increasing in intelligent browsers running on all sorts

platorms.

Targeted Attacks on specifc websites , application and companie

eople and companies are more vulnerable.


3/23

Attacks are Moving “ Up The Stack ”


4/23

A#$ is a modular component o the T$%#.

&enefts o T$%# :

• 'ull reverse pro("

• ##) accelerator

• digital certifcates management

• '!# compliant

• *)A+ segmentation

• remote authentication and authoriation

• enhanced logging• T! optimiation

• connection pooling

• !port fltering

• rate shaping

• i/ules


5/23

A#$ is a WA'• WA's are a necessit" in toda"0s computing environment.

• all clients are at risk, regardless o their industr".

A#$ as a WA' can :• /educe operation osts on man" levels.

• #top attacks.

• /educe the e(pense o meeting ! securit" compliance re1uireme

• provides is the abilit" to virtuall" patch and mitigate application

vulnerabilities in minutes.• allow the securit" o2cer to make sure applications are secure witho

need or help o a development team.

• provides out-o-the-bo( application securit" policies.

• !t allows the customer to see what is being protected.


6/23

ASM in the network and common data f

ASM that monitor URLs for server latency, top accessed pages, and other statistics


7/23

ASM in depth


8/23

Securing Applications

Options of security Applications :• modify the application to repair identified vulnerabilities

• implementing point !A" solutions

• use the A#$ as a strategic point to secure both yourapplication your data


9/23

Approaches to securing applicat

3 A#$ uses man" la"ers o deense to protect against attacks )a"er

through seven o the %#! model.3 A#$ frst perorms securit" checks or /' compliance with the 4TT

3 rovide protection rom generalied and known application attacks

• rovide current . 5p-to-date signature to ensure that customer appprotection.

3 Defne a list o allowed fle t"pes , 5/)s arameters , And their valu

3 guard against cookie poisoning.

3 look at server-side responses and take actions as necessar".


10/23

Best Practic6- heck server response or inormation leakage.

7- use an application specifc securit" polic", and make sure what is b

protected is clearl" defned.

8-log 4TT or audit , ater securit" measures have been implementeshould be audited.

9- use a combination o positive and negative securit" models.

- alwa"s inspect both 4TT and 4TT# tra2c to make sure content cvalidate.

;-


11/23

traditional security devices vs !A"


12/23

!eb application firewall % ASM


13/23


14/23


15/23

Deployment and policyconfguration o ASM

There is three t"pes o Tra2c 'low onfguration :

6- #+AT7- /outed

8-&ridged

3 +path is not supported b" A#$ due to allow tra2c to enter the &!>rom the client, but the server responses are returned directl" to the without being seen b" the &!>-!.


16/23

olic" onfgurationthe core o the Application #ecurit" $anager unctionalit" is the secur

• A#$ perorms this steps :

6- compares each received re1uests to the active securit" polic".

7- orward the complaint re1uest to the web application.

8- generates a violation, and then either orwards the re1uest or blo

re1uest.

9- checks responses rom the web application.

a- send complaint response to the client.

b- cause violations and ma" also be block noncompliant respons


17/23

There are our basic methods customers can use building policies:

6- Application-/ead" #ecurit" templates

7- /apid Deplo"ment olic"

8- olic" &uilder

9- $anual olic" onfguration


18/23

Application-/ead" #ecurit" tem/apid Deplo"ment ?http@

/apid Deplo"ment ?https@

#harepoint 7B ?http@

#harepoint 7B ?https@

%WA


19/23

/apid Deplo"ment o• &uilds a baseline olic" that senses the t"pes o components that need to be protect

• Deplo" with virtuall" no alse positives.

• allows the customer to learn the mechanism at their own rate and then enable transsemitransparent, and ull blocking .

• about percent o all attacks can be mitigated.

• with additional confgurations, the other 7 percent o the attacks can also be mitig

• protect against attacks such as )a"er B Denial o #ervice attacks, brute orce, web s#/'.

• staging mode which allows a polic" to run or a period o time without enorcement


20/23

olic" &uilder 6- set up the polic".

7- let the s"stem automaticall" add entities to securit" polic".

8- let the s"stem stabilie the securit" polic".

9- let the s"stem track site changes and update the polic".

- /eview the automatic polic" building status.


21/23

$anual olic" onfguratio

• rovide ultimate control


22/23

! D##%ne o the maEor drivers o A#$ is ! compliance.

! D## stands or a"ment ard !ndustr" Data #ecurit" #tandard.


23/23

ASM Presentation(2)

Documents

Transcript of ASM Presentation(2)