ASM Presentation(2)
Transcript of ASM Presentation(2)
-
8/16/2019 ASM Presentation(2)
1/23
-
8/16/2019 ASM Presentation(2)
2/23
Applications Trends andDrivers
• Webifcation : Web-based interaces and connections are being applied to multipapplications and devices.
There is an increasing in intelligent browsers running on all sorts
platorms.
Targeted Attacks on specifc websites , application and companie
eople and companies are more vulnerable.
-
8/16/2019 ASM Presentation(2)
3/23
Attacks are Moving “ Up The Stack ”
-
8/16/2019 ASM Presentation(2)
4/23
A#$ is a modular component o the T$%#.
&enefts o T$%# :
• 'ull reverse pro("
• ##) accelerator
• digital certifcates management
• '!# compliant
• *)A+ segmentation
• remote authentication and authoriation
• enhanced logging• T! optimiation
• connection pooling
• !port fltering
• rate shaping
• i/ules
-
8/16/2019 ASM Presentation(2)
5/23
A#$ is a WA'• WA's are a necessit" in toda"0s computing environment.
• all clients are at risk, regardless o their industr".
A#$ as a WA' can :• /educe operation osts on man" levels.
• #top attacks.
• /educe the e(pense o meeting ! securit" compliance re1uireme
• provides is the abilit" to virtuall" patch and mitigate application
vulnerabilities in minutes.• allow the securit" o2cer to make sure applications are secure witho
need or help o a development team.
• provides out-o-the-bo( application securit" policies.
• !t allows the customer to see what is being protected.
-
8/16/2019 ASM Presentation(2)
6/23
ASM in the network and common data f
ASM that monitor URLs for server latency, top accessed pages, and other statistics
-
8/16/2019 ASM Presentation(2)
7/23
ASM in depth
-
8/16/2019 ASM Presentation(2)
8/23
Securing Applications
Options of security Applications :• modify the application to repair identified vulnerabilities
• implementing point !A" solutions
• use the A#$ as a strategic point to secure both yourapplication your data
-
8/16/2019 ASM Presentation(2)
9/23
Approaches to securing applicat
3 A#$ uses man" la"ers o deense to protect against attacks )a"er
through seven o the %#! model.3 A#$ frst perorms securit" checks or /' compliance with the 4TT
3 rovide protection rom generalied and known application attacks
• rovide current . 5p-to-date signature to ensure that customer appprotection.
3 Defne a list o allowed fle t"pes , 5/)s arameters , And their valu
3 guard against cookie poisoning.
3 look at server-side responses and take actions as necessar".
-
8/16/2019 ASM Presentation(2)
10/23
Best Practic6- heck server response or inormation leakage.
7- use an application specifc securit" polic", and make sure what is b
protected is clearl" defned.
8-log 4TT or audit , ater securit" measures have been implementeshould be audited.
9- use a combination o positive and negative securit" models.
- alwa"s inspect both 4TT and 4TT# tra2c to make sure content cvalidate.
;-
-
8/16/2019 ASM Presentation(2)
11/23
traditional security devices vs !A"
-
8/16/2019 ASM Presentation(2)
12/23
!eb application firewall % ASM
-
8/16/2019 ASM Presentation(2)
13/23
-
8/16/2019 ASM Presentation(2)
14/23
-
8/16/2019 ASM Presentation(2)
15/23
Deployment and policyconfguration o ASM
There is three t"pes o Tra2c 'low onfguration :
6- #+AT7- /outed
8-&ridged
3 +path is not supported b" A#$ due to allow tra2c to enter the &!>rom the client, but the server responses are returned directl" to the without being seen b" the &!>-!.
-
8/16/2019 ASM Presentation(2)
16/23
olic" onfgurationthe core o the Application #ecurit" $anager unctionalit" is the secur
• A#$ perorms this steps :
6- compares each received re1uests to the active securit" polic".
7- orward the complaint re1uest to the web application.
8- generates a violation, and then either orwards the re1uest or blo
re1uest.
9- checks responses rom the web application.
a- send complaint response to the client.
b- cause violations and ma" also be block noncompliant respons
-
8/16/2019 ASM Presentation(2)
17/23
There are our basic methods customers can use building policies:
6- Application-/ead" #ecurit" templates
7- /apid Deplo"ment olic"
8- olic" &uilder
9- $anual olic" onfguration
-
8/16/2019 ASM Presentation(2)
18/23
Application-/ead" #ecurit" tem/apid Deplo"ment ?http@
/apid Deplo"ment ?https@
#harepoint 7B ?http@
#harepoint 7B ?https@
%WA
-
8/16/2019 ASM Presentation(2)
19/23
/apid Deplo"ment o• &uilds a baseline olic" that senses the t"pes o components that need to be protect
• Deplo" with virtuall" no alse positives.
• allows the customer to learn the mechanism at their own rate and then enable transsemitransparent, and ull blocking .
• about percent o all attacks can be mitigated.
• with additional confgurations, the other 7 percent o the attacks can also be mitig
• protect against attacks such as )a"er B Denial o #ervice attacks, brute orce, web s#/'.
• staging mode which allows a polic" to run or a period o time without enorcement
-
8/16/2019 ASM Presentation(2)
20/23
olic" &uilder 6- set up the polic".
7- let the s"stem automaticall" add entities to securit" polic".
8- let the s"stem stabilie the securit" polic".
9- let the s"stem track site changes and update the polic".
- /eview the automatic polic" building status.
-
8/16/2019 ASM Presentation(2)
21/23
$anual olic" onfguratio
• rovide ultimate control
-
8/16/2019 ASM Presentation(2)
22/23
! D##%ne o the maEor drivers o A#$ is ! compliance.
! D## stands or a"ment ard !ndustr" Data #ecurit" #tandard.
-
8/16/2019 ASM Presentation(2)
23/23