Beyond PCI-DSSBarracuda Web Application Firewall

Gautam Aggarwal

Vice President, Product Marketing

•Over 800 employees worldwide•Headquarters in Silicon Valley – Campbell, CA•Investment by Sequoia Capital and Francisco Partners•Rapid top-line profitable growth and strong cash flow

Corporate Basics

• More than 150,000 corporate subscribers• Distribution in over 80 countries worldwide• Content security appliance volume leader (IDC)• Strategic wins in Web application firewall, next generation

firewall and cloud Web security lines

• Network Security, Content Security, Application Delivery and Data Protection solutions•Appliance, Virtual Appliance and Cloud delivery•Volume sales to midmarket; strategic sales to enterprise

Business Focus

Market Leadership

Barracuda Networks Corporate Overview

Banking Financial Services & Insurance (BFSI)Application Security Heritage• Application security focused since 1999 (as part of

Netcontinuum)• Web Application Security Magic Quadrant “Visionary” since

2003• Currently in Gartner’s ADC Magic Quadrant 2010

Large Financial Services Footprint• JP Morgan, UBS, Morgan Stanley, HSBC, RBS, Citibank, and

many other multinational banks• 300+ Retail Banking & Financial customers in N. America alone

Extensive India Experience• BFSI: Aviva Life Insurance, Dhanlakshmi Bank, Bharat Bank,

Andra Bank, Murugappa Group, Axis Bank• Other: NIC, Brahmos, AICTE, Hyundai, Tirupathi Temple and

many more• Worldwide WAF center of excellence in Bengaluru

The Perfect Cyber Crime

Attack

Destroy

Infect Users

Applications

Data

Application Security Trends in APAC

Mobile device adoption accelerating migration to webProliferation of smartphones & tablets have forced enterprise to migrate faster to webHowever enterprises are focusing on functionality and time-to-market but not security

Increased application layer attacks have forced enterprises to rethink security

47% of worldwide attack traffic originate from Asia.1

India, China, Indonesia, Myammar, & Taiwan are all in the Top 10. 1

SQL Injection & Cross-Site Scripting (XSS) are consistently the top attack methodologies

APAC enterprises are responding by adopting WAFsAPAC saw a growth of 22.6% Growth YoY in 2011.2

Japan, S. Korea have the highest market share of WAF. 2

China & ANZ have the fastest WAF growth rate. 2

India is starting to adopt WAF technology, particularly in BFSI industries

Source: 1. Akamai State of the Internet 2011 2. Frost & Sullivan WAF Market Analysis

Barracuda Enables PCI-DSS Compliance

• ICSA Labs tested & certified for PCI-DSS compliance• FIPS 140-2 Certified Crypto Hardware

Requirement Barracuda Networks

1- Install a Firewall Provides secure Application Firewall

3 - Protect Cardholder data Proxies Web traffic and insulates Web servers from direct access by attackers

4 - Encryption Provides easy SSL/TLS encryption even if the application does not use encryption

6 – Secure systems & applications

Blocks known and zero-day attacks as well OWASP Top-10 application vulnerabilities

7 - Restrict Access Provides granular role-based administration

10 - Track and Monitor Access Logs and reports all application access and security violations

11 – Regularly test systems Integration with code scanners automate testing and tuning

Reverse Proxy a Must for BFSI

Proxy-based WAFs are more secure:• Traffic Rewrite – Non-proxies cannot control and re-write

traffic

• Cloaking – Non-proxies do not Cloak

• SSL – Non-proxies’ SSL is VERY slow

• Cookie security – Non-proxies do not protect against ID theft

• Botnet Protection – Non-proxies do not protect against DoS

• Authentication and Authorization – Non-proxies cannot do AAA

• Data Theft Protection – Non-proxies cannot mask outbound data

• Response time acceleration – Non-proxies cannot accelerate

Non-proxy WAFs expose server operating systems and TCP stacks directly to the Internet

NO

YES

ServersInbound inspection for Layer 7 attacks

Outbound inspection to protect against data theft

Barracuda Web Application Firewall• Based on reverse proxy technology

• Has bi-directional content inspection and security

• As a reverse proxy, it can load balance and accelerate application delivery

Solution: Layer 7 Web Application Firewall

Attack Protection & Data Loss Prevention

Attack protection SQL Injection XSS injection CSRF Command injection

Data theft protectionCredit Card, Aadhaar (UID), custom patterns

Web site cloaking

Integrated anti-virus

Session protectionCookie encryptionParameter tampering protection

Brute Force Protection

DoS Protection

IP Reputation BlockingBlocking by Geo IPAnonymous Proxy Blocking

XML FirewallXML-based attacksXML Schema enforcementWeb Services security

SIEM Integration

Armored Browser Integration

Integration with Mobility Solutions

Barracuda Safe Browser (BSB)• Outbound Content Security for mobile devices

• Same level of security on or off network

• Prevents infections on mobile phones and laptops that can lead to Man-in-the-Browser (MITB) attacks

Armored Browser• Extends protection to the client

• Enforce server access only by armored browser

• Prevents Man-in-the-Browser (MITB) attacks

Access Control

Servers

Perimeter

SSL Accelerators

Security

Caching

Reverse Proxy Web Application Firewalls

Load Balancing

Delivered as Hardware or

VM

1. Reduces Management Complexity2. Decreases Risk of Security Misconfiguration

Consolidate Disparate Appliances in the DMZ