Radware Hybrid Cloud WAF Service

Market Analysis

2

Evolving Threat Landscape

Denial of Service 25%

SQL Injection 24%

Cross Site Scripting (XSS)

8.9%

4.8%

3.8%

3.7%

3% 2.8%

2.1% 1.9%

Top 10 Web Attack Methods

Denial of Service

SQL Injection

Cross Site Scripting (XSS)

Brute Force

Predictable Resource Location

Stolen Credentials

Unintentional InformationDisclosureBanking Trojan

Credential/Session Prediction

Cross Site Request Forgery (CSRF)

No one is immune – more industries are at risk

Web attacks - most common attack vector

– 1 in every 4 web-based attacks are HTTPS

Most common attack vectors:

– SQL Injections

– Cross Site Scripting (XSS)

– Denial of Service (DoS)

Source: Web Hacking Incident Database (WHID), Feb. 2013

3

Multi-Vectors Attacks

IPS/IDS

“Low & Slow” DoS attacks (e.g.Sockstress)

Large volume network flood attacks

Syn Floods

Network Scan

HTTP Floods

SSL Floods App Misuse

Brute Force

Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection

Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server

4

XSS, CSRF SQL Injections

Enterprise Cloud Migration

Internet Customer Premise

Cloud Service Provider

Data Center

Enterprises expand application resources to the cloud Multi-vector attacks target enterprise applications everywhere

On-premises mitigation tools alone are ineffective against cloud-based attacks

5

Today’s Challenges

6

Evolving Threat Landscape Attacks last longer and include multi-vectors Web application attacks most popular

Enterprise Perimeter Disappearing Infrastructure is spread Mixed environment – cloud and premise based applications

Hosting Across Multiple Vendors Harder to protect & manage multiple instances Varying degree of protection offered by cloud vendors

Need for a hybrid, easy and fully managed solution that provides full protection from web-based attacks

No single vendor exists today with both a CPE & Cloud WAF offering

Multiple challenges with a non-hybrid, multi-vendor WAF solution:

– Limited visibility (detection) and control (mitigation)

– Blind spots between technologies

– Vendor roadmap integration issues

– Vendor (problem) management processes

Why Hybrid?

7

Hybrid Cloud WAF Offering

8

Fully managed & always-on cloud service

Provides WAF and DDoS protection

Based on Radware’s widely adopted Attack Mitigation Solution

Scalable cloud-based configuration

Optimal for detecting and mitigating a vast array of attack vectors

– Common web attacks (e.g. SQL Injections, Cross-Site Scripting)

– Advanced web attacks (e.g. Cookie Poisoning, XML and web services attacks)

– DDoS attacks targeting data center infrastructure

– Volumetric DDoS attacks aiming to saturate the internet link (optional add-on protection)

Radware’s Hybrid Cloud WAF

9

Cloud WAF Attack Mitigation Device

Radware Security Cloud POP

Web-based attack is launched and detected by Radware’s Cloud WAF Attack is mitigated and clean traffic is relayed to the private cloud and premise

Radware’s Hybrid Cloud WAF

Public Cloud

VPC / Private Cloud

Customer Premise

Data Center

10

Why Radware’s Hybrid Cloud WAF?

Integrated CPE and Cloud WAF Technologies

Unmatched Web Application Protection

Fully Managed Security Service

Easy, Flexible Model

Always-On DDoS Protection

11

Only solution to integrate with on-premise security devices

Gain more visibility and control in disaggregated application-delivery environments

Messaging to enable threats detected in the cloud can be mitigated by on-premise attack mitigation devices

Allow for ease and speed of security policy orchestration & automation

Why Radware’s Hybrid Cloud WAF?

Integrated CPE and Cloud WAF Technologies

12

Based on Radware’s WAF - AppWall

The only WAF in the Cloud with:

– Full coverage of ALL OWASP Top-10

– ICSA Labs Certification

– Auto Generated Policy

– Negative & Positive security models

Why Radware’s Hybrid Cloud WAF?

Unmatched Web Application Protection

Attack Categories Covered

TCP Termination & Normalization HTTP Protocol attack (e.g. HRS) Path traversal Base 64 and encoded attacks JSON and XML attacks Login Protection Password cracking – Brute Force

Attack Signature and Rules Cross site scripting (XSS) Injections: SQL, LDAP OS commanding Server Side Includes (SSI)

LFI/RFI Protection Local File Inclusion Remote File Inclusion

Session Protection Cookie Poisoning Session Hijacking

Data Leak Prevention Credit card number (CCN) Social Security (SSN) Regular Expression

Access Control Predictable Resource Location Backdoor and debug resources File Upload attacks

DDoS Protection Behavioral Network DDoS Behavioral Application DDoS Network Challenge Response

HTTP Challenge Response Access List Volumetric DDoS (add-on)

13

24x7 support

System monitoring and auto policy generation

Proactive analysis including policy optimization and logs review

Backed by Radware's Emergency Response Team (ERT)

Why Radware’s Hybrid Cloud WAF?

Fully Managed Security Service

14

Simple setup - nothing to download or install

Phased and risk free onboarding

– 3 step process

– Every new policy is initially introduced in Span Port

– 7 days for new policy activation

OPEX-based model

3 levels of service offering (Silver, Gold & Platinum)

Flexibility in growth options

Why Radware’s Hybrid Cloud WAF?

Easy, Flexible Model

Out-of-path

Auto Policy

Inline passive mode

Inline protective mode

15

Based on Radware's attack mitigation device (DefensePro)

Includes Anti DDoS, NBA and IPS protection

Adaptive behavioral analysis and challenge response technologies

Why Radware’s Hybrid Cloud WAF?

Always-On DDoS Protection

16

Cloud WAF Attack Mitigation Device

Radware Security Cloud POP

VPC / Private Cloud

Customer Premise

Data Center

Volumetric DDoS Attack Protection

Public Cloud

Volumetric attack is launched on the Radware Security Cloud POP Attack is detected by the Radware Cloud IPS

Attack baseline is synchronized to DefensePipe and traffic redirected to scrubbing center

Defense Messaging

Traffic is scrubbed by DefensePipe and relayed clean to the private cloud and premise

Radware Cloud Scrubbing

Service Monitoring: Traffic Volume Monitoring, HTTP Heath-checks

Redundancy: for all network components – No single point of failure

Failover: Auto failover based on Active – standby

Disaster Recovery: DNS redirection to secondary site; Tier 1 DNS

Scalability and Availability

18

Service available in three packages:

DDoS protection of up-to 1 Gbps of attack traffic is included in all packages

Volumetric DDoS-attack protection available at additional cost

Offering Sets

Silver

• Single shared policy for multiple web applications

• Basic security offering to secure against common web attacks

Gold

• Dedicated policy for each web application

• PCI Compliance ready policy

• Added protection from data and access centric attacks

Platinum

• OWASP Top 10 coverage

• Extended security policy

• Zero-day attack protection

• Advanced attack protection

19

Service Full SLA

Security Offerings – DDoS Features Silver Gold Platinum

Behavioral Network Layer DDoS Protection

Yes Yes Yes

Behavioral Application Layer DDoS Protection

Yes Yes Yes

Network Challenge Response Yes Yes Yes

HTTP Challenge Response Yes Yes Yes

Access List – on demand up to 1 list per month

Up to 100 entries

Up to 100 entries

Up to 100 entries

Weekly Security Update Subscription Yes Yes Yes

Attack volume supported Up to 1G Up to 1G Up to 1G

Security Offerings – WAF Features Silver Gold Platinum

HTTP Protocol Manipulation Yes Yes Yes

Error info leakage & fingerprinting Yes Yes Yes

Known Vulnerabilities & Custom Rules Yes Yes Yes

SQL, OS and LDAP Injection Yes Yes Yes

Cross Site Scripting (XSS) Yes Yes Yes

SSL (including custom certificate) Yes Yes Yes

Geo Location, Anonymous proxies Yes Yes Yes

Credit Card Number Leakage No Yes Yes

CSRF No Yes Yes

Access Control (White & Black list) No Yes Yes

Brute Force No Yes Yes

Session attacks (hijacking, cookie poisoning)

No No Yes

Zero Day Protection; Parameter policy No No Yes

XML and Web Service No No Yes

20

Service Full SLA

Service Offerings - Service Silver Gold Platinum

24 X 7 support Yes Yes Yes

Managed Security Service Yes Yes Yes

logs review and system monitoring Yes Yes Yes

Customized Weekly Scheduled Reports Yes Yes Yes

Tenant-based Policy (shared Policy for multiple apps) Yes No No

Application Based policy No Yes Yes

Auto Policy Generation Yes Yes Yes

Dedicated WAF instance No No Yes

At least once a month Proactive Security Policy Review and optimization

No No Yes

2 Forensics Reports per year No No Yes

Emergency Response Attack Mitigation Yes Yes Yes

Pre-attack high risk alerts Yes Yes Yes

Post attack report and recommendations Yes Yes Yes

Time to Security Expert response SLA Best Effort Best Effort Best Effort

Number of DDoS Protection policy changes per calendar month (non-cumulative)

1 1 1

21

Summary

22

Summary

Integrated CPE and Cloud WAF Technologies Only solution with same technology to protect both

cloud-based and on-premise applications

Unmatched Web Application Protection Full OWASP Top 10 coverage

Auto policy generation; ICSA Labs certification

Fully Managed Security Service 24x7 Support

Backed by Radware’s ERT security experts

Easy, Flexibly Model Simple, no setup

OPEX based with 3 offerings to chose from

Always-On DDoS Protection Based on Radware’s attack mitigation device

Minimal false positives; no impact on legitimate traffic