Radware Security

1
Radware Security
2
Agenda

• Introducing DefensePro
• Inside DefensePro
• Why is DefensePro needed?
• Features and Benefits
• Enterprise and Carrier Applications
• Hardware Architecture
• Competitive Advantages
• ROI

3
Security strategies

• Radware offers two solutions
• Security activation - FireProof and CID,
  guarantees the enforcement of security policies
  by ensuring the availability and optimized
  performance of security devices such as
  firewalls, VPN gateways , IDS, anti-virus etc..
• First strike defense DefensePro, dedicated high
  capacity hardware for real time application
  protection

4
How does it all work together?

• Single point of failure
• Limited performance
• Non-scalable

IDS
Web Security
Firewall
LAN
URL Filtering
Access Routers
AV Gateway
Honey pot
5
Security Activation

• Continuous security of Applications Networks
• Assuring that security resources are always
  available and optimized
• Application level protection (Intrusion
  prevention and DoS Shield)

IDS Farm
CT 100
CID
LAN
FireProof
FireProof
Access Routers
Firewalls
URL Filtering
AV Farm
6
First Strike Application Security
7
Introducing DefensePro
DefensePro Isolates, Blocks Prevents Attacks
for Immediate, High Capacity Application Security
8
Introducing DefensePro
First Strike Security

• Isolate Real-time attack monitoring,
  identification and proactive isolation of attacks
• Block Multi-Gigabit Application Security
  blocking intrusions, viruses worms
• Prevent Real-time network protection,
  identifying and preventing Denial of Service
  syn flood attacks

9
introducing DefensePro
Industry 1st Security Switch

• Inline Solution
• Highest Port density
• StringMatch ASIC Hardware for 1000X Inspection
  Acceleration

10
introducing DefensePro
Security Update Service
Subscriber service for continuous attack filter
updates protecting against existing emergent
threats.
11
The Need
12
introducing DefensePro
Application Security Challenge

Connect or Protect Applications?
The majority of security threats are at the
application level (Worms, Viruses, Intrusions,
DoS) targeting networked applications.
13
introducing DefensePro
Why is DefensePro needed?
There are four major security challenges 1.
Growing reliance on distributed / web
applications 2. Attacks flow across firewalls
without inspection 3. Explosive growth of
attacks 4. Increasing cost of attacks
14
Application Vulnerability
The Need

• Web based / distributed applications are
  pervasive
• The majority of attacks (Worms, Viruses, DoS)
  are across port 80

Source Network World august 2003
15
Growing Cost of Attacks
The Need

• August 2003 reportedly has gone down as the
  worst month in digital history for virus
  attacks.Mi2g also notes that the Sobig virus
  alone accounted for 29.7 billion of economic
  damages worldwide

Source Internetnews.com Sept. 2003
The average loss due to Denial of Service (DoS)
attacks in 2003 was 1,427,028 , five times
higher than in 2002
Source2003 CSI/FBI Computer Crime and Security
Survey
16
The DefensePro Solution
17
Proactive Attack Isolation

• Complete attack visibility to detect what is
  attacking where
• Bandwidth Management for immediate isolation of
  attack preventing spread across applications,
  users POPs
• Dynamic Traffic Shaping guaranteeing SLAs, even
  when under attack

CRM
P2P
Audio
Web
18
Features Benefits
Attack Isolation in Action
Customer A
T3
T1
Other POPs Or central POP connection
Aggregation Router
switch
T1
19
Features Benefits
Attack Isolation in Action
Customer A
T3
Aggregation Router
T1
Other POPs Or central POP connection
switch
T1
20
Features Benefits
Immediate Blocking of Intrusions

• 3 Gbps deep packet inspection
• Blocking of viruses, worms, trojans malicious
  signatures
• Anti-scanning
• Bi-directional scanning
• Over 1,300 common Radware attack signatures
• Automatic Security Attack Filter Updates

21
Features Benefits
Denial of Service Protection

• Multi-Gigabit Denial of Service Detection
  Blocking
• Traffic anomaly detection by baseline monitoring
• Advanced sampling mechanism
• Advanced Syn flood protection using Syn-cookies
• Blocking up to 1.3 Million Syns / 600Mbps attack
  while forwarding legitimate traffic

22
Features Benefits
Dynamic Traffic Shaping
"Adding more bandwidth may only improve the
response of non-essential applications. It does
not guarantee that the bandwidth will be
available to the applications that need it
most,Traffic Management Optimizing the
Enterprise Network for Maximum Business Value,"
Yankee Group, October 03

• Dynamic traffic shaping to ensure continuity of
  mission critical applications, even when under
  attack
• End-to-end bandwidth management QoS to
  guarantee Service Level Agreements accelerate
  application performance
• Eliminate security threats of P2P traffic

23
Simple Security Configuration
Features Benefits
Modular Security Services
Connect Networks/Traffic
24
Unified Security Reporting
Features Benefits
25
Security Update Service
26
Security Update Service
Security Updates

• Rapid emergency updates for high risk attacks
• 24x7 SOC scanning top security sources
  (CERT, Whitehats, Bugtraq, CVE.mitre, etc.)
• Weekly filter database updates
• Custom made filters
• Customer hot line for new attack reporting

27
www.radware.com/secuityzone
Security Updates
Emergency Weekly Updates
28
www.radware.com/secuityzone
Security Updates
Attack Descriptions Filter Downloads
29
DefensePro Architecture
30
Security Switch Architecture
Architecture
Dedicated High Capacity Security Switch
SessionManagement
Accelerated Deep Packet Inspection
Forwarding blocking Syn Cookies
Data transfer connectivity
31
StringMatch Engine
Architecture

• Security Accelerator, Up to 8 string search ASICS
• Up to 256,000 parallel pattern searches
• Up to 16 gigabit fix pattern search
• Dedicated MPC 7457 RISC processor
• Full throughput with full attack database
  detection

StringMatch Engine
Up to 16 Gigabit Pattern Search
256,000 Parallel Pattern Searches
32
Hardware Architecture Benefits
Architecture

• Unmatched Application Security Performance, 3
  gigabit of deep packet inspection
• No performance degradation using parallel string
  search ASIC StringMatch Engine
• Highest port density in industry for scanning
  multiple segments with a single device
• Unmatched blocking of 1 million Syns
• Switching ASICs backbone design for wire speed
  forwarding of legitimate traffic

33
DefensePro Configurations
34
Enterprise Application Security
Applications
Real time protection of ALL LAN segments
applications Cleaning all incoming / outgoing
traffic Isolation of attack impact on
distributed critical applications No patch
management
Servers
Floor1
L2/3 Switch
Users
Router
DefensePro
Floor 2
Floor 3
35
DefensePro _at_ the POP
Applications
RAS
Dial Up
BRAS
Other POPs Or central POP connection
xDSL
DefensePro
BRAS
Router
switch
Cable
36
Carrier Security Central POP
Applications
POP ISP
Cisco 7500
Catalyst 6500
Peering
Access Router
POP
Access Router
International lines
POP ISP
DefensePro
37
DefensePro _at_ POP/Central POP
Applications

• 3Gbps scanning of all Carrier traffic
• Isolation of attack preventing spread to
  customers, backbone other POPs
• Intrusion Prevention blocking viruses, worms,
  trojans, anti-scanning from all POPs
• Real-time Denial of Service/SYN protection of all
  POP traffic
• Traffic Shaping Ensuring SLAs for applications

38
Carrier Secure CPE Clean Links
Applications
Customer 1
POP
Router
Router
Customer 2
Users
Customer 3
39
Carrier Secure CPE Clean Links
Applications

• Real time protection from incoming and outgoing
  attacks for differentiated clear link service
• Cleansing all attack traffic saving up to 40 of
  bandwidth offering more bandwidth for the same
  price
• Ensuring the performance of customers
  distributed applications by isolation and control
  of attack traffic
• Preventing attack spread to carriers backbone

40
DefensePro ROI
41
Cost of MSBlast Attack
ROI
Number of PCs
Impacted
Cost of Attack
Source TrueSecure, August 2003
42
Explosive Growth of Attacks
ROI

• The number of software vulnerabilities has
  doubled every year since 1999,"
• "Last year it was 4,200 different vulnerabilities
  in software products, the year before it was
  2,100," "And it looks like we'll double it again
  this year.
• Casey Dunlevy, manager of the CERT Analysis
  Center at Carnegie-Mellon University, which
  tracks this data as part of its ongoing effort in
  issuing the closely watched CERT security alerts.

43
DefensePro ROI for Customers
ROI
Radware Eliminates the Cost of Security Breaches
Avg. cost of viruses, intrusions, worms
199,871 Avg. cost of 1 hour DoS attacks
230,000 Radware Security solution
starts from 25,000 Avg. annual OPEX
savings w/Radware 404,871
2003 CSI/FBI Computer Crime and Security Survey
44
Differentiators
45
Security Landscape Evolution
Differentiators

Performance
HW based FWs
HW based VPN
1Gb
SW based FWs
IDS
SW based VPN
Security Intelligence
Anti-Virus
App. FWs
L3-4
L7
46
DefensePro Differentiators
Differentiators

• 3 Gigabit Security Switching Performance
• Multi segment protection
• Attack Isolation and traffic shaping
• Advanced application level protection
• Multi discipline Denial of Service Protection
• of active signature does not impact latency

47
Summary
48
Gartner - Magic Quadrant for Enterprise
Firewalls, 1H03
Summary
Radware is a content-switching appliance vendor
that has added security features to its product
line. Its application switches can block hundreds
of attack signatures at wire speeds.
49
Why Radware?
Summary

• Technology Leadership - First in Firewall load
  balancing, Application Security and DoS
  Protection
• Install base over 1,800 Radware Intrusion
  Prevention Switches deployed world wide
• The largest Intrusion Prevention Installation
  with over 150 switches
• Industry Award Recognition
• Gartner - Magic Quadrant for 1H03

50
Introducing DefensePro
Multi-Gigabit Security Switching
DefensePro is the Highest Capacity Security
Switch in the Market
Delivering the Processing Power Intelligent
Services for First Strike Security
51
Questions Answers
The End
Radware DefensePro First Strike Application
Security