购买

¥30.0

加入VIP
  • 专属下载券
  • 上传内容扩展
  • 资料优先审核
  • 免费资料无限下载

上传资料

关闭

关闭

关闭

封号提示

内容

首页 从邮件安全到应用安全-梭子鱼公司产品介绍

从邮件安全到应用安全-梭子鱼公司产品介绍.ppt

从邮件安全到应用安全-梭子鱼公司产品介绍

烟雨梦兮
2018-10-14 0人阅读 举报 0 0 0 暂无简介

简介:本文档为《从邮件安全到应用安全-梭子鱼公司产品介绍ppt》,可适用于IT/计算机领域

从邮件安全到应用安全梭子鱼年发展战略年月目录从基础安全到应用安全国际国内网络安全发展趋势梭子鱼国际公司发展梭子鱼中国公司战略基础安全到应用安全网络层设备路由器交换机Hubs防火墙VPNs特点:基础设施通用型产品在网络层控制不对内容进行过滤网络层设备的部署你的网络环境中还有什么网络层设备的搭建目的是为了应用企业的应用服务是你IT建设的核心和目的:电子邮件系统WEB服务系统(ERPCRM供应链协同办公等)即时通讯系统其他等应用层安全是企业安全的核心应用是企业的”关键任务”,不是设备本身需要对内容进行深度过滤需要智能化升级需要对内容培训梭子鱼产品策略防火墙梭子鱼即时通讯防火墙梭子鱼WEB安全网关梭子鱼垃圾邮件防火墙电子邮件Web应用即时通讯VOIP保护企业关键应用的安全梭子鱼系列产品在您网络环境中的应用情况国际国内网络安全趋势全球网络安全市场发展趋势年预测数据来源:IDC,年月防火墙增长率已经下降根据IDC分析年是全球防火墙出现负增长的第一年年平均增长为负增长最快的是内容安全设备UTM市场年增长率高达近防火墙VPNIDSIPS内容网络安全设备UTM安全内容管理市场年预测数据来源:IDC,年月Web应用安全及邮件安全是安全内容管理增长最快市场,复合增长率超过,基本上是病毒产品的倍中国Web应用安全及邮件安全市场仅有巨大发展空间,将迅速达到全球的市场份额其中安全内容设备产品年复合增长率最高,达到以上,是最有潜力的市场安全内容管理市场全球分布数据来源:IDC,年月中国安全内容管理市场占全球市场不到,美国市场是中国市场倍以上规模)中国发展滞后,暂时还发展不出有规模的厂商中国网络安全市场发展数据来源:计算机世界CCW研究中国网络安全市场高速成长,年度复合增长率达到以上,预计到年全市场规模将达到亿数据来源:CCID,年月)中国的内容安全设备基本上从年发展起来,年市场就达到亿元)邮件安全设备、Web安全设备及新兴的及时通讯安全设备将迅速占据市场份额中国内容网络安全设备市场年发展全球反垃圾邮件市场全球反垃圾邮件市场将从年亿美元上升到年亿美元反垃圾邮件设备市场将从年万美元上升到年亿美元,每年复合增长率高达*Source:IDC“WorldwideSpamSolutionsForecast”Report,December发展趋势总结应用网络安全市场是网络安全增长热点其中邮件安全网关及WeUSEONLYIP分析–梭子鱼信誉库梭子鱼中心维护IP地址的数据蜜罐垃圾邮件培养总体统计对数百万发送邮件的IP地址进行“信誉”统计所有梭子鱼垃圾邮件防火墙下载梭子鱼信誉库梭子鱼黑名单–已知发送垃圾邮件的IP地址梭子鱼白名单–对已知的健康的IP地址跳过扫描动态更新每分钟发送信誉库CONFIDENTIAL–FORINTERNALUSEONLY邮件扫描层需要客户介入的层扫描策略–客户定义黑、白名单贝叶斯分析–基于邮件信体的语言分析梭子鱼中心操作的层扫描病毒扫描指纹分析意图分析图象分析基于规则评分CONFIDENTIAL–FORINTERNALUSEONLY病毒检查层保护开源病毒扫描引擎专用病毒扫描引擎梭子鱼实时保护(更新…)通过病毒库来更新Attachment:postcardexe被阻断!XBarracudaVirusAlert:INFECTED,messagecontainsvirus:TrojanDownloaderTibsGen)CONFIDENTIAL–FORINTERNALUSEONLY指纹分析梭子鱼中心维护垃圾邮件指纹数据库基于互联网上最变化多端的邮件内容通过病毒库来更新被阻断!XASGBlock:FINGERPRINT(IMG))From:rogertestandardbizSubject:NeedmedicineAllhere!CONFIDENTIAL–FORINTERNALUSEONLY意图分析–URL信誉库梭子鱼中心维护URL信誉库通过垃圾邮件规则库来更新From:EricaHardinixnetcomcomSubject:DietPillBreakthrough!链接到:http:wwwconnectforslimcom被阻断!XASGBlock:INTENT(wwwconnectforslimcom)CONFIDENTIAL–FORINTERNALUSEONLY图象分析规则梭子鱼中心维护基于图象识别引擎(OCR)的模糊逻辑规则通过垃圾邮件规则库来更新From:ralbumrodetcomSubject:byweekly被阻断!XBarracudaSpamReport:Codeversion,rulesversionRulebreakdownbelowptsrulenamedescriptionBETBODY:BETRuleCONFIDENTIAL–FORINTERNALUSEONLYPDF垃圾邮件阻断两项技术PDF文件中的图象–通过图象识别引擎(OCR)来阻断PDF文件的“股票报告”–通过规则库引擎对文本进行萃取来阻断被阻断!XBarracudaSpamReport:Codeversion,rulesversionRulebreakdownbelowptsrulenamedescriptionBETBODY:BETRuleCONFIDENTIAL–FORINTERNALUSEONLY基于规则评分引擎梭子鱼中心维护规则库来对邮件的诸多因素进行权重评分以此来阻断各种类型的垃圾邮件使用BSF,BET规则通过垃圾邮件规则库来更新From:vomnaspecialtyglassdiwnaspecialtyglasscomSubject:Bethe"biggest"outofallyourfriends被阻断!XBarracudaSpamReport:Codeversion,rulesversionRulebreakdownbelowptsrulenamedescriptionDATEINFUTUREDate:istohoursafterReceived:dateHTMLMESSAGEBODY:HTMLincludedinmessageBSFSCSAbCustomRuleSAbBSFSCSAcCustomRuleSAcBSFSCSAdCustomRuleSAdBSFSCSAaCustomRuleSAaCONFIDENTIAL–FORINTERNALUSEONLY发件人特征识别当信誉库不再足够基于身份的信誉库如果犯罪分子能够窃取身份(比如信用卡)时信誉库就不再足够新的垃圾邮件制造者利用身份欺骗达到下一个级别首先是欺骗然后是“僵尸主机”年正在出现新形式的身份欺骗必须识别发件人并预测其行为列举垃圾邮件制造者的行为独立于明显身份来研发对策CONFIDENTIAL–FORINTERNALUSEONLY发件人特征识别–举例高超的垃圾邮件制造者使用多种手段来自全球的新的发信者IP地址使用新的垃圾邮件发送域(Newspamdomainsincalltoaction“Intent”)用只有细微变化的图片来避免指纹识别描述引起注意的行为是很重要的在这场与垃圾邮件的战争中梭子鱼中心将不断研发对付这些垃圾邮件的措施CONFIDENTIAL–FORINTERNALUSEONLY发件人特征识别行为举例和措施行为举例措施从一个黑名单地址发送过多垃圾邮件速率控制向无效收件人发送过多邮件收件人认证使用新的在垃圾邮件域名中共享名称服务器的域名实时意图分析利用重定向把垃圾邮件的URL隐藏在健康URL后面多级意图分析在域名注册的第一天发送大量邮件预测意图分析CONFIDENTIAL–FORINTERNALUSEONLY梭子鱼实时保护捕获和阻断快速变化的病毒和垃圾邮件变种的机制要求:快速地探测通过变化的邮件主体而显露出来的威胁x的智能运行中心利用客户的反垃圾邮件解决方案来阻断垃圾邮件的机制CONFIDENTIAL–FORINTERNALUSEONLY配置梭子鱼垃圾邮件防火墙开启强制实时检查选择向梭子鱼中心发送病毒或垃圾邮件样本CONFIDENTIAL–FORINTERNALUSEONLY梭子鱼实时保护如何工作梭子鱼中心蜜罐提交垃圾邮件样本指纹和样本数据库工程师首先检查本地数据库然后检查梭子鱼中心阻断延迟或通过下一过滤层如有必要提交“样本”梭子鱼垃圾邮件防火墙CONFIDENTIAL–FORINTERNALUSEONLY零时病毒响应(ZeroDayVirus)在病毒特征码更新前实时阻断通过梭子鱼用户来发布病毒更新HistoryofBNZeroHour:Firsthit::Classified::(realtimeblocksonallsystemswithBarracudaRealTimeProtectionEnabled)LastseenatBarracudaCentral::(virusdefinitionsdownloadedtoallBarracudaSpamFirewalls)被阻断!XBarracudaVirusAlert:INFECTED,messagecontainsvirus:BNZeroHourCONFIDENTIAL–FORINTERNALUSEONLY快速的“零小时”垃圾邮件防护星号表示实时阻断CONFIDENTIAL–FORINTERNALUSEONLY操作系统梭子鱼垃圾邮件防火墙建立在一个坚毅的操作系统之上提供最大程度的安全性和稳定性基于当今流行的开源Linux核心经得起顶尖安全专家的细查阻止企业邮件服务器接收直接来自Internet的邮件和相关的威胁CONFIDENTIAL–FORINTERNALUSEONLYMTA邮件传输代理(MTA)传递邮件梭子鱼垃圾邮件防火墙的MTA使用开源和专用软件的结合体MTA能够处理大量SMTP连接和高传递流量在版本中MTA支持内建的日记功能CONFIDENTIAL–FORINTERNALUSEONLY集群多个节点的集群能提高冗余功能和整体系统性能集中化的邮件日志在一个地方查看所有集群的梭子鱼垃圾邮件防火墙的邮件日志集中化管理策略和配置可在主设备上管理然后复制到其他节点隔离故障在集群中隔离邮件被存放在两台设备上。这样即使一台设备出现故障用户也能够在另一台设备上查看隔离邮件。梭子鱼:致力于技术不断提高新技术不断加入零时病毒防护(ZeroDayVirus)IP信誉评分服务自动的URL地址认证电话号码认证图片认证新型复合OCR引擎 垃圾邮件文本认证指纹自动生成 全新的国际URL过滤工具(即将推出)核心威胁数据库在各产品线之间共享SpamFirewall中小企业级产品用户处理万封邮件SpamFirewall中型企业产品用户处理万封邮件SpamFirewall中大型企业级产品用户处理万封邮件SpamFirewall大型企业级产品用户处理万封邮件SpamFirewall电信级产品,用户处理万封邮件SpamFirewall运营商级产品,用户每天处理万封邮件针对冗余及高性能提供集群支持梭子鱼垃圾邮件防火墙产品型号梭子鱼负载均衡机年重点推出:梭子鱼负载均衡机极具竞争力的价格快速层负载均衡提供4种流量分配机制、服务器健康检查、IP保持、Cookie保持、SSL加速等功能便于安装(基于梭子鱼Web界面)整合入侵检测防御系统为什么要推出负载均衡机Internet应用发展企业应用的发展既有厂商的产品贵族化倾向高性价比产品:非奢侈的专业服务负载均衡设计想法关注于“大部分客户”需求,而非少数贵族用户关注于如何轻松安装:大多数的负载均衡设备使用复杂经常需要专业的咨询和几天的安装时间CONFIDENTIAL–FORINTERNALUSEONLY一步式安装简单人性化管理满足客户的复杂负载均衡需求梭子鱼负载均衡机六大功能流量分配:IP地址及端口流量分配服务器健康检查:及时报警及通知会话保持:IP保持及Cookie保持SSL卸载及加速:卸载SSL流量集成SSL加速卡集成IPS:各类攻击及实时升级高可用性能:堆叠及高可用性目前有四款产品LoadBalancer–针对于内部部署的后台服务器数量不多的应用(不支持冗余)LoadBalancer–使用最普遍的型号支持多大台服务器软件SSL卸载高可用性支持LoadBalancer–支持高达台服务器软件SSL卸载高可用性LoadBalancer–硬件SSL加速集成千兆交换机支持高达台服务器CONFIDENTIAL–FORINTERNALUSEONLY梭子鱼WEB安全网关梭子鱼web安全网关功能:解决所有web威胁病毒防护(HTTP防毒墙)阻断病毒下载每小时升级不按许可证收费恶意程序防护(间谍软件)间谍软件网站、网页识别特征码识别行为识别间谍软件感染通知客户端间谍软件清除内容过滤URLIP地址过滤MIME阻断模式匹配过滤网址黑白名单带宽资源保护webCachingPP程序管理(Skype)基于IP的带宽分配(未来版本)不当应用使用管理(流媒体、视频等)网络应用管理IM管理多媒体工具升级梭子鱼web安全网关部署梭子鱼web安全网关型号对比梭子鱼邮件存储网关什么是邮件存储网关存储所有邮件内发、外发、企业内部的邮件企业知识管理强大的邮件搜索功能邮件策略监测功能协助诉讼调查(LitigationHolds)和查询请求(Discoveryrequest)企业合规管理邮件存储管理功能(软件和硬件)典型部署(配合Exchange)型号AlwayssellIRThisproduct‘asks’foraIRTalkaboutsizingandhowtoalwayssellEUandIRDon’tanswerquestionsaboutEUvalueheresincewehaveadifferentslideonthatone梭子鱼应用防火墙减少暴露在Internet上的应用的威胁国际上功能最强大的应用交付控制网关最优化架构–代理(Proxy),终止(Terminate),保护(Secure),加速(Accelerate)在全球个国家,超过家高端用户WebApplicationFirewall(Secureshighvalueapplications)SecureApplicationGateway(SecuresANDimprovesapplicationavailabilityandresponsetime)NC应用防火墙DatabaseServersCustomerInfoBusinessDataTransactionInfoConfidentialData您业务遇到威胁客户化的Web应用内部及第三方编程的应用程序的攻击针对WEB应用(Gartner)传统防火墙不保护Web应用IPS产品不保护客户化的应用–无特征码!源程序本身成为“第一道防线”是愚蠢的NetContinuum产品保护应用层面Thesecondproblemisevenworse…ofallattackstodayaretargetingapplicationattacks,notlowerlayerplatformexploits…andrememberthatforyourowncustomizedapplicationcode,thereAREnosignaturesorpatchesAsaresult,traditionalfirewallsdonothingforcustomappsIPSproductsdonothingforcustomappsPatchmanagementandremediationtoolsdonothingforcustomappsEventhebestvulnerabilityscannersmissthemajorityofapplicationsecurityflawsincustomcodebecausetheyuseadatabaseofstaticsignaturestoscanforknownflawsThisproblemiscompoundedbythefactthattheapplicationsthemselvesaredynamicandcomplex,sonewholesarealmostcertaintoopenupthemomentyoufixtheoldonesIfyou’relikemostcompanies,youprobablyhavescores,perhapshundredsofdifferentwebapplications,andtheiradministrativeinterfaces,scatteredthroughoutyourITenvironmentThecodemaybewrittenbycurrentemployees,exemployees,contractors,integratorsorthirdpartyoutsourceddevelopers,mostofwhomhaveneverhadadayofformalsecuritytrainingAndtomakemattersworse,thiscodeisinaconstantstateofflux,beingupdateddailybywebdevelopersrespondingtobusinessneeds,notsecurityrequirementsBottomline…withoutanapplicationfirewall,yourapplicationcodeISyourperimeterUnlessyouwriteandmaintainperfectcode,hackerscanexploitthosevulnerabilitiestogaindirectaccesstothecrownjewelsofyourcompanyWeb攻击对防火墙及IDS是不可见的防火墙数据中心内部网络防火墙仅阻断网络攻击入侵防护端口Web流量通过EmployeesWeb应用ThesenewattacksarecomingrightthroughyourfirewallandconnectingdirectlytoyourwebserversandapplicationsFW’sIDS’shavezeroabilitytoinspectURLs,headers,forms,cookiesorapplications,soallPortwebtrafficgoesthroughentirelyunprotectedandpossiblycontainingthreatsmostofwhichlooktoinsertorinjectinvalidcharactersintocomponentsofthe“payload”pasttheTCPheaderIDSsystemsareineffective“alert”basedsystems–mostlimitedto“known”signatures,detectatonlythenetworkleveldonotpreventapplicationattacks通过代理(Proxy)建起你的防线!用户Web应用TCP进程代理(TCPSessionFullProxy)Net防火墙NAT,ACL,PAT进程维护(NormalizeSession)协议遵从(ProtocolCompliance)SSL加密/解密HTTP信头重写URL翻译网站隐藏,防爬行,Web地址转换AAA应用防DoSSQL命令注入DAP(GlobalandSession)URLACLsForms及Cookie窃取REGEX保护TCPPooling缓存,GZIP压缩SSL卸载,重新加密应用及服务器健康检查内容交换(ContentSwitching)负载均衡记录、监控、报告终止安全加速NetContinuum反向代理NC应用防火墙如何工作?用户对应用数据录入完整检查预期数据的完整知识(CompleteKnowledgeofexpectedvalues)实时策略生成及执行网站隐身PROBLEMEasytodiscoveragoldmineofcluesaboutappenvironment黑客NetContinuum应用防火墙网站全面隐身(WebsiteFullCloaking)–无法攻击你看不见的东西NetContinuumdeliversthreedistinctprotectionmethodstomakethisplanningphasemuchharderforhackersTheseinitialmethodsareextremelyeasytodeploy,presentzerorisktotheapplicationandcanpreventthemajorityofattacksbeforetheyevenbeginThefirstoftheseprotectionmethodsissomethingwecallWebsiteCloakingTheconcepthereisstraightforwardWithoutNetContinuum,hackerscaneasilygetagoldmineofinformationaboutanapplicationbeforethey’veevensetafootinsideFreetoolsontheInternet(Nikto,Nessus,etc)makeiteasytodiscoverallthedetailsofyoursite(servertype,OS,version#s,patchlevels,IPaddresses,knownvulnerabilities,etc)Manyoftheautomatedwormsworkthesameway,startingbyscanningforspecificserverorfiletypesonthebackendIftheydon’tseewhatthey’relookingfor,theymoveontothenextsiteSLIDEBUILDWithNetContinuuminplace,allofthatinformationisinstantlyinvisibletothehackerWithoneclick,ourWebsiteCloakingtechnologyhidesallthebackenddetailsofyoursite,forcinghackerstoworkinthedarkFormanyapplications,youcaneliminateahugepercentageofthreatssimplyusingthismethodalone(REQUIRESNOCHANGESTOYOURSERVERS,NETWORKSorAPPLICATONS)防爬行功能NetContinuum应用防火墙抵御黑客爬行程序于门外让正常爬行程序进入防爬行功能–保护网站被自动黑客爬行及侦测程序攻击NetContinuumistheONLYvendortoprovideanticrawlfunctionalityUtilizessecurityalgorithmstoidentifyandlogwebcrawlersEnforcessecuritypoliciesdynamicallyFullsupportforlegitimatewebcrawlersLegitimatewebcrawlersareidentifiedbytheirpubliclyknownIPaddressesVisitingwebcrawlersarecomparedtoanadministratordefinedwebcrawler‘whitelist’Unauthorizedwebcrawlersareautomaticallyblockedandaddedtothedenylistforanadministratordefinedlengthoftime(inminutes)PreventsautomatedhackerreconnaissanceDeniesdataharvestingBlockssitedownloadandcontenttheftWeb地址转换PROBLEMFullvisibilityintointernalDNSnamesfinancehurculescomhqpartnersacmecorpcomwwwacmecomexecobidossubsthomehomehtml内部地址用户NetContinuum应用防火墙用户看到wwwacmecomfinancewwwacmecompartnerswwwacmecomloginWeb地址转换–如NAT隐藏内部网络地址这样隐藏Web地址ThesecondprotectionmethodthathelpsintheplanningphaseiscalledWebAddressTranslation,atechnologythatNetContinuumdevelopedlastyearandsubmittedtotheIETFasanindustrystandardAssoonasahackerwalksinthefrontdoorofyoursiteandbeginslookingaround,it’softeneasyforhimtodeterminealotaboutyourserveranddirectorystructuresimplybylookingattheURLsthatshowupinhisbrowserSLIDEBUILDWithNetContinuuminplace,youhavefullcontroloverexactlywhataddresstheuserseesatalltimesWebAddressTranslation(WAT)hideswebaddressesinthesamewaythatNAThidesnetworkaddresses(REQUIRESNOCHANGESTOYOURSERVERS,NETWORKSorAPPLICATONS)数据窃取防护(DataTheftProtection)NetContinuum应用防火墙用户BLOCKMASKXXXXXXXXXXXXMASKXXXXXBLOCKMASKID#XXXXEmployeeIDID#SocialSecurityCreditCardDriver’sLicenseAPatientIDAR…Whencustomers,partnersandemployeestrusttheirconfidentialinformationtoyou,theyexpectthatthisinformationwillbekeptabsolutelysecureatalltimesDespitebestintentions,manycompaniesinadvertentlycompromisethissensitiveinformationbyfailingtoadequatelysecurethewebapplicationsthatlinktothisdataWithoutawebapplicationfirewallinplace,thereisoftennothingtostophackersfromviewing,downloading,orevenalteringthismissioncriticaldatawithoutleavingatraceFortunately,NetContinuumgivescustomersaneasywaytoensureagainstdatatheftwithacoupleofquickclicks…OurinnovativeDataTheftProtectionmethodinspectsalloutboundapplicationtraffic,lookingforcreditcardnumbers,socialsecuritynumbersandanyothersensitivedatatypeyouspecifyIfunauthorizedtransmissionsaredetected,theNCcanblockthetransmissionentirelyorsimplymaskthedigits,renderingthedatameaninglesstohackersThiseasytouseprotectionmethodiscompletelyconfigurable,allowingyoutocustomizeanynumberofdatatypestolookforPopulardatatypesmayincludecustombillingcodes,accountnumbers,transactioncodes,DItags,patientIDnumbers,etcThisprotectionmethodalsomakesitmucheasiertodemonstratecompliancewithtoughprivacyrequirementsmandatedbyregulationssuchasHiPAA,GrammLeachBliley,SBandmore应用隐藏达到灵活安全部署通过一个单独网关部署多个独立管理的应用各应用采用不同的安全策略在不修改网络架构的情况下增加新的应用为多元化的机构提供显著的运营优势实时配置修改后台系统而无需让系统下线外部Web应用及服务内部应用NetContinuum应用防火墙策略A网站隐身Web地址转换立即SSLCookie保护深度检查安全交易记录策略B网站隐身立即SSL登陆控制公司网站策略C网站隐身TheNetContinuumsoftwarearchitecturewasalsodesignedfromthegroundupforrealworldenterprisedeploymentsThismeansitiseasytoapplyonlytheprotectionmethodsyouneedforeachtypeofapplicationinyourenvironment…Yourcorporatewebsite,forexample,mayneedonlybasicWebsiteCloakingbecausethere’snothingtransactionalgoingonandnolinkstosensitivebackenddataForinternalapplications,you’llprobablywanttoratchetthatupabitbyaddingprotectionmethodslikeSSL,ForcedEntryControlandsomebasicDeepInspectioncapabilitiesForhighlytransactional,externalfacingapplicationsthathavemoreareasofexposureandgreaterrisk,you’llprobablywanttoturnonafewmoreprotectionmethodsYoumaywanttostartbysettingafewsimpleprotectionmethodsacrossallapplicationsinaparticulardatacenterOryoumaywanttosettighterpoliciesformorecriticalapplicationsrightfromtheoutsetYoucanevensetdifferentadministratorsforeachtypeofapplicationBottomline–NetContinuummakesiteasytobeasgranular,orasglobal,asyouneedtobeNootherproductonthemarketcomesclose无庸质疑的行业领导者!“NetContinuumispoisedtobethefirsttraditionalWAFvendortostakeaclaiminthenewApplicationAssurancePlatformmarket” AndyJaquith,December,declaringNetContinuuma“MarketLeader”  基于代理的应用防火墙   终止防护加速WEB应用防火墙加应用优化TCPpooling对象缓存(Objectcaching)GZIP压缩(GZIPcompression)加应用交付内容交换(Contentswitching)负载均衡(Loadbalancing)服务器健康检查(Serverhealthchecks)NCNC梭子鱼垃圾邮件防火墙–外发过滤版客户演示年月感谢大家!*AlwayssellIRThisproduct‘asks’foraIRTalkaboutsizingandhowtoalwayssellEUandIRDon’tanswerquestionsaboutEUvalueheresincewehaveadifferentslideonthatoneThesecondproblemisevenworse…ofallattackstodayaretargetingapplicationattacks,notlowerlayerplatformexploits…andrememberthatforyourowncustomizedapplicationcode,thereAREnosignaturesorpatchesAsaresult,traditionalfirewallsdonothingforcustomappsIPSproductsdonothingforcustomappsPatchmanagementandremediationtoolsdonothingforcustomappsEventhebestvulnerabilityscannersmissthemajorityofapplicationsecurityflawsincustomcodebecausetheyuseadatabaseofstaticsignaturestoscanforknownflawsThisproblemiscompoundedbythefactthattheapplicationsthemselvesaredynamicandcomplex,sonewholesarealmostcertaintoopenupthemomentyoufixtheoldonesIfyou’relikemostcompanies,youprobablyhavescores,perhapshundredsofdifferentwebapplications,andtheiradministrativeinterfaces,scatteredthroughoutyourITenvironmentThecodemaybewrittenbycurrentemployees,exemployees,contractors,integratorsorthirdpartyoutsourceddevelopers,mostofwhomhaveneverhadadayofformalsecuritytrainingAndtomakemattersworse,thiscodeisinaconstantstateofflux,beingupdateddailybywebdevelopersrespondingtobusinessneeds,notsecurityrequirementsBottomline…withoutanapplicationfirewall,yourapplicationcodeISyourperimeterUnlessyouwriteandmaintainperfectcode,hackerscanexploitthosevulnerabilitiestogaindirectaccesstothecrownjewelsofyourcompanyThesenewattacksarecomingrightthroughyourfirewallandconnectingdirectlytoyourwebserversandapplicationsFW’sIDS’shavezeroabilitytoinspectURLs,headers,forms,cookiesorapplications,soallPortwebtrafficgoesthroughentirelyunprotectedandpossiblycontainingthreatsmostofwhichlooktoinsertorinjectinvalidcharactersintocomponentsofthe“payload”pasttheTCPheaderIDSsystemsareineffective“alert”basedsystems–mostlimitedto“known”signatures,detectatonlythenetworkleveldonotpreventapplicationattacksNetContinuumdeliversthreedistinctprotectionmethodstomakethisplanningphasemuchharderforhackersTheseinitialmethodsareextremelyeasytodeploy,presentzerorisktotheapplicationandcanpreventthemajorityofattacksbeforetheyevenbeginThefirstoftheseprotectionmethodsissomethingwecallWebsiteCloakingTheconcepthereisstraightforwardWithoutNetContinuum,hackerscaneasilygetagoldmineofinformationaboutanapplicationbeforethey’veevensetafootinsideFreetoolsontheInternet(Nikto,Nessus,etc)makeiteasytodiscoverallthedetailsofyoursite(servertype,OS,version#s,patchlevels,IPaddresses,knownvulnerabilities,etc)Manyoftheautomatedwormsworkthesameway,startingbyscanningforspecificserverorfiletypesonthebackendIftheydon’tseewhatthey’relookingfor,theymoveontothenextsiteSLIDEBUILDWithNetContinuuminplace,allofthatinformationisinstantlyinvisibletothehackerWithoneclick,ourWebsiteCloakingtechnologyhidesallthebackenddetailsofyoursite,forcinghackerstoworkinthedarkFormanyapplications,youcaneliminateahugepercentageofthreatssimplyusingthismethodalone(REQUIRESNOCHANGESTOYOURSERVERS,NETWORKSorAPPLICATONS)NetContinuumistheONLYvendortoprovideanticrawlfunctionalityUtilizessecurityalgorithmstoidentifyandlogwebcrawlersEnforcessecuritypoliciesdynamicallyFullsupportforlegitimatewebcrawlersLegitimatewebcrawlersareidentifiedbytheirpubliclyknownIPaddressesVisitingwebcrawlersarecomparedtoanadministratordefinedwebcrawler‘whitelist’Unauthorizedwebcrawlersareautomaticallyblockedandaddedtothedenylistforanadministratordefinedlengthoftime(inminutes)PreventsautomatedhackerreconnaissanceDeniesdataharvestingBlockssitedownloadandcontenttheftThesecondprotectionmethodthathelpsintheplanningphaseiscalledWebAddressTranslation,atechnologythatNetContinuumdevelopedlastyearandsubmittedtotheIETFasanindustrystandardAssoonasahackerwalksinthefrontdoorofyoursiteandbeginslookingaround,it’softeneasyforhimtodeterminealotaboutyourserveranddirectorystructuresimplybylookingattheURLsthatshowupinhisbrowserSLIDEBUILDWithNetContinuuminplace,youhavefullcontroloverexactlywhataddresstheuserseesatalltimesWebAddressTranslation(WAT)hideswebaddressesinthesamewaythatNAThidesnetworkaddresses(REQUIRESNOCHANGESTOYOURSERVERS,NETWORKSorAPPLICATONS)…Whencustomers,partnersandemployeestrusttheirconfidentialinformationtoyou,theyexpectthatthisinformationwillbekeptabsolutelysecureatalltimesDespitebestintentions,manycompaniesinadvertentlycompromisethissensitiveinformationbyfailingtoadequatelysecurethewebapplicationsthatlinktothisdataWithoutawebapplicationfirewallinplace,thereisoftennothingtostophackersfromviewing,downloading,orevenalteringthismissioncriticaldatawithoutleavingatraceFortunately,NetContinuumgivescustomersaneasywaytoensureagainstdatatheftwithacoupleofquickclicks…OurinnovativeDataTheftProtectionmethodinspectsalloutboundapplicationtraffic,lookingforcreditcardnumbers,socialsecuritynumbersandanyothersensitivedatatypeyouspecifyIfunauthorizedtransmissionsaredetected,theNCcanblockthetransmissionentirelyorsimplymaskthedigits,renderingthedatameaninglesstohackersThiseasytouseprotectionmethodiscompletelyconfigurable,allowingyoutocustomizeanynumberofdatatypestolookforPopulardatatypesmayincludecustombillingcodes,accountnumbers,transactioncodes,DItags,patientIDnumbers,etcThisprotectionmethodalsomakesitmucheasiertodemonstratecompliancewithtoughprivacyrequirementsmandatedbyregulationssuchasHiPAA,GrammLeachBliley,SBandmoreTheNetContinuumsoftwarearchitecturewasalsodesignedfromthegroundupforrealworldenterprisedeploymentsThismeansitiseasytoapplyonlytheprotectionmethodsyouneedforeachtypeofapplicationinyourenvironment…Yourcorporatewebsite,forexample,mayneedonlybasicWebsiteCloakingbecausethere’snothingtransactionalgoingonandnolinkstosensitivebackenddataForinternalapplications,you’llprobablywanttoratchetthatupabitbyaddingprotectionmethodslikeSSL,ForcedEntryControlandsomebasicDeepInspectioncapabilitiesForhighlytransactional,externalfacingapplicationsthathavemoreareasofexposureandgreaterrisk,you’llprobablywanttoturnonafewmoreprotectionmethodsYoumaywanttostartbysettingafewsimpleprotectionmethodsacrossallapplicationsinaparticulardatacenterOryoumaywanttosettighterpoliciesformorecriticalapplicationsrightfromtheoutsetYoucanevensetdifferentadministratorsforeachtypeofapplicationBottomline–NetContinuummakesiteasytobeasgranular,orasglobal,asyouneedtobeNootherproductonthemarketcomesclos

用户评价(0)

关闭

新课改视野下建构高中语文教学实验成果报告(32KB)

抱歉,积分不足下载失败,请稍后再试!

提示

试读已结束,如需要继续阅读或者下载,敬请购买!

评分:

/84

¥30.0

立即购买

VIP

在线
客服

免费
邮箱

爱问共享资料服务号

扫描关注领取更多福利