Web & Application Security

Application delivery controllers can serve as a first line of defense against common Web & application security exploits such as denial of service (DoS) and malformed URL attacks, as well as unauthorized access. In addition, the Array’s deep application data inspection capabilities can protect against attacks such as cross-site scripting and SQL injection.

 

A Layered Approach to Web and Application Security

Array APV Series application delivery controllers offer a comprehensive suite of Web application security capabilities to protect against a wide variety of malicious attacks. WebWall™ protects against DoS attacks as well as malformed URL attacks, and allows Layer 2 through Layer 7 protection policies to be stacked for increased security.

Further, APV appliances are security hardened to protect against L4 and L7 DDoS attacks, and support content filtering to guard against Web and application security risks such as Syn-flood, tear drop, ping-of-death, Nimda, Smurf and others. Array ADCs feature extensive access control lists, network address translation (NAT), and stateful packet flow inspection to protect against attacks and unauthorized access. Because Array’s Web and application security capabilities are executed at the system level, performance and scalability are guaranteed.

Integrated Web Application Firewall

WebWall, Array’s suite of integrated stateful packet-inspection firewall capabilities, provide deep application data inspection (beyond just IP and TCP headers) to defend against attacks such as SQL injection and cross-site scripting.

Web and Application Security

Click to Enlarge

In addition, Array's Web application firewall detects and responds to signatures for known application vulnerabilities and is programmable to deal with future Web and application security threats. Based on Array's hardened OS, WebWall features tamper-proof key and certificate protection, and can process over a thousand ACL rules without performance degradation.

Purpose-Built, High-Performance SSL

Unlike solutions that utilize OpenSSL to provide SSL offload capabilities, Array ADCs utilize a purpose-built SSL stack to process SSL, TLS and DTLS. In addition to providing superior performance and scalability as compared to open source solutions, Array’s purpose-built SSL implementation significantly reduces exposure to security vulnerabilities such as the recent Heartbleed bug. Using Array’s purpose-built SSL stack, businesses do not need to purchase and install SSL certificates for every server in the data center; one certificate representing an SSL enabled DNS may be installed on the Array ADC to greatly reduce the cost of certificates and annual renewals. Moreover, Array appliances support up to 256 unique SSL enabled DNS names on a single system, making them scalable platforms for deploying cloud and managed service offerings.

SSL Certificate Management

Array ADCs can concurrently validate hundreds of thousands of SSL client certificates to perform authentication and authorization on behalf of applications. Array appliances can extract any SSL client certificate field, including custom fields, and pass the information to applications via HTTP headers, URLs and cookies for enhanced access control. Array appliances are also fluent in a range of cipher suites and certificate formats and allow administrators to set precedence for custom cipher suites. In addition, the high-performance Array CRL module can concurrently revoke millions of client certificates for validity without impacting system or application performance.

In addition, Array’s hardware SSL module eliminates the need to purchase and install SSL certificates for every server in the data center; one certificate representing an SSL enabled DNS can be installed on the APV appliance to greatly reduce the cost of certificates and annual renewals. APV appliances also support up to 256 unique SSL enabled DNS names on a single system, making them scalable platforms for deploying cloud and managed service offerings.

 

Challenge

  • Critical Web properties and applications are at risk due to DoS/DDoS and other malicious attacks
  • Unauthorized access attempts jeopardize vital business applications, data and other resources
  • SSL security has been compromised due to OpenSSL vulnerabilities

  • SSL client certificate processing is impacting throughput and application performance
  • Server SSL certificate management and expense has become cumbersome

Solution

  • Comprehensive suite of Web & application security capabilities protects against a wide variety of threats and attacks
  • Access control lists, NAT and stateful packet flow inspection protect against illicit access, without impacting performance or scalability
  • Proprietary Array SSL stack is immune to common OpenSSL weak points, guarding service traffic
  • Concurrent validation of hundreds of thousands of SSL client certificates for authentication and authorization
  • Only one certificate for SSL enabled DNS required per APV appliance

 

How To Try How to Buy