Web & Application Security
Application delivery controllers can serve as a first line of defense against common Web & application security exploits such as denial of service (DoS) and malformed URL attacks, as well as unauthorized access. In addition, the Array’s deep application data inspection capabilities can protect against attacks such as cross-site scripting and SQL injection.
A Layered Approach to Web and Application Security
In addition, Array's Web application firewall detects and responds to signatures for known application vulnerabilities and is programmable to deal with future Web and application security threats. Based on Array's hardened OS, WebWall features tamper-proof key and certificate protection, and can process over a thousand ACL rules without performance degradation.
Purpose-Built, High-Performance SSL
Unlike solutions that utilize OpenSSL to provide SSL offload capabilities, Array ADCs utilize a purpose-built SSL stack to process SSL, TLS and DTLS. In addition to providing superior performance and scalability as compared to open source solutions, Array’s purpose-built SSL implementation significantly reduces exposure to security vulnerabilities such as the recent Heartbleed bug. Using Array’s purpose-built SSL stack, businesses do not need to purchase and install SSL certificates for every server in the data center; one certificate representing an SSL enabled DNS may be installed on the Array ADC to greatly reduce the cost of certificates and annual renewals. Moreover, Array appliances support up to 256 unique SSL enabled DNS names on a single system, making them scalable platforms for deploying cloud and managed service offerings.
SSL Certificate Management
Array ADCs can concurrently validate hundreds of thousands of SSL client certificates to perform authentication and authorization on behalf of applications. Array appliances can extract any SSL client certificate field, including custom fields, and pass the information to applications via HTTP headers, URLs and cookies for enhanced access control. Array appliances are also fluent in a range of cipher suites and certificate formats and allow administrators to set precedence for custom cipher suites. In addition, the high-performance Array CRL module can concurrently revoke millions of client certificates for validity without impacting system or application performance.
In addition, Array’s hardware SSL module eliminates the need to purchase and install SSL certificates for every server in the data center; one certificate representing an SSL enabled DNS can be installed on the APV appliance to greatly reduce the cost of certificates and annual renewals. APV appliances also support up to 256 unique SSL enabled DNS names on a single system, making them scalable platforms for deploying cloud and managed service offerings.