セキュリティCDN: Imperva Incapsula

  • Published on
    13-Apr-2017

  • View
    261

  • Download
    0

Embed Size (px)

Transcript

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    CDN Imperva Incapsula

    IMPERVA Inc.

    201684

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    4308

    Confidential 2

    19975 218,23720163 105-0014 2-5-6 2566 530-0003 2-1-31 5() 810-0001 1-12-7 5 1

    234567

    KDDI

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.Confidential 3

    CDN 19

    /

    CDN/

    24/7CDN/

    700

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Confidential 4

    SOC()

    CISSPISC2

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 5

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 6

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 7

    WebIncapsula

    Incapsula Web

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Web

    Confidential 8

    96 % Web

    61 %

    96%61.5 %

    38.5%

    WEBAPP

    1/2

    Sources: Cenzic, Inc. Feb. 2014, Incapsula, Inc. 2013

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 9

    IP

    BotBot()

    WAF

    OWASP10(SQLi, XSS, etc.)

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula WAF (Web Application Firewall)

    HTTP

    Confidential 10

    Incapsula

    Bot

    WAF

    DDoS

    DDoS

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.11

    WAF

    SQL

    IP

    Confidential

    Incapsula

    Incapsula

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.12

    Web

    2

    (Web)

    Confidential

    Web

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 13

    IP ReputationLists

    ClientClassification

    WAF

    160,000

    T/

    100

    IP

    WAF

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    DDoS

    Confidential 14

    Sources: Incapsula, Inc. 2014, 2014 Verizon Data Breach Investigation Report

    DDoS42%

    42%

    DDoS /2014

    10Gbps 200Gbps/2014

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    DDoS ?

    Confidential 15

    / (Layer 3&4)

    :

    (Layer 7)

    :

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    DDoS

    Confidential 16

    DNS

    Web

    UDP, TCP

    SSH, FTP, Telnet

    SMTP

    SIP

    DDoS

    WebsiteProtection

    Name ServerProtection

    Web

    DNS

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    DDoS

    Confidential 17

    1.5 Tbps

    ()

    (, , )

    24x7 SOC

    DDoS

    DNS

    Web

    DNS

    Web

    ,

    HTTP/S

    DNS

    SSH, FTP, Telnet, SMTP, etc.

    3, 4

    3, 4, 7

    3, 4, 7

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    24x7 SOC

    IncapsulaDDoS

    Confidential 18

    DDoS 7 / DNS

    DDoS

    Bot WAF

    SOC(

    24x7

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Bot

    Bot

    Cookie 30

    JavaScript

    Incapsula

    Bot 0.01 %

    Confidential 19

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula DDoS

    DDoS (

    1.5 Tbps )

    (, , , etc.)DDoS

    Web, ,

    Confidential 20

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula DDoS

    DDoS

    (Javascript)

    WAF

    ()

    DDoS

    Confidential 21

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Confidential 22

    CDN

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Web

    Confidential 23

    IncapsulaWeb

    Incapsula

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Web

    Web

    Confidential 24

    Web Web

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 25

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    161,000

    1.5Tbps27

    Best DDoS Mitigation ServiceTop Ten Reviews 2013 2014

    Best Web Security and Performance Service

    Top Ten Reviews 2012 2014

    Security Innovator of the Year Cloud Awards.com 2014

    Readers choice: DDoS

    Protection Solution of the YearSearch Security 2014

    North America Top 10Red Herring 2011

    Gartner MQ Leader for Web Application Firewalls 2014, 2015

    Forrester Wave Leader, DDoS Service Providers 2015

    26Confidential

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.27

    Forrester WaveDDoS

    Leaders()

    Current Offering()

    Confidential

    Source: 2015 Forrester Wave for DDoS Service Providers, Q3 2015

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Confidential 28

    http://michigan.aaa.com/http://michigan.aaa.com/http://www.livepositively.com/?wt.mc_id=CCSLPhttp://www.livepositively.com/?wt.mc_id=CCSLP

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    IncapsulaCDNext

    Confidential 29

    Incapsula CDNext

    WAF

    DDoS

    DDoS(SOC)

    CDN

    CDN()

    CDNextDDoSGbpsISPDDoS

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    Incapsula

    Confidential 30

    Imperva Incapsula WAF

    Web CDN

    DDoS

    Protection

    Enterprise 20 20 Mbps 1 1GB

    Enterprise 50 50 Mbps 1 1GB

    Enterprise 100 100 Mbps 1 1GB

    DDoS Protection

    DDoS Protection 10Gbps

    DDoS Protection 50Gbps

    DDoS Protection

    Web)

    1

    5

    10

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    ()10Mbps 1TB/100PV/1MB

    DDoS

    Confidential 31

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    IncapsulaCDNext

    IncapsulaHTML

    CDNext

    Incapsula

    CDNextIncapsula

    Confidential 32

    Web

    CDNext

    HTML

    PNG, JPG

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    IncapsulaCDNext

    IncapsulaCDNext

    CDNext

    CDNextIncapsula

    IncapsulaDDoSWAF

    Confidential 33

    WebCDNext

    WebCDNext

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.Confidential 34

    CDNhttps://tech.stream.jp/

    https://tech.jstream.jp/blog/meeting/cdn_security_seminar/

  • 2016 Imperva, Inc. , J-Stream Inc. All rights reserved.

    https://www.stream.co.jp/

    0120 65 - 8140

    35Confidential