Comprehensive SOA & Web Firewalling with Layer 7 & Citrix

Comprehensive

The Layer 7/Citrix

solution offers:

• XML and HTML

attack protection

• Content switching

• Message validation

• Protocol

transformation

• DoS/XDoS

protection

• WS*/WS-I support

• SQL injection/X-site

scripting protection

• Request/response

validation

• SSL offloading

• Content-based

routing

• XML response

caching

• Load balancing for

XML Gateways

• TCP and application-

level rate limiting

To learn more about

Layer 7 and how it can

address your

organization’s needs,

call 1-800-681-9377 (toll

free within North

America) or

+1.604.681.9377. You

can also email us at

info@layer7.com; friend

us on

facebook.com/layer7;

visit us at layer7.com, or

follow-us on twitter

@layer7.

Web Services

Protect your applications

HTML continues to be the lingua franca of the Internet,

increasingly at the root of

performance for all forms of internet

capabilities. However, neither traditional Web application nor Web services develope

experts. Even those that have security training are hard pressed to ensure enterprise

properly implemented in the face of ever

For this reason, Layer 7 and Citrix have partnered to offer a

and visibility they require to manage

ensuring they can properly govern how

Web services get consumed inside the organization, and how

departments, partners

By deploying the Layer 7

Application Firewall

both XML-based Web Services traffic and HTML

Securing the EnterpriseThe Layer 7 SOA Gateway minimizes risks associated with the use of

By implementing a

consumption of potentially harmful XML content, and secured against private data leaving the

organization via rogue Web services calls

The Layer 7 Gateway acts as a

broad range of behind the firewall, SOA, B2B

support for all leading directory, identity, access control, S

Layer 7 provides unparalleled flexibility in defining and enforcing identity

leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).

Support for all major WS* and WS

policy controls for specifying message and element security rules, including the ability to branch policy

based on any message context.

are protected again malicious attack or accidental damage due to poorly structured data

Key storage, encryption and

Security Module (HSM)

Layer 7 and CitrixLayer 7’s SOA Gateway deployed in conjunction with

Application Firewall

organization’s network

behavior by inspecting HTTP requests. NetScaler

Layer 7 Gateway for further inspection and processing. Specific policies for securing, managing and

monitoring XML can be defined using the Layer 7 Policy Manager

By centralizing security for all Web applications and Web

management and implement

application’s security policies, controls, reporting details and log data

Both Layer 7 and Citrix offer

based solutions.

Comprehensive SOA & Web Firewalling

Services and Web Application Firewalling in a S

applications from external XML/SOAP, REST/JSON and

HTML continues to be the lingua franca of the Internet, but XML and related Web 2.0 technologies are

increasingly at the root of emerging Web-based service offerings. Ensuring

all forms of internet-based traffic requires specialized control and monitoring

However, neither traditional Web application nor Web services develope

experts. Even those that have security training are hard pressed to ensure enterprise

properly implemented in the face of ever-narrowing development schedules.

For this reason, Layer 7 and Citrix have partnered to offer a solution that gives enterprise

and visibility they require to manage not only HTML, but also XML (and increasingly) JSON

ensuring they can properly govern how traditional Web applications, as well as SOA and REST

get consumed inside the organization, and how application APIs

departments, partners and other third parties.

By deploying the Layer 7 SOA Gateway in conjunction with Citrix’s NetScaler

Application Firewall, organizations can benefit from comprehensive content protection and visibility for

based Web Services traffic and HTML-based Web traffic.

Securing the Enterprise Gateway minimizes risks associated with the use of SOAP and REST

By implementing a Layer 7 Gateway at the edge of the enterprise, organizations are protected from the

consumption of potentially harmful XML content, and secured against private data leaving the

organization via rogue Web services calls.

e Layer 7 Gateway acts as a policy-driven identity and security enforcement point to addresses a

broad range of behind the firewall, SOA, B2B, API management and Cloud security challenges. With

support for all leading directory, identity, access control, Single Sign-On (SS

unparalleled flexibility in defining and enforcing identity-driven security policies

leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).

rt for all major WS* and WS-I security protocols provides enterprise architects with advanced

policy controls for specifying message and element security rules, including the ability to branch policy

based on any message context. Layer 7 also ensures enterprise application and infrastructure services

are protected again malicious attack or accidental damage due to poorly structured data

Key storage, encryption and management operations can be handled in a FIPS 140

(HSM) onboard the appliance, or optionally through network attached HSM.

Citrix Synergy Gateway deployed in conjunction with Citrix’s NetScaler Load Balancer and

Application Firewall provides comprehensive, in-depth analysis of all digital

network. NetScaler delivers protection for HTTP data and automatically profiles expected

r by inspecting HTTP requests. NetScaler identifies XML traffic and automatically routes it to the

eway for further inspection and processing. Specific policies for securing, managing and

monitoring XML can be defined using the Layer 7 Policy Manager.

security for all Web applications and Web services, organizations can

implement consistent security across the enterprise, with complete separation of each

application’s security policies, controls, reporting details and log data.

Both Layer 7 and Citrix offer hardware and virtualized appliance platforms for

Firewalling in a Single Solution

/SOAP, REST/JSON and HTML attack

XML and related Web 2.0 technologies are

a high level of security and

traffic requires specialized control and monitoring

However, neither traditional Web application nor Web services developers are security

experts. Even those that have security training are hard pressed to ensure enterprise-class security is

narrowing development schedules.

gives enterprises the security

(and increasingly) JSON traffic,

Web applications, as well as SOA and REST-based

APIs get exposed to external

NetScaler Load Balancer and Web

organizations can benefit from comprehensive content protection and visibility for

SOAP and REST-based Web services.

Gateway at the edge of the enterprise, organizations are protected from the

consumption of potentially harmful XML content, and secured against private data leaving the

driven identity and security enforcement point to addresses a

and Cloud security challenges. With

On (SSO) and Federation services,

driven security policies,

leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).

architects with advanced

policy controls for specifying message and element security rules, including the ability to branch policy

prise application and infrastructure services

are protected again malicious attack or accidental damage due to poorly structured data.

FIPS 140-2 certified Hardware

network attached HSM.

Load Balancer and Web

f all digital content entering an

delivers protection for HTTP data and automatically profiles expected

identifies XML traffic and automatically routes it to the

eway for further inspection and processing. Specific policies for securing, managing and

services, organizations can simplify security

, with complete separation of each

ce platforms for on-premise and cloud-

Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are

trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.

This document contains forward-looking statements and is being provided for informational purposes only. It may not be incorporated into any contract.

Key Features

NetScaler

Web Application Firewall • Provides a positive security model to secure against attacks that are difficult to protect with

constant signature updates

Load Balancing • Optimizes application and database server availability through advanced L4 – L7 load balancing

and traffic management

Improved application

performance

• Lowers response times by offloading compute-intensive tasks, such as TCP connection

management, SSL encryption and compression from Web servers

Layer 7

Identity-based access to

services and operations

• Support for leading identity, access management, SSO and federation systems

• Support for Web/browser-based SSO

Manage security for

cross-domain and B2B

relationships

• Credential chaining, credential remapping and support for federated identity

• Integrated STS/SAML issuer featuring support for SAML 1.1/2.0 authentication, authorization and

attribute based policies and Security Context Tokens

• Integrated PKI CA for automated deployment and management of client-side certificates, and

integrated RA for external CAs (including Verisign)

Enforce WS* and WS-I

standards

• Support for all major WS* and WS-I security protocols, including WS-Security, WS-

SecureConversation, WS-SecurityPolicy, WS-Trust, WS-Secure Exchange, WS-Policy and WS-I Basic

Security Profile

Cryptography • Optional onboard HSM, and support for external HSMs (i.e., nCipher, Luna, etc)

• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)

• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)

Layer 7 + NetScaler

Threat Protection • Protect against XML parsing, XDoS, cross-site scripting (XSS) attacks, SQL injection

• Full protection against both data theft and layer 4-7 denial of service

• Protection against XML content tampering and viruses in SOAP attachments

Filter XML content for

Web 2.0 and SOA

• Configurable validation & filtering of HTTP headers, parameters and form data

• Detection of classified or “dirty” words or arbitrary signatures with subsequent scrubbing,

rejection or redaction of messages

• Support for XML, SOAP, POX, AJAX, REST and other XML-based services

Comprehensive Class/

Quality of Service

• Traffic shaping at layers 3-6 of the network stack, and at layer 7 via rate limiting based on any

number of factors, including type of consumer, user name, IP address, time of day, metered

limits, service/ API endpoint, etc

To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can

also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.