Upload
layer7tech
View
56
Download
0
Embed Size (px)
DESCRIPTION
Ensure high levels of security and performance for Web services and Web applications Layer 7 and Citrix have partnered to offer a solution that gives enterprises the security and visibility they require to manage HTML, XML, SOAP, REST and JSON traffic. This solution empowers organizations to properly govern how Web services and Web applications are consumed internally and how APIs are exposed externally.
Citation preview
Comprehensive
The Layer 7/Citrix
solution offers:
• XML and HTML
attack protection
• Content switching
• Message validation
• Protocol
transformation
• DoS/XDoS
protection
• WS*/WS-I support
• SQL injection/X-site
scripting protection
• Request/response
validation
• SSL offloading
• Content-based
routing
• XML response
caching
• Load balancing for
XML Gateways
• TCP and application-
level rate limiting
To learn more about
Layer 7 and how it can
address your
organization’s needs,
call 1-800-681-9377 (toll
free within North
America) or
+1.604.681.9377. You
can also email us at
[email protected]; friend
us on
facebook.com/layer7;
visit us at layer7.com, or
follow-us on twitter
@layer7.
Web Services
Protect your applications
HTML continues to be the lingua franca of the Internet,
increasingly at the root of
performance for all forms of internet
capabilities. However, neither traditional Web application nor Web services develope
experts. Even those that have security training are hard pressed to ensure enterprise
properly implemented in the face of ever
For this reason, Layer 7 and Citrix have partnered to offer a
and visibility they require to manage
ensuring they can properly govern how
Web services get consumed inside the organization, and how
departments, partners
By deploying the Layer 7
Application Firewall
both XML-based Web Services traffic and HTML
Securing the EnterpriseThe Layer 7 SOA Gateway minimizes risks associated with the use of
By implementing a
consumption of potentially harmful XML content, and secured against private data leaving the
organization via rogue Web services calls
The Layer 7 Gateway acts as a
broad range of behind the firewall, SOA, B2B
support for all leading directory, identity, access control, S
Layer 7 provides unparalleled flexibility in defining and enforcing identity
leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).
Support for all major WS* and WS
policy controls for specifying message and element security rules, including the ability to branch policy
based on any message context.
are protected again malicious attack or accidental damage due to poorly structured data
Key storage, encryption and
Security Module (HSM)
Layer 7 and CitrixLayer 7’s SOA Gateway deployed in conjunction with
Application Firewall
organization’s network
behavior by inspecting HTTP requests. NetScaler
Layer 7 Gateway for further inspection and processing. Specific policies for securing, managing and
monitoring XML can be defined using the Layer 7 Policy Manager
By centralizing security for all Web applications and Web
management and implement
application’s security policies, controls, reporting details and log data
Both Layer 7 and Citrix offer
based solutions.
Comprehensive SOA & Web Firewalling
Services and Web Application Firewalling in a S
applications from external XML/SOAP, REST/JSON and
HTML continues to be the lingua franca of the Internet, but XML and related Web 2.0 technologies are
increasingly at the root of emerging Web-based service offerings. Ensuring
all forms of internet-based traffic requires specialized control and monitoring
However, neither traditional Web application nor Web services develope
experts. Even those that have security training are hard pressed to ensure enterprise
properly implemented in the face of ever-narrowing development schedules.
For this reason, Layer 7 and Citrix have partnered to offer a solution that gives enterprise
and visibility they require to manage not only HTML, but also XML (and increasingly) JSON
ensuring they can properly govern how traditional Web applications, as well as SOA and REST
get consumed inside the organization, and how application APIs
departments, partners and other third parties.
By deploying the Layer 7 SOA Gateway in conjunction with Citrix’s NetScaler
Application Firewall, organizations can benefit from comprehensive content protection and visibility for
based Web Services traffic and HTML-based Web traffic.
Securing the Enterprise Gateway minimizes risks associated with the use of SOAP and REST
By implementing a Layer 7 Gateway at the edge of the enterprise, organizations are protected from the
consumption of potentially harmful XML content, and secured against private data leaving the
organization via rogue Web services calls.
e Layer 7 Gateway acts as a policy-driven identity and security enforcement point to addresses a
broad range of behind the firewall, SOA, B2B, API management and Cloud security challenges. With
support for all leading directory, identity, access control, Single Sign-On (SS
unparalleled flexibility in defining and enforcing identity-driven security policies
leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).
rt for all major WS* and WS-I security protocols provides enterprise architects with advanced
policy controls for specifying message and element security rules, including the ability to branch policy
based on any message context. Layer 7 also ensures enterprise application and infrastructure services
are protected again malicious attack or accidental damage due to poorly structured data
Key storage, encryption and management operations can be handled in a FIPS 140
(HSM) onboard the appliance, or optionally through network attached HSM.
Citrix Synergy Gateway deployed in conjunction with Citrix’s NetScaler Load Balancer and
Application Firewall provides comprehensive, in-depth analysis of all digital
network. NetScaler delivers protection for HTTP data and automatically profiles expected
r by inspecting HTTP requests. NetScaler identifies XML traffic and automatically routes it to the
eway for further inspection and processing. Specific policies for securing, managing and
monitoring XML can be defined using the Layer 7 Policy Manager.
security for all Web applications and Web services, organizations can
implement consistent security across the enterprise, with complete separation of each
application’s security policies, controls, reporting details and log data.
Both Layer 7 and Citrix offer hardware and virtualized appliance platforms for
Firewalling in a Single Solution
/SOAP, REST/JSON and HTML attack
XML and related Web 2.0 technologies are
a high level of security and
traffic requires specialized control and monitoring
However, neither traditional Web application nor Web services developers are security
experts. Even those that have security training are hard pressed to ensure enterprise-class security is
narrowing development schedules.
gives enterprises the security
(and increasingly) JSON traffic,
Web applications, as well as SOA and REST-based
APIs get exposed to external
NetScaler Load Balancer and Web
organizations can benefit from comprehensive content protection and visibility for
SOAP and REST-based Web services.
Gateway at the edge of the enterprise, organizations are protected from the
consumption of potentially harmful XML content, and secured against private data leaving the
driven identity and security enforcement point to addresses a
and Cloud security challenges. With
On (SSO) and Federation services,
driven security policies,
leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).
architects with advanced
policy controls for specifying message and element security rules, including the ability to branch policy
prise application and infrastructure services
are protected again malicious attack or accidental damage due to poorly structured data.
FIPS 140-2 certified Hardware
network attached HSM.
Load Balancer and Web
f all digital content entering an
delivers protection for HTTP data and automatically profiles expected
identifies XML traffic and automatically routes it to the
eway for further inspection and processing. Specific policies for securing, managing and
services, organizations can simplify security
, with complete separation of each
ce platforms for on-premise and cloud-
Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
This document contains forward-looking statements and is being provided for informational purposes only. It may not be incorporated into any contract.
Key Features
NetScaler
Web Application Firewall • Provides a positive security model to secure against attacks that are difficult to protect with
constant signature updates
Load Balancing • Optimizes application and database server availability through advanced L4 – L7 load balancing
and traffic management
Improved application
performance
• Lowers response times by offloading compute-intensive tasks, such as TCP connection
management, SSL encryption and compression from Web servers
Layer 7
Identity-based access to
services and operations
• Support for leading identity, access management, SSO and federation systems
• Support for Web/browser-based SSO
Manage security for
cross-domain and B2B
relationships
• Credential chaining, credential remapping and support for federated identity
• Integrated STS/SAML issuer featuring support for SAML 1.1/2.0 authentication, authorization and
attribute based policies and Security Context Tokens
• Integrated PKI CA for automated deployment and management of client-side certificates, and
integrated RA for external CAs (including Verisign)
Enforce WS* and WS-I
standards
• Support for all major WS* and WS-I security protocols, including WS-Security, WS-
SecureConversation, WS-SecurityPolicy, WS-Trust, WS-Secure Exchange, WS-Policy and WS-I Basic
Security Profile
Cryptography • Optional onboard HSM, and support for external HSMs (i.e., nCipher, Luna, etc)
• Support for elliptic curve cryptography (conforms to NSA’s Suite B algorithms)
• FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Layer 7 + NetScaler
Threat Protection • Protect against XML parsing, XDoS, cross-site scripting (XSS) attacks, SQL injection
• Full protection against both data theft and layer 4-7 denial of service
• Protection against XML content tampering and viruses in SOAP attachments
Filter XML content for
Web 2.0 and SOA
• Configurable validation & filtering of HTTP headers, parameters and form data
• Detection of classified or “dirty” words or arbitrary signatures with subsequent scrubbing,
rejection or redaction of messages
• Support for XML, SOAP, POX, AJAX, REST and other XML-based services
Comprehensive Class/
Quality of Service
• Traffic shaping at layers 3-6 of the network stack, and at layer 7 via rate limiting based on any
number of factors, including type of consumer, user name, IP address, time of day, metered
limits, service/ API endpoint, etc
To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can
also email us at [email protected]; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.