Radware AppWall OnDemand Switch 1 XL
Web Application Firewall
4 Dual purpose ports: SFP or Copper, 6GB Memory, RoHS
Call for Pricing!
4 Dual purpose ports: SFP or Copper, 6GB Memory, Dual AC Power Supply, RoHS
Call for Pricing!
Click here to jump to more pricing!
Overview:
AppWall is available on Radware OnDemand Switch platforms. Scalability is achieved by throughput upgrade licenses or with the AppWall clustering feature in conjunction with an Application Delivery Controller (ADC). Deployment modes include reverse proxy, transparent and non-transparent and cluster deployment.
Enterprises are migrating business-critical functions to web applications in an effort to increase productivity, improve business agility and reduce costs. While the migration to web applications provides economic advantages and enables increased business agility, it also creates new security risks and compliance requirements that need to be addressed. The complexity of attacks and the speed in which new mitigation tools and techniques are being bypassed require a more robust and comprehensive solution that provides faster protection and reduced maintenance costs.
By targeting the application layer, attackers exhaust server and application resources using stealth attack techniques that go undetected by traditional security tools. It is no longer just about http floods and downtime. Advanced methods and the use of multiple vectors during attacks present new challenges in securing an organization.
Prevented Threats
Full coverage of OWASP top 10 web application security risks:
- A1-Injection
- A2-Cross Site Scripting (XSS)
- A3-Broken Authentication and Session Management
- A4-Insecure Direct Object References
- A5-Cross Site Request Forgery (CSRF)
- A6-Security Misconfiguration
- A7-Insecure Cryptographic Storage
- A8-Failure to Restrict URL Access
- A9-Insufficient Transport Layer Protection
- A10-Unvalidated Redirects and Forwards
Web application attacks prevented:
- XSS
- SQL injection
- OS command injection
- LDAP injection
- SSI injections
- XPath injection
- Sensitive information leakage (e.g. CCN, SSN, custom defined)
- Application DOS
- CSRF
- Parameter tampering
- From field manipulation
- Session hijacking
- Cookie poisoning
- Application buffer overflow
- Brute force
- Access to predictable resource locations
- Unauthorized navigation
- Web server reconnaissance
- Directory\path traversal
- Forceful browsing
- HotLink
- HTTP response splitting
- Evasion and illegal encoding
- XML validation
- Web services method restrictions and validation
- HTTP RFC violations
- HTTP request format and limitation violations (size, unknown method, etc.)
- Use of revoked or expired client certificate
- File upload violations
What Does AppWall Do?
The Web can be a dangerous place to conduct business. This unfortunate reality transforms state-of-the art web application security and enterprise network security from a nice-to-have into a mission critical mandate. Radware's got your back with AppWall, a Web application firewall solution.
AppWall is a Web application firewall solution that ensures fast, reliable and secure delivery of mission-critical Web applications. It enables PCI compliance through mitigation of Web application security threats and vulnerabilities, preventing data theft and manipulation of sensitive corporate data, and protecting customer information. Additionally, it reduces the increasing risk of your enterprise's infrastructure being used to attack others.
AppWall is a core part of Radware's next-generation Attack Mitigation System (AMS).
AppWall is also available as the industry's first hybrid-based cloud WAF service.
What Makes AppWall a Better Web Application Firewall Solution?
AppWall offers patent-protected technology to create and maintain enterprise network security policies for widest security coverage with the lowest false positives and minimal operational effort.
Once enabled, the auto policy generation module within AppWall analyzes the security related attributes of the protected Web application and derives the potential threats in the application. The Web application is then mapped into application zones, each with its own common potential threats. Finally it generates individual, granular protection rules for each zone and sets a policy in blocking mode. Once it has completed the optimization process, false-positives are minimized and maintain best enterprise network security coverage.
Radware's Web Application Firewall solution offers comprehensive web applications security, addressing web application security vulnerabilities with:
ICSA Certified Web Application Firewall
Recognized for both the appliance and VM versions, ICSA Labs certifies AppWall for its depth and breadth of vulnerability protection, effectiveness, ease of implementation and low operation overhead.
Full Coverage Out-of-the-box of OWASP Top-10 Threats
Including injections, cross site scripting (XSS), cross site request forgery (CSRF), broken authentication and session management and security misconfiguration.
Data Leak Prevention
Identifying and blocking sensitive information transmission such as credit card numbers (CCN) and social security numbers (SSN).
Zero-day Attacks Prevention
AppWall positive security profiles limit the user input only to the level required by the application to properly function, thus blocking zero-day attacks. The positive security profiles are a proven protection against zero-day attacks.
Protocol Validation
AppWall enables HTTP standards compliance to prevent evasion techniques and protocol exploits.
XML and Web Services Protection
AppWall offers a rich set of XML and Web services security protections, including XML validity check Web services method restrictions, XML structure validation to enforce legitimate SOAP messages and XML payloads.
Web Application Security Vulnerabilities
Signature protection offer the most accurate detection and blocking technology of Web application vulnerability exploits. AppWall negative security profiles offer comprehensive attack protection.
Shortest Time to Security
AppWall's unique Auto Policy Generation analyzes the protected application, generates granular protection rules and applies a security policy in blocking mode that offers the following benefits:
- Shortest time to protection, requiring only one week for known attacks - 50% faster than other leading WAFs
- Best security coverage by performing auto threat analysis, with no admin intervention – covering over 150 attack vectors
- Lowest false-positives achieved through auto-optimization of out-of-the-box rules – close to zero false positives
- Automatic detection of web application changes assuring security throughout the application's development lifecycle – post deployment peace of mind
Multi-Vector Role Based Security Policy
By leveraging AppWall's authentication and SSO, application or organizational web role (employees, partners, customers etc.), and security policies (such as application access, data visibility and web security) can enforce segregation of duties that ensure access to data is based on business needs.
Web Security
AppWall's complete web application protection provides full coverage of OWASP Top-10 Risks by enforcing negative & positive security models that offer the most comprehensive set of web security features. AppWall protects against over a hundred attack vectors some of which are listed in the WASC Threat Classification. It terminates TCP connections and normalizes client encoded traffic to block various evasion techniques and guarantees that out of the box negative security is much more efficient, accurate and difficult to evade.
IP-agnostic Device Identification and Tracking
AppWall's Device Fingerprinting and Activity Tracking modules offer IP-agnostic source tracking to help address the threats posed by advanced bots, such as web scraping, Web application DDoS, brute force attacks for password cracking and clickjacking. AppWall can detect sources operating in a dynamic IP environment and activity behind a source NAT, such as an enterprise network or proxy. Even if the bot dynamically changes its source IP address, its device fingerprint does not change. AppWall tracks the device activity and correlates the source security violations across different sessions over time.
Compliance
AppWall enables organizations to fully comply with PCI DSS section 6.6 requirements and includes the most advanced security graphical reports to convey visibility into the application security and detected attacks. Its detailed PCI compliance report analyzes the security policies, provides automatic compliance status and a mandatory action plan for compliance.
Ready for the Future with Attack Mitigation Network (AMN)
AppWall is part of Radware's Attack Mitigation Network (AMN), a holistic security architecture designed to fight emerging cyber-attacks. AMN offers Defense Signaling, a unique feature deployed in Radware's solution. Every device and solution that is part of the AMN architecture provides information about traffic baselines and real time signatures to the other solutions so all systems have full visibility into available information.
Defense Signaling can automatically respond and mitigate threats where they should be mitigated. For example, it can detect attacks on the application level through AppWall, but can block it in the perimeter with DefensePro, or move volumetric attack mitigation to the cloud. This allows scaling mitigation capabilities and moving mitigation as far as possible from the application infrastructure, resulting in faster, better protected application delivery.
AMN Defense Messaging and Mitigation
Features:
Easy Migration From Test Environments to Production
- AppWall VA is a Web application security tool that is useful for lab testing, and demo environments, where network, security, and application teams can quickly deploy it to test how applications and networks will respond in a production environment when managed by an AppWall device.
- Once testing is concluded, you can either deploy the application and the AppWall VA in the production environment or easily migrate from the AppWall VA policy to the AppWall appliance production environment, since AppWall VA is identical in features and capabilities to the form factors. This approach simplifies the integration between the developed application and AppWall VA and shortens the deployment time of new applications and services in the virtualized and cloud data centers.
- Alternatively, AppWall VA can be deployed in the production environment, where its advanced auto policy generation tools can be utilized to generate tailored policies for the protected application.
Integrated Web Application Security & Application Delivery
- AppWall is an integral part of Radware's suite of Application Delivery Controller (ADC) solutions, which allows customers to augment their Web application security protection with: local and global traffic redirection, application acceleration, bandwidth management, and other application-aware services, all while benefitting from a standardized hardware platform.
- Combining AppWall with Radware ADC solution provides a comprehensive set of availability, acceleration, and security services designed to ensure the fast, reliable, and secure delivery of mission-critical Web applications.
Maintain Business Continuity of Operations (COOP)
- Full protection of online revenue-generating web applications against known and zero-day web attacks
- Best solution for online businesses combining AppWall, DefensePro, ADC and APSolute Vision
Shortest Time to Protect
- Highly granular policy creation and activation
- Immediate policy modification upon application change
Minimal Impact to Business Services and Network
- Low false-positives while maintaining maximum security coverage
- Flexible deployment models to fit any network architecture
Comprehensive PCI Compliance Solution
- Fully complies with DSS 2.0 section 6.6 requirements
- Most advanced PCI compliance reports with action plan to achieve compliance
Best Security & Compliance Reports
- Centralized reporting and event correction engine for historical forensics
Reduces Total Cost of Ownership (TCO) of Security Management
- Automatic real-time attack protection with no need for human intervention
Role Based Web Application Security Policy
- Support for web application role based policy to configure different inspection and enforcement policies on different user types, such as administrator, employee and customer
Single Sign-on
- Single sign on support for multiple domains, for both sub-domains and cross-domains
Authentication
- Support for LDAP and RADIUS based authentication
Protect Critical Web Applications with Radware Web Application Firewall:
APSolute Web Security and Compliance with AppWall: Taking Web Application Security to the Next Level Security to the Next Level
Radware’s AppWall is a Web Application Firewall (WAF) appliance that secures Web applications and enables PCI compliance by mitigating web application security threats and vulnerabilities. It prevents data theft and manipulation of sensitive corporate and customer information.
Complete Web Application Protection
- Full coverage out-of-the-box of OWASP top-10 threats ─including injections, cross site scripting (XSS), cross site request forgery (CSRF), broken authentication and session management and security mis-configuration .
- Data leak prevention – identifying and blocking sensitive information transmission such as credit card numbers (CCN) and social security numbers (SSN).
- Zero-day attacks prevention – AppWall positive security profiles limiting the user input only to the level required by the application to properly function, thus blocking also zero day attacks. The positive security profiles are a proven protection against zero-day attacks.
- Protocol validation – AppWall enables HTTP standards compliance to prevent evasion techniques and protocol exploits.
- XML and Web services protection - AppWall offers a rich set of XML and web services security protections, including XML validity check web services method restrictions, XML structure validation to enforce legitimate SOAP messages and XML payloads.
- Web application vulnerabilities – signature protection offer the most accurate detection and blocking technology of web application vulnerability exploits. AppWall negative security profiles offers comprehensive attack protection.
Fully Addresses PCI DSS 2.0 Requirement 6.6
The Payment Card Industry (PCI) issued Data Security Standard (DSS) to prevent financial fraud and information leak from on-line businesses processing credit cards. AppWall fully addresses requirement 6.6 by:
- Protecting credit card numbers leakage and use of web hacking techniques to disclose information processed through web applications
- Out-of-the-box PCI policies
- PCI compliance reports
The Secret Sauce: Adaptive Policy Creation
AppWall offers patent-protected technology to create and maintain security policies for widest security coverage with lowest false positives and lowest operational effort.
Once enabling the auto policy generation module, AppWall analyzes the security related attributes of the protected web application and derives the potential threats in the application. The web application is mapped into application zone, each with its own common potential threats. It then generates granular protection rules per each zone and sets a policy in blocking mode once it has completed an optimization process that minimizes false-positives while maintaining best security coverage.
Integral Part of the Application Delivery Solution
As AppWall is an integral part of Radware’s suite of Application Delivery Controller (ADC) solutions, customers can augment their Web application security protection with: local and global traffic redirection, application acceleration, bandwidth management, and other application-aware services, all while benefitting from a standardized hardware platform. Combining AppWall with Radware ADC solution provides a comprehensive set of availability, acceleration, and security services designed to ensure the fast, reliable, and secure delivery of mission-critical Web applications.
Complete Network and Application Security Solution
Radware’s award winning DefensePro™ is a real-time network attack prevention device that protects your application infrastructure against network & application downtime, application vulnerability exploitation, malware spread, Information theft and other emerging network attacks. DefensePro includes the set of security modules - DoS Protection, Network Behavioral Analysis (NBA), Intrusion Prevention (IPS) and Reputation Engine - to fully protect networks against known and emerging network security threats.
Together with AppWall we offer you the best network and web application security solution for your data center and on-line applications.
Deployments:
AppWall – Faster to Deploy. Easier to Maintain.
AppWall is the only web application firewall that provides complete web application security. It blocks attacks at the perimeter and ensures fast, reliable and secure delivery of mission-critical web applications. It is the best performing application security solution for web security, mitigation and compliance.
Detect. Signal. Block.
Once AppWall detects a web or application based availability attack, its new Defense Signaling feature automatically signals DefensePro which is deployed at the perimeter to mitigate and block attacks in real-time.
This unique Defense Messaging mechanism can be deployed inline as well as out-of-path to assure line speed web based attack mitigation with no additional latency, performance impact or risk.
- Line speed mitigation:
- 40Gbps
- 25M DDoS pps
- 60 micro seconds latency
- Mitigating cyber attacks targeting web applications behind CDNs
- Blocking the following attacks:
- Advanced http DDoS attacks (Slowloris, Http Dynamic Floods)
- Brute force attacks on login pages
- SSL attacks
- Blocking the attack source at the perimeter, securing other applications and services
- Enabling multi-layer detection and mitigation
Out-of-path detection, signaling DefensePro at the perimeter, line speed
All-in-One Application Delivery & Security
When AppWall is deployed as part of Alteon NG, the solution provides a comprehensive set of availability, acceleration, and security services designed to ensure fast, reliable, and secure delivery of mission-critical web applications.
Resources of AppWall instances can be dynamically allocated according to enterprise needs and deliver fault isolation, SLA assurance and high platform density.
The solution supports both out-of-path and inline deployment modes and can be delivered on a variety of platforms that support up to 80Gbps.
ADC deployment with AppWall: Fault isolation, SLA assurance and high platform density
Technical Specifications:
AppWall is available on Radware OnDemand Switch 1XL platform. Scalability is achieved with AppWall clustering feature in conjunction with an Application Delivery Controller (ADC).
AppWall on OnDemand Switch 1 XL
- High performance application delivery appliance
- 4 Gigabit Ethernet ports (copper or fiber)
- Two redundant management ports providing out-of-band highly reliable management interfaces with enhanced security
- LCD panel displaying key statistics
- USB interface for software installation and recovery
- Multiple power supply configurations including dual, redundant AC/DC
Features | OnDemand Switch 1 XL Platform |
---|---|
Processor | 2 AMD Opteron dual-core 2.2 GHz |
Memory | 6 GB |
Performance1 | |
Capacity2 | 1 Gbps |
Max Concurrent Sessions | 28200 |
Latency | < 1 millisecond |
HTTP transactions per second | 32800 |
Inspection Ports | |
10/100/1000 Copper Ethernet | 4 |
GE (SFP) | 4 |
1000Base-SX/LX/ZX Ports | All Gigabit Fiber ports deliver SX/LX/ZX interfaces depending on GBIC |
1000Base-SX (850 nm) Operating Distance |
|
1000Base-LX/ZX Operating Distance Operating Distance |
|
Management Ports | |
10/100/1000 Copper Ethernet | 2 |
RS-232C Console | 1 |
USB Port | 1 (On front panel) |
Mode of Operation | |
Deployment Modes |
|
Policy Action | Block (Active) & Report (Passive) |
High Availability | |
Dual Power Supply | Optional |
Cluster management | Two or more AppWall devices can be clustered. An AppWall cluster is easily managed with the Cluster Management component, ensuring all policies across the entire AppWall cluster are synchronized. (Cluster Manager acting as Web Application Firewall) |
Physical | |
Dimensions | 1U: Width: 424 mm (17 in.) Depth: 600 mm (24 in.) Height: 44 mm (1.7 in.) 2U: Width: 424 mm (17 in.) Depth: 600 mm (24 in.) Height: 88 mm (3.4 in.) EIA rack or standalone: 482 mm (19 in.) |
Weight |
|
Power Supply |
|
Power Consumption | 150 W |
Heat Dissipation (BTU/h) | 511.5 BTU/h |
Environmental |
|
Certifications |
|
Warranty | 1-year hardware and software maintenance |
1 Actual performance figures may change per network configuration, traffic type, etc.
2 Capacity is measured as maximum traffic forwarding when no security profiles are configured.
Documentation:
Download the Radware AppWall Datasheet (PDF).
4 Dual purpose ports: SFP or Copper, 6GB Memory, RoHS
Call for Pricing!
4 Dual purpose ports: SFP or Copper, 6GB Memory, Dual AC Power Supply, RoHS
Call for Pricing!
Software license. Required for at least one AppWall appliance in an AppWall Cluster to synchronize policies between multiple AppWall appliances.
Our Price: Call for Price!