Daily Video: Microsoft Buys Revolution Analytics in Big Data Push

Microsoft acquiring Revolution Analytics in Big Data push; Logitech grows video options with ConferenceCam Connect; IT jobs more lucrative, but wage satisfaction dips; and more. Microsoft to bundle Office with Windows 10 smartphones, mini tablets; Windows 10 opens opportunities…

via Pocket http://ift.tt/1D5cGXY

AWS Shows 488% Reliability Improvement During 2014

When comparing the number of errors by region it should come as no surprise that Northern Virginia, the largest AWS region, also shows the highest number of errors.

via Pocket http://ift.tt/1t0d9uC

Could Microsoft Cosmos Challenge Hadoop?

A new Microsoft data crunching framework is set to launch on the company’s Azure cloud, according to a report from Redmond pundit Mary Jo Foley on ZDNet. Dubbed Cosmos, it’s a potential competitor to both Hadoop and eventually Google’s homegrown Dataflow.

via Pocket http://ift.tt/1zUB2Gz

Citrix XenDesktop: PVS with NVIDIA vGPU Available and Fully Supported!

Those of you using Citrix XenDesktop and HDX 3D Pro with XenServer for vGPU may be aware that initially NVIDIA vGPU launched with XenApp and XenDesktop 7.1 back in 2013 and was announced with support for MCS (Machine Creation Services) as a mechanism for provision desktops.

via Pocket http://ift.tt/18qCYLc

Amazon acquires chip maker for cloud services business

Amazon is reportedly acquiring an Israel-based chip maker as part of Amazon Web Services (AWS), which could mean the firm plans to design its own hardware right down to the chips. Annapurna labs is still operating in stealth mode and was previously invested in by UK chip maker ARM.

via Pocket http://ift.tt/15KCfU8

Web Application Firewall for AWS

Web Application Firewall for AWS

Executive Summary

This is draft of an analysis for Web Application Firewall vendors.

We can list 3 main types of WAF (Web Application Firewalls):
– Purpose build appliances provided by network security vendors
– WAF modules embedded in application devicery controllers (ADC)
– Cloud services

Only purpose build appliances made to the table of shortlisted vendors in this section for two reasons:
– Cloud services with all the required features averages on \$60,000 per year because of the DDoS protection infrastructure and being externally managed
– Application Delivery Controllers with WAF modules like Citrix NetScaler VPX Platinum (which includes Citrix® Application Firewall™ with XML security) and F5 BIG-IP Virtual Edition (must purchase BIG-IP AWS Add-on – Advanced Firewall Manager Virtual License for WAF), both priced starting around \$10,000-\$12,000 per year, they offer scalability other features ADC features that makes then more complex to administer and control infrastructure costs.

Vendor Imperva Barracuda Networks Fortinet Beeware AlertLogic Qualys
Garner Position Leader (4) Challenger (3) Niche (1) Niche (1) N/A (0) N/A (0)
Starting Price Average (software only) \$16k/yr without manager license and 1 gateway \$5.5k/yr /instance \$2.8k/yr /instance \$4.2k/yr /instance \$3.5k/yr /instance \$2k/yr
OWASP Top 10 / PCI DSS 6.6 Yes Yes Yes Yes Yes Yes
Keep SSL secret in internal network Yes Yes Yes Yes Yes Yes
AWS compatible Yes Yes Yes Yes Yes Yes
DDoS Protections DDoS Protection Service for SecureSphere Barracuda IP Reputation Database, CAPTCHA, Fingerprint IP Reputation, Bot Analysis, Fingerprint Bot Analysis,
Fingerprint
Not Specified Fingerprint
Virtual Patch from Dynamic Application SEcurity Testing report WhiteHat, IBM, Cenzic, NT OBJECTives, Qualys, and others No (Gartner July/2014) Own vulnerability scanning Yes Yes Yes

Qualys
Despite Qualys not being included in WAFs gartner quadrants, he is present in the Application Security Testing gartner quadrants as a Challenger. And his Application Security Testing report can be imported for virtual patching in his own WAF, or Imperva, F5, Citrix, etc. It is not present in any gartner quadrant probably because the product wasn’t generally available as of 1 January 2013, but probably will be listed as a Challenger in the next gartner report.

Barracuda
Barracuda is the cheapest vendor which fullfill all the requirements and is in the gartner challenger quadrant.

Imperva
Imperva is the gartner leader and best of breed solution vendor.
The listed prices are the ones found in the internet or direct calculations from the hour rate pricing, please always contact the vendor for the actual price.

The listed prices are the ones found in the internet or direct calculations from the hour rate pricing, please always contact the vendor for the actual price.

Criteria for vendors

Listing

The listing is composed by vendors present in the Gartner quadrant, OWASP (Open Web Application Security Project) and vendors rated high in AWS Marketplace.

Evaluation

Those are the criterias and features used for evaluation.

Open Web Application Security Project (OWASP) Top 10

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.”
Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

PCI DSS

To be PCI DSS compliant must fullfill all the following requirements:
– Install and maintain a firewall configuration to protect cardholder data.
– Do not use vendor-supplied defaults for system passwords and other security parameters.
– Protect stored cardholder data.
– Encrypt transmission of cardholder data across open, public networks.
– Use and regularly update anti-virus software.
– Develop and maintain secure systems and applications.
– Restrict access to cardholder data by business need to know.
– Assign a unique ID to each person with computer access.
– Restrict physical access to cardholder data.
– Track and monitor all access to network resources and cardholder data.
– Regularly test security systems and processes.
– Maintain a policy that addresses information security.

Maintan SSL secret on our internal network

We do not wish to share our SSL secrets.

AWS Cloud compatible

Must work with our infrastructure.

Gartner quadrant

Gartner Quadrant WAF

To understand the quadrant axis:
Ability to execute is about the enterprise executive power in assets, size, branch offices, market value, revenues.
Completeness of vision is about the solution features and quality and completeness of the software solution.

Gartner quadrant evaluates and lists vendors with the following criterias:
– Their offerings can protect applications running on different types of Web servers.
– Their WAF technology is known to be approved by Qualified Security Assessors as a solution for PCI Data Security Standard (DSS) Requirement 6.6 (which covers Open Web Application Security Project [OWASP] Top 10 threats, in addition to others).
– They provide physical, virtual or software appliances, or cloud instances.
– Their WAFs were generally available as of 1 January 2013.
– Their WAFs demonstrate features/scale that is relevant to enterprise-class organizations.
– They have achieved $3 million in revenue from the sale of WAF technology.
– Gartner has determined that they are significant players in the market due to market presence or technology innovation.

Other requirements

Those are optional requirements we were looking for:
– DDoS protection
– Compatible with various cloud service providers

Vendors

Purpose build appliances provided by network security vendors

Imperva

California-headquartered Imperva (IMPV) is a data center security vendor with alon g WAF legacy. Other Imperva products are focused on data and security, including products for database audit and protection as well as file activity monitoring. Early on, Imperva positioned itself primarily as a transparent bridge deployment. This aligned Imperva with enterprises, because deployments could more easily be made behind ADCs without introducing a second proxy, and “try before you buy” was easier with the transparent yet in-line mode. As most pure-play competitors were acquired or disappeared, Imperva continued to grow its share of the WAF market. Incapsula is the Imperva-owned, off-premises or as-a-service WAF that is bundled with other services, including DDoS mitigation.
Gartner sees a good attach rate level for Imperva’s WAF with its database security offering. Imperva has a good third-party ecosystem, which includes data loss prevention, anti-fraud, SIEM and vulnerability scanners.
Imperva is a good shortlist contender for organizations of all sizes.
Source:Gartner

  • Gartner Leader
  • Usually too advanced for SMB

http://www.imperva.com/

SecureSphere WAF for AWS environment working properly, you must deploy the SecureSphere WAF Gateway and the SecureSphere Management Server

A gateway AV1000 price

EC2 Instance Type EC2 Usage Software Total
c1.xlarge \$0.52/hr \$0.97/hr \$1.49/hr
m3.large \$0.14/hr \$0.97/hr \$1.11/hr
m3.xlarge \$0.28/hr \$0.97/hr \$1.25/hr
m3.2xlarge \$0.56/hr \$0.97/hr \$1.53/hr

Firewall Management server price

EC2 Instance Type EC2 Usage Software Total
c1.xlarge \$0.52/hr \$0.82/hr \$1.34/hr
m3.xlarge \$0.28/hr \$0.82/hr \$1.10/hr
m3.2xlarge \$0.56/hr \$0.82/hr \$1.38/hr

Barracuda Networks

Barracuda Networks (CUDA), which is based in Campbell, California, pr
ovides a wide variety of information security and storage products that are largely targeted at small or midsize businesses (SMBs). Barracuda offers its Web Application Firewall line in a variety of form factors, including as a physical or virtual appliance, and also as a cloud-based service that can be deployed on the Microsoft Azure and Amazon Web Services (AWS) cloud platforms.

SMB buyers and resource-strapped security teams that require a low-cost solution and attentive vendor support should consider this product.
Source: Gartner

  • Gartner Challenger
  • WAF on azure
  • ADC Features
  • Do not integrate with vulnerability scanners

https://techlib.barracuda.com/waf/configssl

EC2 Instance Type EC2 Usage Software Total
m1.medium \$0.087/hr \$1.038/hr \$1.125/hr
m1.large \$0.175/hr \$1.318/hr \$1.493/hr
m1.xlarge \$0.35/hr \$1.758/hr \$2.108/hr

Price for 1 year license

http://www.kernelsoftware.com/products/catalog/barracuda_networks.html

BWFCAW001A1 WAF AMAZON WEB SERVICE LVL 1 1YR LIC New .01 \$5,546.32 eStore

FortiNet

Based in California, Fortinet (FTNT) is a significant network security and network infrastructure vendor. It started as a unified threat management vendor in 2000. It later expanded its portfolio to include multiple security offerings, including a WAF (FortiWeb, released in 2008), an ADC (FortiADC) and a database protection platform (FortiDB). The vendor remains most well-known for its FortiGate firewall product line, and it keeps adding new products, such as the recent sandboxing appliance FortiSandbox.

FortiWeb provides multiple deployment options with a physical or virtual appliance (FortiWeb-VM), and acts as a reverse/transparent proxy or not in-line. It is also available on AWS. FortiWeb can be purchased with individual software options that can be bundled together for better overall costs. Subscriptions include IP reputation, antivirus and
security signature updates.

Fortinet’s existing customers and midsize organizations should include Fortinet’s WAF in their competitive assessments.
Source: Gartner

  • FortiWeb
  • AWS available
  • Includes integrated vunlerability scanner
  • SSL in AWS Virtual Appliance
  • Gartner does not see the Fortinet WAF appearing on
    enterprise shortlists where security is highly
    weighted
  • ADC Features

https://aws.amazon.com/marketplace/pp/B00L9JODAE/ref=sp_mpg_product_title?ie=UTF8&sr=0-6

Pricing monthly

EC2 Instance Type EC2 Usage Software Total
m3.medium \$0.07/hr \$0.41/hr \$0.48/hr
m3.large \$0.14/hr \$0.83/hr \$0.97/hr
m3.xlarge \$0.28/hr \$2.01/hr \$2.29/hr
m3.2xlarge \$0.56/hr \$3.54/hr \$4.10/hr
c3.large \$0.105/hr \$0.74/hr \$0.845/hr
c3.xlarge \$0.21/hr \$1.79/hr \$2.00/hr
c3.2xlarge \$0.42/hr \$3.16/hr \$3.58/hr

Pricing annual

EC2 Instance Type EC2 Usage Software Discount
m3.medium \$0.07/hr $ \$2,781/yr 23%
m3.large \$0.14/hr \$5,566/yr 23%
m3.xlarge \$0.28/hr \$13,523/yr 23%
m3.2xlarge \$0.56/hr \$23,867/yr 23%
c3.large \$0.105/hr \$5,374/yr 17%
c3.xlarge \$0.21/hr \$13,056/yr 17%
c3.2xlarge \$0.42/hr \$23,044/yr 17%

Beeware

France-based BeeWare has been marketing its technologies since 2003. Its products, which include WAF, Web services firewall and WAM, have been integrated into its i-Suite platform, which can be deployed as a physical or virtual appliance. The i-Suite solution also offers ADC features, such as load balancing, content caching, compression and traffic rewriting. BeeWare is one of the smaller vendors in the WAF space, and predominantly sells its WAF to the French market. In May 2014, it was acquired by DenyAll.
Midsize and large French enterprises in financial, government and manufacturing sectors that have WAF and authentication needs should consider BeeWare on their shortlists, but also take into account the acquisition by DenyAll
Source Gartner

Supports AWS
Product i-suite in AWS Marketplace
From $350 per month

DenyAll

DenyAll is based in France and has marketed its WAF technology (rWeb) since 2001. Later, it added sProxy (a plug-in to rWeb with predefined policies for email, SharePoint and SAP) and rXML (a Web
services firewall). DenyAll’s rWeb WAF product was developed to secure HTTP(s), SOAP and XML traffic, and is currently available as a tool that is predominantly installed on enterprise’s premises. Its technology can be deployed as software or appliance (physical or virtual). DenyAll is in the process of developing and testing its WAF cloud offering, and rWeb is already available via AWS and Microsoft Azure.
Source: Gartner

Product rWeb supports AWS and Azure
DenyAll Protect – Web Application & Service Firewalls

https://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CDUQFjAD&url=http%3A%2F%2Fwww.sans.edu%2Fstudent-files%2Fprojects%2F200904_01.doc&ei=Ca-_VNuZIMuIsQTjmILwDg&usg=AFQjCNHDcxResQt94nkLLgZufAigkYV2cA&sig2=V6YOeTT_dIeWaN8s0RVgpg&bvm=bv.83829542,d.aWw&cad=rja

Trustwave

Based in Chicago, Trustwave (TWAV) provides managed services around its comprehensive portfolio of network security solutions. The Trustwave WAF (formerly WebDefend) was first available in 2006 as a
physical appliance (TX Series), and then in 2013 as a virtual appliances (VX Series) for VMware hypervisors. Trustwave also provides managed services for its WAF offering. Trustwave’s WAF works with other solutions from the vendor, including the SIEM and vulnerability scanner. Trustwave also supports the open-source ModSecurity WAF, and provides a commercial signature package that is maintained by SpiderLabs, its threat research team.

Trustwave is a good choice for organizations in North America that are seeking PCI compliance.
Source: Gartner

  • SpiderLabs and Modsecurity
  • good choice for NA and PCI
  • Supports ModSecurity
  • No DDoS
  • WebDefender VMWare and physical appliance NO AWS APPLIANCE

Price starts at $9,995

AlertLogic

Alert Logic is a provider of hosted IT network security, founded in 2002 and based in Houston, Texas. The company was founded by Misha Govshteyn and Matthew Harkrider.

Alert Logic uses a software as a service (SaaS) platform to deliver IT network intrusion protection, vulnerability assessment and improved IT compliance for mid-sized businesses and institutions.
Source: Wikipedia

  • PCI compliant

Pricing

EC2 Instance Type EC2 Usage Software Total
m1.medium \$0.087/hr \$0.48/hr \$0.567/hr
c3.large \$0.105/hr \$0.62/hr \$0.725/hr
c3.xlarge \$0.21/hr \$0.81/hr \$1.02/hr
c3.2xlarge \$0.42/hr \$1.10/hr \$1.52/hr
c3.4xlarge \$0.84/hr \$1.40/hr \$2.24/hr

EC2 Infrastructure Software

Instance Type Usage Price Savings
m1.medium \$0.087/hr \$3,350/yr 20%
c3.large \$0.105/hr \$4,350/yr 20%
c3.xlarge \$0.21/hr \$5,650/yr 20%
c3.2xlarge \$0.42/hr \$7,700/yr 20%
c3.4xlarge \$0.84/hr \$9,800/yr 20%

Qualys

Qualys, which is based in the U.S., provides a number of cloud-based security services, including DAST as a service (introduced in 2011). In 2014, it has begun expanding into WAF as a service, using its cloud-based security service platform architecture. Qualys targets the lower-end, price-sensitive sector of the market with fully automated DAST service. It uses integrated Selenium support for the automation of authentication and navigation.

Qualys should be considered by organizations seeking fully automated, low-cost DAST-as-a-service capabilities provided by an easy-to-use management console and interface. Qualys’ DAST offering is often combined with other types of managed security services (such as vulnerability scanning).
Source: Magic Quadrant for Application Security Testing

  • Qualys WAF sensor software
  • PCI/OWASP
    Import SSL to AWS instance inside our network
    Forbes Global 100
  • Clients: Oracle, HP, Microsoft, etc

OWASP List

http://www.scmagazine.com/qualys–qualysguard-express/review/4096/

Web Application Scanning with WAS and protect with WAF

Vendor:
Qualys
Product:
Qualys – QualysGuard Express
Website:

http://www.qualys.com

Price
Starting $2,495 per year.

Has subscription

WAF modules for ADCs

F5

Seattle-headquartered F5 (FFIV) is an application infrastructure vendor that is focused on ADCs. The primary WAF offering is a software module for the F5 Big-IP ADC: the Application Security Manager (ASM). Other F5 security modules include the network firewall Advanced Firewall Manager (AFM) and the WAM Access Policy Manager (APM) module. ASM is also available on the virtual edition of Big-IP. The F5 hardware Big-IP appliance product line can also run a license-restricted (yet upgradable) version of the full software to act as a stand-alone security solution (such as a stand-alone WAF).
F5 is a good shortlist candidate, especially for large organizations that own or are considering ADC technology.
Source: Gartner

Gartner Challenger

  • ASM (Application Security Manager)
  • AFM (Advanced Firewall Manger)
  • ADC
  • Virtual Appliance AWS
  • Defense.net acquisition
EC2 Instance Type EC2 Usage Software Total
cc2.8xlarge \$2.00/hr \$0.33/hr \$2.33/hr
m3.large \$0.14/hr \$0.33/hr \$0.47/hr
m3.xlarge \$0.28/hr \$0.33/hr \$0.61/hr
m3.2xlarge \$0.56/hr \$0.33/hr \$0.89/hr
c3.xlarge \$0.21/hr \$0.33/hr \$0.54/hr
c3.2xlarge \$0.42/hr \$0.33/hr \$0.75/hr
c3.4xlarge \$0.84/hr \$0.33/hr \$1.17/hr
c3.8xlarge \$1.68/hr \$0.33/hr \$2.01/hr
Instance Type Usage Price Savings
cc2.8xlarge \$2.00/hr \$1,821/yr 37%
m3.large \$0.14/hr \$1,821/yr 37%
m3.xlarge \$0.28/hr \$1,821/yr 37%
m3.2xlarge \$0.56/hr \$1,821/yr 37%
c3.xlarge \$0.21/hr \$1,821/yr 37%
c3.2xlarge \$0.42/hr \$1,821/yr 37%
c3.4xlarge \$0.84/hr \$1,821/yr 37%
c3.8xlarge \$1.68/hr \$1,821/yr 37%

F5 BIG-IP AWS Add-on – Advanced Firewall Manager Virtual License
F5 BIG-IP AWS Add-on – Advanced Firewall Manager Virtual License
Due to manufacturer policy we cant display our low price for this item. Call us at 888-864-1641 or click here to have the price emailed to you.
Overview
BIG-IP AWS Add-on – Advanced Firewall Manager Virtual License
SKU: F5-ADD-BIG-AFM-AWS
Price: $7,995.00

Citrix

U.S.-based Citrix (CTXS) is a global provider with a broad portfolio
of virtualization, cloud infrastructure and ADC solutions. Citrix has offered WAF functionality (NetScaler AppFirewall) for more than a decade as a software option, or included in the “Premium” bundle of the NetScaler Application Delivery Controller suite. The Citrix hardware appliance product line (NetScaler MPX) can also run a license-restricted version of the full NetScaler software to act as a stand-alone WAF. In addition, Citrix provides virtual appliances (NetScaler VPX). The NetScaler SDX platform allows several instances of Citrix solutions, including ADC and NetScaler AppFirewall software in a single hardware appliance. NetScaler can also be bundled in Citrix Mobile Workspace offerings.
Citrix NetScaler AppFirewall is a good choice for large enterprise clients that are looking for an easy way to add WAF functionalities to their existing Citrix infrastructures.
Source: Gartner

Gartner Challenger

  • Mostly ADC (-)
  • NetScaler AppFirewall
  • VPX Virtual Appliance
  • Do not offer cloud based DDoS

http://store.citrix.com/store/citrixus/en_US/pd/ThemeID.9505600/productID.201434800

10 Mbps – Platinum $8,000.00

Cloud services

Incapsula

Incapsula Inc. is a Cloud-based application delivery platform. It uses a global content delivery network to provide website security, DDoS protection, load balancing and failover services to clients
Incapsula was founded in 2009 by Gur Shatz and Marc Gaffan. The company originally operated under the company Imperva (NYSE:IMPV), a US-based data security company who owned 85% of the company. It was spun out from Imperva in 2009 and reported to be growing at a rate of 50% per quarter as of August 2013. It was also reported that Imperva has increased its ownership in the company since it was spun out in 2009
Source: Wikipedia

http://www.incapsula.com/pricing-and-plans.html

Plan Personal Business Business+ Enterprise
Price \$19 Site / Month $59 Site / Month \$299 Site / Month Not disclosed
Features Bot Protection, CDN & Advanced Acceleration, Support for SSL websites, Login Protect Web Application Firewall, PCI Compliance Report, Backdoor Detection Blocks Network DDoS Attacks, Blocks Application DDoS Attacks, Auto Detection & triggering, Supports Custom SSL Certificates 24×7 Support & Uptime SLA, Account Management, Load Balancing & Failover, Real-Time Event Monitoring, Custom Security Rules, API & Custom Branding, Infrastructure DDoS Protection

Incapsula SSL

The Challenge

Each SSL certificate requires its own dedicated IP address. This fact alone, fueled by the rapidly growing IPv4 address shortage, already poses an issue for many hosting providers.

In our case things are even more complex, as the CDN nature of our service requires us to have a valid version of each certificate on every one of our data centers.

Unless solved, this issue would force us to allocate multiple sticky IPs for each certificate, diminishing the overall IP pool, hindering on traffic routing and raising the costs for us and our clients.

The Solution

Subject Alternative Name (SAN) SSL certificates provided us with an efficient and cost effective solution we were looking for. These multi-use certificates were created to reduce cost and simplify management by supporting the inclusion of multiple names within the same certificate and in our case they also allowed us to deal with the IP shortage by allocating multiple domain names to a single IP.

Cloudflare

CloudFlare is an American-based company that provides a content delivery network and distributed domain name server system, sitting between the visitor and the CloudFlare user’s hosting provider, acting as a reverse proxy for websites. Its network protects, speeds up, and improves availability for a website or mobile application with a change in DNS. CloudFlare is headquartered in San Francisco, California with an additional office in London
Source: Wikipedia

Plans CloudFlare Free CloudFlare Pro CloudFlare Business CloudFlare Enterprise
Price It’s free! \$20 /month/first website.
\$5 /month/each subsequent website. \$200 /month/website Averages $5,000 monthly
Features Fast site performance, Broad security protection, SSL, Powerful stats about your visitors, Peace of mind about running your website so you can get back to what you love Faster site performance, Mobile optimizations, Web application firewall (WAF), Virtually real-time statistics, Insight into what’s happening on your site All Pro features, plus full customization, Advanced denial of service attack mitigation
Railgun™ web optimization, 100% uptime guarantee All Business features, plus setup consultation, Dedicated account manager, 24/7 phone support, 2500% service level agreement (SLA)

Keyless SSL

https://www.cloudflare.com/keyless-ssl

While most customers are comfortable with CloudFlare managing their private keys, some have unique security requirements making this impossible. Keyless SSL allows users to retain control of keys while still routing encrypted traffic through CloudFlare’s global network.

Keyless SSL

So for enterprise plans it’s on average \$60,000 per year.

Akamai

Akamai (AKAM) is based in Cambridge, Massachusetts, and provides a leading content delivery network (CDN). Its network and security cloud services, including its WAF (Kona Site Defender), are built on top of the Akamai Intelligent Platform, its global cloud infrastructure. The Kona WAF has been available since 2009, and received significant improvement in 2013. The Kona WAF management and monitoring
consoles (Luna Control Center and Security Monitor) are also delivered as Web portals.
Akamai’s WAF is delivered as a service with a monthly fee, based on performance requirements for up to 10 sites. Additional subscriptions are available to limit the extra costs in case of volumetric DDoS
attack (DDoS Fee Protection), to get assistance with Web security rule updates and tuning (Rule Update Service), or to reduce the scope of PCI compliance assessment with tokenization of client credit
credentials (Edge Tokenization).

In the first quarter of 2014, Akamai completed the acquisition of DDoS protection service Prolexic Technologies. Gartner analysts expect future integration between Kona and the Prolexic offering. The Kona WAF is a good choice for existing Akamai customers as an extension to deployed Akamai solutions, and for large public websites looking for simple WAF deployment
Source Gartner

Gartner Challenger

  • DDoS and Web Application Security as a service
  • Lacks virtual applicance or software installation
  • Too expensive (subscrition)

(Kona Site Defender)

~\$5000/month

Radware

Headquartered in Mahwah, New Jersey, Radware (RDWR) delivers a variety of application delivery and security products. These security products include a DDoS mitigation tool (DefensePipe), an IPS (DefensePro) and a WAF (AppWall), which can be bundled together in Radware’s Attack Mitigation System (AMS) offering. Radware has been shipping the AppWall WAF, which it acquired from Protegrity, since 2010. AppWall may be deployed as a physical or virtual appliance. Radware also provides a solution for the centralized management, monitoring and reporting of its own products (APSolute Vision).

Radware’s WAF predominantly serves the vendor’s existing customer base of midsize and large enterprise clients. It is a good fit in security en
vironments that use other Radware security or ADC products.
Source: Gartner

  • WAF (AppWall)
  • DDoS (DEfensePipe)
  • Virtual Applicance for VMWARE
  • Usually midsize and large enterprises
    - No AWS Appliance for AppWall only Alteon
    - Hybrid Cloud WAF
    WAF-as-a-service (price not disclosured)

Product name: DefensePipe
~ $5,000/month

https://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCMQFjAB&url=http%3A%2F%2Fwww.ftgtechnologies.com%2Fmedia%2Fcoma-pricelists%2FFTG_Pricelist_Radware.xlsx&ei=-6u_VKL6CpDcgwSBjIDYBQ&usg=AFQjCNHRXgVRBfWL4mUWLYlVNUn_2OBYLg&sig2=egoDN7Q5UYVUJeQiUy8U3Q&bvm=bv.83829542,bs.1,d.aWw&cad=rja

6 Linux Apps to Watch For in 2015

The Linux landscape is ever changing. Over the last few years, the flagship open source tool has found levels of acceptance thought unreachable for software running on a free platform. That momentum isn’t going to let up.

via Pocket http://ift.tt/1BcbaGr

Less is More in the New Xen Project 4.5 Release

If we used code-names, the Xen 4.5 release should be called Panda on Diet! We have 78K new code with 141K deleted. In effect this release has -63KLOC code than the previous one. The net effect of a skinnier Xen Project Hypervisor code base is increased usability, simplicity and innovation.

via Pocket http://ift.tt/1AiPuTn

Systemd Gains IP Forwarding, IP Masquerading & Basic Firewall Controls

The systemd project is off to a quick start in 2015 with already seeing over 200 commits (granted, in 2015 systemd development skyrocketed with nearly 5,000 commits). With the newest work that’s landed, the networkd component to systemd has been improved with new features…

via Pocket http://ift.tt/1ycd3SN

Microsoft and Google strike back at AWS with their own cloud upgrades

The war for the public cloud continues apace. Days after Amazon.com Inc. rolled out the latest batch of improvements to its dominant infrastructure-as-a-service platform, rivals are hitting back with their own upgrades in the opening skirmish of 2015.

via Pocket http://ift.tt/1yZI7F2