main

Application Delivery

Application SLA: Knowing Is Half the Battle

April 4, 2019 — by Radware2

ApplicationSLA-960x642.jpg

Applications have come to define the digital experience. They empower organizations to create new customer-friendly services, unlock data and content and deliver it to users at the time and device they desire, and provide a competitive differentiator over the competition.

Fueling these applications is the “digital core,” a vast plumbing infrastructure that includes networks, data repositories, Internet of Things (IoT) devices and more. If applications are a cornerstone of the digital experience, then managing and optimizing the digital core is the key to delivering these apps to the digitized user. When applications aren’t delivered efficiently, users can suffer from a degraded quality of experience (QoE), resulting in a tarnished brand, negatively affecting customer loyalty and lost revenue.

Application delivery controllers (ADCs) are ideally situated to ensure QoE, regardless of the operational scenario, by allowing IT to actively monitor and enforce application SLAs. The key is to understand the role ADCs play and the capabilities required to ensure the digital experience across various operational scenarios.

Optimize Normal Operations

Under normal operational conditions, ADCs optimize application performance, control and allocate resources to those applications and provide early warnings of potential issues.

[You may also like: 6 Must-Have Metrics in Your SLA]

For starters, any ADC should deliver web performance optimization (WPO) capabilities to turbocharge the performance of web-based applications. It transforms front-end optimization from a lengthy and complex process into an automated, streamlined function. Caching, compression, SSL offloading and TCP optimization are all key capabilities and will enable faster communication between the client and server while offloading CPU intensive tasks from the application server.

Along those same lines, an ADC can serve as a “bridge” between the web browsers that deliver web- based applications and the backend servers that host the applications. For example, HTTP/2 is the new standard in network protocols. ADCs can serve as a gateway between the web browsers that support HTTP/2 and backend servers that still don’t, optimizing performance to meet application SLAs.

Prevent Outages

Outages are few and far between, but when they occur, maintaining business continuity is critical via server load balancing, leveraging cloud elasticity and disaster recovery. ADCs play a critical role across all three and execute and automate these processes during a time of crisis.

[You may also like: Security Pros and Perils of Serverless Architecture]

If an application server fails, server load balancing should automatically redirect the client to another server. Likewise, in the event that an edge router or network connection to the data center fails, an ADC should automatically redirect to another data center, ensuring the web client can always access the application server even when there is a point of failure in the network infrastructure.

Minimize Degradation

Application SLA issues are most often the result of network degradation. The ecommerce industry is a perfect example. A sudden increase in network traffic during the holiday season can result in SLA degradation.

Leveraging server load balancing, ADCs provide elasticity by provisioning resources on-demand. Additional servers are added to the network infrastructure to maintain QoE, and after the spike has passed, returned to an idle state for use elsewhere. In addition, virtualized ADCs provide an additional benefit, as they provide scalability and isolation between vADC instance at the fault, management and network levels.

[You may also like: Embarking on a Cloud Journey: Expect More from Your Load Balancer]

Finally, cyberattacks are the silent killers of application performance, as they typically create degradation. ADCs play an integrative role in protecting applications to maintain SLAs at all times.   They can prevent attack traffic from entering a network’s LAN and prevent volumetric attack traffic from saturating the Internet pipe.

The ADC should be equipped with security capabilities that allow it to be integrated into the security/ DDoS mitigation framework. This includes the ability to inspect traffic and network health parameters so the ADC serves as an alarm system to signal attack information to a DDoS mitigation solution. Other interwoven safety features should include integration with web application firewalls (WAFs), ability to decrypt/encrypt SSL traffic and device/user fingerprinting.

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

Attack Types & VectorsSecurity

1984 to 2018: The Evolution of the Olympics

February 21, 2018 — by Daniel Smith2

olympics-then-and-now-960x678.jpg

Change is inevitable and it happens in every industry. Those that evolve with change often help lead the transformation and revolutionize their domain. In 2016 we began to enter the era of digital transformation in our industry and changes have begun to take place that are revolutionizing the way we consume, collect and deliver data to every aspect of society. Along with these changes have we seen the creation of new businesses and opportunities centered around this evolution in connectivity. Digitization is creating growth opportunities and offering user experiences in ways we have never seen before.

Application DeliverySecurity

Every Digital Yin has a Physical Yang

May 23, 2017 — by Daniel Lakier0

digital-yin-and-yang-960x679.jpg

In the year 1453, the Ottoman Empire under Sultan Mehmed II was able to accomplish what none before them had ever been able to achieve. For more than a millennium, Byzantium had remained a bastion of the Orthodox faith, the great kingdom of the East. The hordes and barbarians that had caused the downfall of so many other empires had been unable to conquer this unconquerable city. Until one day when it all changed.

Attack Types & VectorsSecurity

Digital Transformation Requires a Security Rethink

May 3, 2017 — by Zeus Kerravala0

digital-transformation-security-960x649.jpg

Over the past few years digital transformation has become a hot topic with both business and IT leaders.  Organizations that embrace digitization and use the concepts to create new processes and products have the opportunity to become leaders in their industries.  Those that do not will struggle to survive and possibly go out of business or be acquired by stronger firms.

Security

Securing the Digital Transformation

February 28, 2017 — by Ron Meyran0

securing-digital-transformation-960x480.jpg

Key Takeaways from Cisco Live Berlin 2017

Digital Transformation is the Core of Every Business

2016-2017 introduced the era of Digital Transformation. Digital transformation is the change associated with the application of digital technology in all aspects of human society. Digital transformation inherently enables new types of innovation and creativity to increase business competency rather than simply going paperless.

Ruba Borno PhD, Vice President Cisco Growth Initiatives, shared Cisco’s vision that the only future-proofed solution for digital transformation is a next-generation secure network. Security is no longer static, and securing all the organization’s access points is no simple task. IoT, mobile work force, cloud applications and increased sophistication of attackers and attack methods require better preparation. Organizations need to fundamentally change how they build, manage and secure networks.

Digital transformation was the apparent theme across this year’s Cisco Live Berlin. With security becoming the key enabler for any organization IT investment, this paper covers the key trends in securing the digital transformation, along with new solutions announcements covered at Cisco Live Berlin 2017.

Attackers Are Relentless; Defenders Are Tired

Attackers have infinite time to plan their next attack: choose a victim, gather intelligence, select the right attack tools, test them, coordinate an attack and then launch the attack at their convenience. There are plenty of attack tools available at the Clearnet and the Darknet, and there are plenty of opportunities to strike again and again – till success.

Defenders, on the other hand, have to overcome every attack attempt. They do not have a second chance. They have limited budget, their job is at stake, and they need to keep up with education, training, selecting the right solutions and maintaining an effective security posture.

This is where the difference between detection and protection becomes critical. To protect against attacks you need first to detect that you are under attack. Security solutions often focus on shortening the time to detect. Yet, they also need to shorten the time to protect – this is where automation becomes important. Solutions that automate more stages of the attack lifecycle will be more successful in dealing with the more dynamic, automated attacks organizations experience today.

[You might also like: As Cyber Security Programs Lose Their Moorings to Ransom-DoS: Radware Introduces the Ultimate Guide to Cyber Ransom]

Ransomware Becomes a Major Threat

I urge you to watch ransomware – an anatomy of an attack. This video, played at multiple Cisco Live sessions, provides an insight to an attacker’s daily work. It is about the details. The attacker does not need to develop any tool or software. They only need to select the right tools from an endless variety and use them smartly.

DDoS attacks have also joined the mix of ransom attacks by slowing down organization operations and even completely shutting down their online presence.

What can you do against ransomware? Although widely discussed during multiple sessions at Cisco Live Berlin 2017, I have not seen a solution that is truly designed to address this threat. Cisco speakers discussed a multi-layered security approach where they highlighted some capabilities in their solutions that can help improve a business security posture against the ransom threat.

What can you do to fight this threat? As always, prevention is the key. And prevention is about education, education and again – education. Attackers lure employees to open unsolicited mails, download software updates and harness multiple social engineering techniques. You need to be more suspicious and ask yourself if this is a safe operation beforehand.

DDoS Attacks Are On the Rise

We know how to protect endpoints – desktops, laptops and other mobile devices. We know how to protect our enterprise network. We use firewalls, intrusion prevention systems, anti-virus, anti-malware and other perimeter network security solutions.

What we do not know is how to protect infrastructure against DDoS attacks. Data centers, service providers and cloud providers are all vulnerable to network flood attacks. The recent Dyn attack and the celebrity Mirai botnet are clear reminders that we need to get ready.

IoT is a real threat. We are adding 1 million devices per hour to the internet and the majority of them are directly accessible with no or limited security measures. A 1 terabit-per-second DDoS attack is expected this year 2017.

We need to think differently. DDoS attacks are not a problem of specific organizations. It is a problem of the community. Attack mitigation should start at the service providers’ network and leverage to the enterprise data center. It should be more simple and manageable.

Effective Security: Keep It Simple

Digitization has created unprecedented growth opportunities. With more than 50 billion connected devices estimated by 2020 (According to Cisco), business leaders are questioning how new digital trends will impact their business — but so are the active adversaries seeking to profit from well-organized cybercrime operations. As the attack surface continues to expand, so has the need for a more effective approach to security.

According to Cisco, a typical organization deploys some 50 different security devices and solutions in their network and data centers. Every new solution contributes an incremental level of security; however, it increases network complexity exponentially. The challenge of effective security is not what to secure, but how to manage it?

The answer is keeping it simple. Security that is integrated, automated and simple to manage will be foundational to the success of digital businesses as they work to deliver protection from the network to the mobile user and the cloud — wherever employees work and data resides.

Did I mention automation? David Ulevitch, VP Cisco Security Business Group, discussed automation. His view is that the only way to win the cyber war is through automation: let the machines run the machines.

This is the path to effective security. It’s a continuous process, not a one-time effort.

[You might also like: Validating Cisco’s Threat-Centric Security Solutions]

Cloud Is the Secret Weapon

The secret weapon in our security toolbox is the cloud. Why? Here are few arguments:

a) Cloud offers elastic and unlimited resources. You can use compute and storage for data collection and analytics to look at user behavior. This helps you make the right security decision per user, per transaction or per location.

b) Cloud offers the ideal management and control for all enterprise applications – on premises and in the cloud.

Look for cloud as an integrated solution. If the vendor offers you APIs – move on. You do not have the time or the resources to use APIs.

ACI at New Heights

I recall John Chamber’s keynote from Cisco Live 2015, where he admitted that Cisco was late in identifying the SDN (Software-Defined Network) market. John promised that Cisco was going to fix that. Indeed Cisco introduced its flavor for software-defined networking called Application Centric Infrastructure (ACI). ACI is Cisco’s foundation for the Software Defined Data Center (SDDC) initiative.

At the event, Cisco announced that it further expands ACI – turning it from a pure data center solution to a multi-site solution. Cisco introduced multiple data-center automation tools, further empowered its ACI ecosystem with more than 65 technology partners and launched a new ACI marketplace so users can share their ACI applications and blueprints.

Why Cisco leaders believe that ACI will win the SDDC market? Because it is application-centric and introduces operational simplicity. Did I mention automation?

ert_2016-17_cover-2

Read the 2016–2017 Global Application & Network Security Report by Radware’s Emergency Response Team.

Download Now