Yaron Azerual creates the planning, positioning and go-to-market strategy of Radware’s application delivery solutions.
Historically, application delivery controllers (ADCs) were ubiquitous hardware-based appliances seen in data centers for the sole purpose of load balancing. However, the role of ADCs has been expanding to keep in lock step with the ever-growing needs of the IT professional.
Growing way past their original purpose, ADCs have now been operating in a less narrow function. Enterprises both large and small are using them for network-level security tasks such as firewalling and network segmentation. This alone, indicates that ADCs have a role within network engineering and operations. Programmable interfaces on the ADC are also being used by DevOps to help align application requirements with ADC capabilities for performance tuning, application monitoring, and security.
ADCs are also used for Web Application Firewalls (WAFs) to protect critical applications from various attacks such as SQL injections, cross-site scripting and buffer overflow attacks. As network managers strive to meet or exceed application service-level agreements (SLAs), a common challenge has been security problems that challenge these professionals to maintain their application SLAs.
But why make ADCs another layer of network security for defense? Some see it as a last line of defense should a malicious attack penetrate the network perimeter. At the perimeter of the data center, one would often find defense tools at the network level, such as firewalls, DDoS protection systems, IPS/IDS solutions, etc. It makes sense to place application-oriented protection systems such as a WAF closer to the applications with dedicated devices and optimized security policy per application. While this is a logical defense-layered approach to defending the applications in the data center, it is still far from perfect.
ADCs as Last Layer of Defense Not Good Enough
Imagine a hacker that has managed to penetrate a data center’s first level of defense, and reaches the application’s ADC, trying to find a vulnerability in that application. Assuming the security team has done a good job at defining the security policy on the ADC’s WAF function, this specific application will remain safe, for now. However, as the hacker passes perimeter defenses, they now have carte blanche to find additional vulnerability points in that application or others within the data center. Now, it’s just a matter of time until the hacker succeeds.
Where Should We Go From Here?
While adding more security layers to the data center and its applications improve the level of protection per application, there must be a tighter level of cooperation between those defense layers to ensure attackers remain outside the data center - regardless of which layer of defense has detected an attack or security breach.
For example, if the ADC’s WAF module detects an attack on an application, it should immediately propagate this information to the datacenter’s perimeter defense systems with a detailed network layer signature of the attack source so that any subsequent attack attempts from that source will be blocked outside the datacenter’s network. The result would not only be increased security for that specific application, but for other applications in that data center, which may very well have been the next target for attack.
Ultimately, once the attack traffic is blocked at the data center’s perimeter, application service levels improve as all attack traffic is offloaded from the data center’s and application’s infrastructure, allowing it to provide faster and smoother service for legitimate users.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.