You are on page 1of 2

Comprehensive SOA & Web Firewalling

Web Services and Web Application Firewalling in a Single Solution S

Protect your applications from external XML/SOAP, REST/JSON and HTML attack /SOAP,
The Layer 7/Citrix solution offers: XML and HTML attack protection Content switching Message validation Protocol transformation DoS/XDoS protection WS*/WS-I support SQL injection/X-site scripting protection Request/response validation SSL offloading Content-based routing XML response caching Load balancing for XML Gateways TCP and applicationlevel rate limiting HTML continues to be the lingua franca of the Internet, but XML and related Web 2.0 technologies are increasingly at the root of emerging Web-based service offerings. Ensuring a high level of security and performance for all forms of internet internet-based traffic requires specialized control and monitoring capabilities. However, neither traditional Web application nor Web services develope are security developers experts. Even those that have security training are hard pressed to ensure enterprise enterprise-class security is properly implemented in the face of ever narrowing development schedules. ever-narrowing For this reason, Layer 7 and Citrix have partnered to offer a solution that gives enterprises the security enterprise and visibility they require to manage not only HTML, but also XML (and increasingly) JSON traffic, ensuring they can properly govern how traditional Web applications, as well as SOA and REST-based REST Web services get consumed inside the organization, and how application APIs get exposed to external departments, partners and other third parties. By deploying the Layer 7 SOA Gateway in conjunction with Citrixs NetScaler Load Balancer and Web Application Firewall organizations can benefit from comprehensive content protection and visibility for Firewall, both XML-based Web Services traffic and HTML based HTML-based Web traffic.

Securing the Enterprise

The Layer 7 SOA Gateway minimizes risks associated with the use of SOAP and REST-based Web services. REST By implementing a Layer 7 Gateway at the edge of the enterprise, organizations are protected from the consumption of potentially harmful XML content, and secured against private data leaving the organization via rogue Web services calls calls. The Layer 7 Gateway acts as a policy-driven identity and security enforcement point to addresses a e driven broad range of behind the firewall, SOA, B2B API management and Cloud security challenges. With B2B, support for all leading directory, identity, access control, S Single Sign-On (SSO) and Federation services, On (SS Layer 7 provides unparalleled flexibility in defining and enforcing identity driven security policies, identity-driven policies leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI). Support for all major WS* and WS security protocols provides enterprise architects with advanced rt WS-I policy controls for specifying message and element security rules, including the ability to branch policy based on any message context. Layer 7 also ensures enterprise application and infrastructure services prise are protected again malicious attack or accidental damage due to poorly structured data data. Key storage, encryption and management operations can be handled in a FIPS 140-2 certified Hardware 140 Security Module (HSM) onboard the appliance, or optionally through network attached HSM.

To learn more about Layer 7 and how it can address your organizations needs, call 1-800-681-9377 (toll free within North America) or +1.604.681.9377. You can also email us at; friend us on; visit us at, or follow-us on twitter @layer7.

Layer 7 and Citrix Synergy

Layer 7s SOA Gateway deployed in conjunction with Citrixs NetScaler Load Balancer and Web Application Firewall provides comprehensive, in-depth analysis of all digital content entering an f organizations network NetScaler delivers protection for HTTP data and automatically profiles expected network. behavior by inspecting HTTP requests. NetScaler identifies XML traffic and automatically routes it to the r Layer 7 Gateway for further inspection and processing. Specific policies for securing, managing and eway monitoring XML can be defined using the Layer 7 Policy Manager Manager. By centralizing security for all Web applications and Web services, organizations can simplify security management and implement consistent security across the enterprise, with complete separation of each , applications security policies, controls, reporting details and log data data. Both Layer 7 and Citrix offer hardware and virtualized appliance platforms for on-premise and cloudce based solutions.

Key Features
Web Application Firewall Load Balancing Improved application performance Provides a positive security model to secure against attacks that are difficult to protect with constant signature updates Optimizes application and database server availability through advanced L4 L7 load balancing and traffic management Lowers response times by offloading compute-intensive tasks, such as TCP connection management, SSL encryption and compression from Web servers Support for leading identity, access management, SSO and federation systems Support for Web/browser-based SSO Credential chaining, credential remapping and support for federated identity Integrated STS/SAML issuer featuring support for SAML 1.1/2.0 authentication, authorization and attribute based policies and Security Context Tokens Integrated PKI CA for automated deployment and management of client-side certificates, and integrated RA for external CAs (including Verisign) Support for all major WS* and WS-I security protocols, including WS-Security, WSSecureConversation, WS-SecurityPolicy, WS-Trust, WS-Secure Exchange, WS-Policy and WS-I Basic Security Profile Optional onboard HSM, and support for external HSMs (i.e., nCipher, Luna, etc) Support for elliptic curve cryptography (conforms to NSAs Suite B algorithms) FIPS 140-2 support in both hardware (Level 3) and software (Level 1)
Protect against XML parsing, XDoS, cross-site scripting (XSS) attacks, SQL injection

Layer 7
Identity-based access to services and operations Manage security for cross-domain and B2B relationships Enforce WS* and WS-I standards Cryptography

Layer 7 + NetScaler
Threat Protection Full protection against both data theft and layer 4-7 denial of service Protection against XML content tampering and viruses in SOAP attachments Configurable validation & filtering of HTTP headers, parameters and form data Detection of classified or dirty words or arbitrary signatures with subsequent scrubbing, rejection or redaction of messages Support for XML, SOAP, POX, AJAX, REST and other XML-based services Traffic shaping at layers 3-6 of the network stack, and at layer 7 via rate limiting based on any number of factors, including type of consumer, user name, IP address, time of day, metered limits, service/ API endpoint, etc

Filter XML content for Web 2.0 and SOA

Comprehensive Class/ Quality of Service

To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at; friend us on; visit us at, or follow-us on twitter @layer7.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. This document contains forward-looking statements and is being provided for informational purposes only. It may not be incorporated into any contract.