SAN FRANCISCO -- Avi Networks today announced that is has shipped software release v.15.2 of its software-defined ADC (Load-Balancer), with new capabilities such as the Continuous Security Insights (CSI) Module that help enterprises constantly evaluate their security posture and quickly mitigate application vulnerabilities and attacks. Building upon Avi’s self-service provisioning, the new CSI module makes it dead-simple for enterprise infrastructure consumers such as DevOps professionals, application developers and testers, and cloud architects to configure and provision advanced application security features themselves, thereby greatly alleviating the burden on the enterprise IT network and security administrators.
Security features on legacy ADC appliances were designed for configuration and provisioning by security experts. As a result, the network administrators that manage ADCs rarely enabled most of the advanced security functionality. With 100% REST API support for every feature, a true software-defined architecture and integrated applications analytics, Avi enables on-demand, elastic network services that can be provisioned by not only network admins but also by non networking experts such as application developers. Avi’s advantages over legacy ADC appliances has enabled Avi to accelerate customer acquisition and deploy its solution at several large scale cloud and SDN projects at Fortune 1000 enterprises and Cloud Service Providers.
“Lack of application visibility and usable, real-time information have left many network administrators in a state of inaction when it comes to proactive management of network security,” said Brad Casemore, research director for datacenter networking at IDC. “Avi’s approach arms enterprises with actionable insights that enable them to implement a more dynamic, real-time system for network and application security.”
A recent example was with the disclosure of the POODLE SSL attack, designed to exploit vulnerabilities in the many Internet-based systems still running SSL 3.0 encryption protocol. While the solution was relatively simple – reconfigure all systems to turn off SSL 3.0 – network admins no way of understanding the full impact of this network-wide reconfiguration, including possibly damaging end-user experiences on websites and other public-facing apps.
By comparison, by collecting and analyzing hundreds of telemetry data points from users, networks, and computing systems, Avi's CSI module can analyze the impact of making a change, e.g. turning off SSL v3, before it's enacted, with specific information about the impact to users and applications. The Avi Continuous Security Insights (CSI) solution delivers these advantages across three, interrelated functions that form a full security lifecycle management.
1. Inspect: Constantly analyzes security configurations and user-to-application traffic to detect vulnerabilities, attacks and anomalies.
2. Inform: Notifies admins about the real-time security posture via alerts, logs and simple to understand metrics such as a SSL Score, DDoS Score, Security Insight and overall application health score.
3. Mitigate: Takes proactive measures against anomalous behavior ranging from simple penalties for spurious transactions to traffic rate-limiting or blocking users for more serious threats.
The Avi ADC v15.2 software is currently in pilot trials at several large financial services and e-commerce companies as well as a number of cloud service providers.