Radware – Staying Ahead of the Bad Guys

Carl Herberger has gone from protecting his country on the battlefield to protecting his customers in cyberspace. As the Vice President of Security Solutions at Radware, Carl is very committed and passionate about security and that comes through very clearly in our interview.

In our discussion, Carl provides an overview of all of Radware’s products, and then focusses on some of the unique aspects of their security products – including their “Under Attack” crisis service. Carl also lays out what are the leading motivators for today’s cyber attackers and what Radware is planning and where they are investing, so that they can always stay a little bit ahead of the bad guys.

Let’s start with a little bit about yourself and your background.

I grew up in the military and my last tour of duty was dealing with security issues in the Pentagon. I have been involved in security since the late 1990’s and I very much take these issues to heart.  I truly find it very fulfilling, although sometime it is a bit frustrating, since we can never really reach a final destination. We are always chasing the bad guys – the better we get, the better they get. It is like an endless chess match.

Please tell me about Radware’s different products.

Our goal at Radware is actually pretty simple – we want to ensure that your applications are up and available, so that users can freely consume their corporate applications. We have been offering solutions for application availability for over 20 years.

We have a broad family of load balancing products, which monitor the availability of running applications and can adjust their performance.  They also provide seamless redundancy and the ability to rapidly scale up performance at peak usage times.

Our ADC (Application Delivery Controller) products provide an automated infrastructure so that system administrators do not need to manually identify and correct problems or performance issues that may arise.

In response to the rapidly changing environments that we are seeing, we offer our solutions in many different flavors for different platforms and with different performance parameters. Furthermore, our solutions are available on the full spectrum starting with pure hardware, through software, virtualized devices, and cloud-based services.

Are your software solutions available on the public clouds, such as AWS and Azure?

Good question [smile].  We recently announced the launch of our new Cloud DDoS Service for both AWS (Amazon Web Services) and Microsoft Azure.  This is a fully managed DDoS (Distributed Denial of Service) protection service with integrated, unified protection across both in-house data centers and public cloud environments. This is essentially an extension of our existing cloud WAF (Web Application Firewall) and Web Acceleration services.

One of your security solutions is SSL (Secure Sockets Layer) Attack Protection – but most people think of SSL as a solution not as a source of a problem.

Yes, that is true, but there are three major problems with SSL when analyzed from an attack perspective:

1. SSL only protects against entering into the secure tunnel, but behavior inside the tunnel is not evaluated. This is because it requires a lot of resources to do so. That means that if an attacker does manage to get inside the tunnel, it then has a free hand to create as much damage as it wishes.
2. The inbound SSL content problem. You need to evaluate encrypted documents for malware and not simply trust them just because they are being passed through a secure channel.
3. The outbound SSL content problem. Almost every form of malware infection requires outbound communication and this communication will often take place over the SSL channel, because attackers know that most companies don’t really check outbound communication.

Your web site prominently displays your “Under Attack” emergency DDoS service. How exactly does that work?

This is a one-time offer we make to companies who have never taken advantage of this service before and are not current customers of ours. We activate this service to help them stop and recover from the attack and to get back up and running.

Specifically, we will do whatever needs to be done in order to get them back up.  This includes diverting their traffic to our cloud where we can scrub the data or even shipping hardware to their data center to scrub some data there as well. The strategy and tactics really depend on each particular situation.

The process typically runs over the course of one week and costs about $30,000. That may sound like a lot of money, but for many industries where the whole business is the web application, it is really just a drop in the bucket compared to how much money they lose every minute (or second!) that the application is down.

How do you define your market? Who is your specific target audience within that market?

Our market is any business where even a second of outage is significant.  That includes things like:

• Stock exchanges
• Communication carriers
• eCommerce

For many companies that in the past didn’t have high uptime requirements, their business model has changed and now uptime is a very serious issue for them.  More and more companies run everything online – and that is before we start talking about the Internet of Things (IoT) such as devices, planes, cars, etc. Today these companies need to have constant and secure communications with all of these devices. We are seeing explosive growth in the fields of logistics, manufacturing, healthcare, and even education (because of distance learning).

How do you see cloud and mobile technologies affecting security products such as yours?

The growth of cloud computing and of mobile devices are the major drivers for the application delivery and security industries and are changing everything. The Internet of Things and virtualization are also major drivers. These developments affect architecture, design, security, compliance, and availability.

What methods do you normally use to attract and engage with new customers?

It is a little hard to say, since the landscape is always changing. Specifically, the motives of the attackers are always changing, which means that their targets are also changing.

The #1 motive of attackers this year is criminal – specifically, Ransom Denials of Service (RDoS), where an attacker will message a particular site saying that if they don’t receive payment of $XX,XXX by a certain date, they will take down their site.

Other attacker motives include:

• Activism – Attacks in support of a particular cause.
• Cyber Warfare – Nation states trying to exert their influence and intercept the data of their enemies.
• Corporate Espionage – Attempts to access the proprietary data of competitors and/or try to take down competitor sites.

How many active customers do you have today? Where are they mainly located?

We currently have over 10,000 customers, located all around the world. In terms of revenues, it looks like this:

40% - North America
30% - Europe, Middle East, and Africa
30% - Asia (Largely China)

How do you see your tools as different and/or better than your competitors’?

Our main advantage is that we offer a single, unified toolset to address application delivery, load balancing, and security. In fact, many of the companies who would be considered competitors of ours actually use some of our solutions to provide their services.

How do you see the web security market evolving in the coming years?

Companies today are focused on moving to the cloud. Everything today is turning into an app in the cloud. What this means is that the classic enterprise only needs to worry about their applications and worry a lot less about security, because now the cloud providers (and/or hosting companies) are the ones that need to worry about performance and security.

What are some of the future plans for Radware?

In general, we are investing heavily in algorithms and deeper learning tools in order to identify malware and intrusions.

We just recently acquired a company named Seculert that has a unique attack detection and analytics platform. This will give us additional algorithms and tools for our security products.

How many employees do you have today? Where are they located?

We currently have about 1,000 employees.  About 400 of them are in our main R&D center in Tel Aviv, Israel and the remainder are more or less evenly split among our offices in North America, Asia Pacific, and EMEA (Europe, Middle East, and Africa).

How many hours a day do you normally work?  What do you like to do when you are not working?

When you love what you do, it is not really work. As I mentioned earlier, security is my passion and gives meaning to my life. My relationships with my customers go beyond just a vendor relationship – it is more like a doctor relationship. As a result, I tend to work very long hours. I think that a lot of our employees also have a similar sense of mission.

As a former air force officer, my background includes piloting aircraft. Previously, I worked as an aircraft accident investigator, and even in my leisure time, I remain actively engaged with aircraft-related activities.