F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Similar documents
BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

F5 Synthesis Information Session. April, 2014

KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer

DATACENTER SECURITY. Paul Deakin System Engineer, F5 Networks

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SECURE YOUR APPLICATIONS, SIMPLIFY AUTHENTICATION AND CONSOLIDATE YOUR INFRASTRUCTURE

Herding Cats. Carl Brothers, F5 Field Systems Engineer

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Securing and Accelerating the InteropNOC with F5 Networks

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

ADC im Cloud - Zeitalter

Comprehensive datacenter protection

Pulse Secure Application Delivery

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

haltdos - Web Application Firewall

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

Check Point DDoS Protector Introduction

Web Applications Security. Radovan Gibala F5 Networks

Intelligent and Secure Network

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Advanced threats. "Software defined" everything. Internet of Things. SDDC/Cloud. HTTP is the new TCP. Mobile. F5 Networks, Inc 2

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Securing the Cloud. White Paper by Peter Silva

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Business Strategy Theatre

F5 Networks Defence Methodiken auf Transportund Applikationsebene. Specialist SE - Security

Corrigendum 3. Tender Number: 10/ dated

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

THUNDER WEB APPLICATION FIREWALL

Security Overview and Cisco ACE Replacement

Brocade Application Delivery

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Future-Proof Your Hardware Investment PRESENTED BY:

Overview. Application security - the never-ending story

Providing Secure, Fast and Available

Czas na nowe platformy sprzętowe F5! Dlaczego są to najbardziej programowalne urządzenia ADC na rynku

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Securing the Next Generation Data Center

AKAMAI CLOUD SECURITY SOLUTIONS

Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

Key Considerations in Choosing a Web Application Firewall

Sichere Applikations- dienste

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

GOING WHERE NO WAFS HAVE GONE BEFORE

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Security for the Cloud Era


Imperva Incapsula Website Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

O365 Solutions. Three Phase Approach. Page 1 34

Technical and Service Provider Breakouts

Imperva Incapsula Product Overview

Disclaimer CONFIDENTIAL 2

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Configuring BIG-IP ASM v12.1 Application Security Manager

F5 Big-IP Application Security Manager v11

Maximum Security, Zero Compromise in Availability and Performance

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

OWASP TOP OWASP TOP

F5-Networks Application Delivery Fundamentals. Download Full Version :

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Dynamic App Services in Containerized Environments

Advanced Diploma on Information Security

F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures

Web Application Penetration Testing

Web Application Firewall

A10 DDOS PROTECTION CLOUD

August 14th, 2018 PRESENTED BY:

Ethical Hacker Foundation and Security Analysts Course Semester 2

Large FSI DDoS Protection Reference Architecture

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Brocade Application Delivery

Advanced Techniques for DDoS Mitigation and Web Application Defense

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Optimize and Accelerate Your Mission- Critical Applications across the WAN

All-in one security for large and medium-sized businesses.

Brocade Virtual Traffic Manager and Parallels Remote Application Server

Imma Chargin Mah Lazer

Solutions Business Manager Web Application Security Assessment

Ethical Hacking and Prevention

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

The Interactive Guide to Protecting Your Election Website

Transcription:

F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com

Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache Poisoning parameter tampering excessive GET/POST SSL renegotiation malware CSRF redirected traffic slowloris sockstress attack Trojans ICMP Flood HashDos privilege escalations smurf attack SQL Injection spear phishing CVE UDP flood DNS malformed packet syn flood brute force recursive GET social engineering URL tampering HTTP fragmentation web scraping ping of death DNS Amplification Phishing XSS key loggers 2

The Growing Complexity of Application Attacks Webification of apps 71% of surveyed 69% of all experts predict most work will be done via web-based or mobile apps by 2020 Americans use web apps 1M Cost of single cyber attack can be well above $1,000,000 Evolving security threats 122 Successful attacks per week, Penomon Institute, Cost of Cyber Crime Study 1.5M Monitored cyber attacks in US, IBM Security Services, 2014 Cyber Security Intelligence Index 3

Attacks are Moving Up the Stack Network Threats 90% of security investment focused here Application Threats 75% of attacks focused here Source: Gartner 4

Some Firewall Vendors Would Have You Believe... Only those corporations that believe they have coding issues in their web applications need a WAF. Most developers have known production software issues Vulnerabilities result from defects and issues Most developers cannot also be web security experts Not scalable to address on per-application basis 5

Almost every web application is vulnerable! 97% of websites at immediate risk of being hacked due to vulnerabilities! 69% of vulnerabilities are client side-attacks - Web Application Security Consortium 8 out of 10 websites vulnerable to attack - WhiteHat security report 75 percent of hacks happen at the application. - Gartner Security at the Application Level 64 percent of developers are not confident in their ability to write secure applications. - Microsoft Developer Research 6

How long to resolve a vulnerability? Website Security Statistics Report 7

App Security not Addressed by Traditional Firewall Vendors Slowloris Site reconnaissance HTTP DOS Session hijacking Sensitive Data Cross site scripting (XSS) Leakage HashDOS Cookie injection and poisoning Cross site request forgery (CSRF) Web page scraping SQL injections Phishing attacks Brute force logins & forceful browsing GET Floods SSL-encrypted application attacks Protecting the application layer requires a Web Application Firewall (WAF) 8

F5 Security Strategy

We support the biggest 9 of the 47 of the top 10 US Airlines 29 of the top 30 US Commercial Banks Fortune 50 Companies 9 of the 10 of the top 10 US Wireless Carriers top 10 US Telecoms 10 of 10 of the the top 10 Global Brands top 10 Global Automotive Companies 9 of the top 10 Global Oil & Gas Companies 10

Application Delivery Firewall (ADF) Solution Protecting your applications regardless of where they live Bringing deep application fluency and price performance to firewall security One Platform Network Firewall Traffic Management Application Security Access Control DDoS Protection SSL DNS Security Web Fraud Protection EAL2+ EAL4+ (in process) 11

Full Proxy Architecture = Full Proxy Security Client / server Client / server Web application Web application Application Application SSL inspection and SSL DDoS mitigation Session Session L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation Network Network Physical Physical Application health monitoring and performance anomaly detection HTTP proxy, HTTP DDoS, and application security 12

Full Proxy Security Third party Client / Server Access Application SSL Client Server side side HTTP SSL HTTP HTTP proxy, HTTP DDoS, and Application Security SSL inspection & SSL DDoS mitigation Session L4 Firewall: full stateful policy enforcement and irules TCP DDoS mitigation Network Web Application TCP Web Application Proxy TCP IPv4/IPv6 Client / Server Traffic management microkernel Application health monitoring and performance anomaly detection OneConnect App FW F5 s Approach Network Physical TMOS traffic plug-ins High-performance networking microkernel Powerful application protocol support Session icontrol API High-performance HW Application Physical icontrol External monitoring and control irules Network programming language 13

Benefits of Full-Proxy Architecture WAF WAF HTTP Rule Rule HTTP SSL renegotiation SSL Rule Rule SSL SYN flood ICMP flood TCP Rule Rule TCP Slowloris attack XSS Data leakage Network firewall 14

Comprehensive Application Security Virtual Patching Network DDoS Protection Network Access Application Access DNS DDoS Protection Fraud Protection SSL DDoS Protection Network Firewall Web Application Firewall Application DDoS Protection 15

Choose the Right Web Application Firewall (WAF) Solution Provide transparent protection from ever-changing threats Secure against the OWASP top 10 and targeted zero-day threats Offer bot detection measures Enable DAST integration and virtual patching to reduce risks from vulnerabilities Provide positive/negative security, L7 DoS protection, and IP reputation Server response generated Support dynamic intelligent services WAF Request made Secure response delivered Vulnerable application Firewall applies security policy Firewall security policy checked 16

BIG-IP Application Security Manager Powerful Adaptable Solution Provides comprehensive protection for all web application vulnerabilities, including (D)DoS Logs and reports all application traffic and attacks Educates admin. on attack type definitions and examples Enables L2->L7 protection Unifies security, access control and application delivery Sees application level performance Provides On-Demand scaling 17

ASM and SSL SSL Offload ASM can do SSL termination and Offload SSL traffic from Web Servers SSL key exchange done by hardware SSL bulk encryption done by hardware End-to-End Encryption Centralize certificate management

Choosing the Right Platform Good, Better, Best Platforms 25M 2000 series* 200M 4000 series 1Gbps 5000 Series 3Gbps 7000 Series Virtual 5Gbps New 10Gbps 10000 Series 11000 Series Physical F5 virtual editions F5 physical ADCs Provide flexible deployment options for virtual environments and the cloud High-performance with specialized and dedicated hardware Virtual ADC is best for: Physical ADC is best for: Accelerated deployment Maximizing data center efficiency Private and public cloud deployments Application or tenant-based pods Keeping security close to the app Lab, test, and QA deployments New VIPRION 2200 Fastest performance Highest scale SSL offload, compression, and DoS mitigation An all F5 solution: integrated HW+SW Edge and front door services Purpose-built isolation for application delivery workloads *Note: 2000 Series appliances is not offered with Better or Best bundles VIPRION 2400 VIPRION 4480 VIPRION 4800 Hybrid Physical + virtual = hybrid ADC infrastructure Ultimate flexibility and performance Hybrid ADC is best for: Transitioning from physical to virtual and private data center to cloud Cloud bursting Splitting large workloads Tiered levels of service 19

Built for intelligence, speed and scale Users Resources Concurrent user sessions 200K Concurrent logins 3,000/sec. Throughput 640 Gbps Concurrent connections 288 M DNS query response 12 M/sec SSL TPS (2K keys) 240K/sec Connections per second 12.2 M

Working with Other Security Technologies Ensuring the best protection requires a multi-vendor approach ENDPOINT INSPECT/AV CERTIFICATES ENCRYPTION MOBILE OS SIEM MOBILE DEVICE MANAGEMENT DAST SECURITY CHANGE MANAGEMENT MULTI-FACTOR AUTHENTICATIO N FIPS/HSM SECURITY WEB ACCESS MANAGEMENT DATABASE FIREWALL DNS SECURITY WEB AND AND SBS SAAS SECURITY 21

F5 Reference Architectures Real solutions for real problems High Performance IPS S/Gi Network Simplification DDoS Protection Benefits Security for Service Providers LTE Roaming Web Fraud Protection Migration to Cloud Application Services Intelligent DNS Scale Cloud Federation DevOps Cloud Bursting Secure Web Gateway Minimize deployment times Reduce security design costs Strengthen security posture F5F5 Agility Networks, 2014 Inc. 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback