Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com
Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets and customers
GOAL Threat Intel DDoS Mitigation Defense in Depth Anti-Fraud L7 WAF / Signatures / Zero day Bot Defense Identity / Access SSL Offload
Web app attacks are the #1 single source entry point of successful data breaches Web App Attacks User / Identity Physical 11% 33% 53% Other (VPN, PoS, infra.) 3% https://f5.com/labs
But we still have a lot of other exposure Web App Attacks User / Identity 33% 53% Physical 11% Other (VPN, PoS, infra.) 3% https://f5.com/labs
GDPR CHALLENGE SOLUTION Unauthorised access affecting confidentiality and integrity of data Malicious access attempts Least privilege violations User password fatigue Lack of endpoint visibility Phishing attacks Malware on client endpoints Bot disruption Secure authentication Multi-Factor Authentication (MFA) Federation SAML 2.0 / OAuth 2.0 Granular and context-aware access Single sign-on (SSO) Endpoint detection and protection Phishing detection Credential theft prevention
Unauthorised access affecting confidentiality and integrity of data Authentication Browser Device type and integrity Location OS Operating system Access method Network integrity Network quality and availability v3.1 App location App importance and risk App type / version Connection integrity
SOLUTION 1 Risk-based policy protection Allow Deny Challenge OTP Client cert. North Korea User ID Location Endpoint Device health Device type Malware Sensitive data Human Low-Value App Public Cloud IaaS Allow Deny Challenge OTP Client cert. Finland User ID Location Endpoint Device health Device type Malware Sensitive data Human Enterprise Data Center High-Value App
SOLUTION 2 Online Customers Man-in-the- Browser Attacks A Copied Pages and Phishing Credential protection B Online Customers Network Firewall Credential protection Encryption Account Amount Transfer Funds Automated Transactions Online Customers Security Operations Center C
SOLUTION 3 Application Infrastructure Corporate Users Federated identity for cloud access Users MFA VPN SSO Context- Based Auth Attackers SAML 2.0 OAUTH 2.0 Access Protection Directory Services Applications Office 365 Google Apps Salesforce SaaS Providers Federation
A broad consensus on the most critical web application security flaws
Apps are the gateways to data TRADITIONAL NEW PERIMETER App APP SSL SSL SSL NETWORK PERIMETER SSL-visible, Location-independent, Sessionbased, Continuous trust verification, Strategic control points, Application availability PER-APP / PER-USER PERIMETER IT S TIME TO RETHINK SECURITY ARCHITECTURES
GDPR CHALLENGE SOLUTION Cyber attacks on vulnerable web apps affect confidentiality, integrity, and availability OWASP Top 10 threats Credential stuffing Malicious bots L7 DDoS attacks Session hijacking Advanced Web application Firewall (WAF) Session tracking to identify bad actors Virtual patching to block attacks on vulnerable code Bot detection and prevention DAST integration Data cloaking
SOLUTION Private/Public/ Hybrid/Service Web application firewall, cloud or on-premises Legitimate User OWASP Top 10, BOT protection, L7 DDoS, API Protection Web Application Firewall Services Private/Hybrid Cloud Hosted Web App Physical Hosted Web App Attackers Public Cloud Hosted Web App Third-Party DAST VA/DAST Scans
Secure Expedient Effective
WAF IPS NGFW Multiprotocol Security * IP Reputation * Web Attack Signatures * Web Vulnerabilities Signatures * Automatic Policy Learning * URL, Parameter, Cookie, and Form Protection * Leverage Vulnerability Scan Results * Browser Fingerprinting Protection against Layer 7 DDoS Attacks Pro-active Modification of Application Requests/Responses Advanced Protection for Web Services (SOAP, XML, AJAX) = Good to very good = Average or fair = Below average * Source: Gartner "Web Application Firewalls Are Worth the Investment for Enterprises"
Security programs are journeys of evolution Ongoing diligence and constant refinement
Asiantuntija on henkilö, joka on tehnyt kaikki mahdolliset virheet hyvin kapealla alalla -Niels Bohr-
Opiskelu ilman ajattelua on hyödytöntä. Ajattelu ilman opiskelua on vaarallista. -Kungfutse-