Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Similar documents
F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Comprehensive datacenter protection

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Intelligent and Secure Network

Configuring BIG-IP ASM v12.1 Application Security Manager

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Imperva Incapsula Website Security

F5 Networks Defence Methodiken auf Transportund Applikationsebene. Specialist SE - Security

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

F5 Synthesis Information Session. April, 2014

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Unlocking the Power of the Cloud

ADC im Cloud - Zeitalter

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Comodo cwatch Web Security Software Version 1.6

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

WHITEHAT SECURITY. T.C. NIEDZIALKOWSKI Technical Evangelist. DECEMBER 2012

Vulnerability Assessment with Application Security

Sucuri Technical Overview

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

201 - TMOS TECHNOLOGY SPECIALIST

Corrigendum 3. Tender Number: 10/ dated

Security

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

BIG-IP Application Security Manager : Getting Started. Version 12.1

Sichere Applikations- dienste

Security by Default: Enabling Transformation Through Cyber Resilience

AKAMAI CLOUD SECURITY SOLUTIONS

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Web Application Firewall

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Additional Security Services on AWS

Stakeholders Analysis

haltdos - Web Application Firewall

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Key Considerations in Choosing a Web Application Firewall

Beyond Blind Defense: Gaining Insights from Proactive App Sec

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

RSA Web Threat Detection

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

401 - SECURITY SOLUTION EXPERT

Comodo cwatch Web Security Software Version 1.6

F5-Networks Application Delivery Fundamentals. Download Full Version :

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

A GUIDE TO DDoS PROTECTION

303 BIG-IP ASM SPECIALIST

UTM 5000 WannaCry Technote

TRUE SECURITY-AS-A-SERVICE

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

The Evolution of : Continuous Advanced Threat Protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Endpoint Protection : Last line of defense?

Validating the Security of the Borderless Infrastructure

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Enabling Public Cloud Interconnect Services F5 Application Connector

Business Strategy Theatre

Trustwave Managed Security Testing

Cisco Firepower with Radware DDoS Mitigation

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Contents. Background. Use Cases. Product Introduction. Product Value

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

August 14th, 2018 PRESENTED BY:

Gladiator Incident Alert

Neustar Security Solutions Overview

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Security Operations & Analytics Services

Synchronized Security

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Security Challenges and

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY

Comodo cwatch Web Security Software Version 2.10

Information Security Specialist. IPS effectiveness

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Transcription:

Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com

Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware research Publications

Who we are?

F5 SOC Organization Vice-President Managers Customer Engagement Managers Architects DDOS Analysts WAF Analysts Anti-Fraud Analysts Malware Analysts Seattle Warsaw Tel-Aviv

F5 SOC Milestones 2013 Versafe acquisition 2014 F5 WebSafe release Seattle SOC launch Defense.net acquisition F5 Silverline Volumetric DDoS release 2015 Warsaw SOC Launch F5 Silverline Web Application Firewall release 2017 F5 Silverline WAF Express release Delivering 3 SOC services 24x7x365 Silverline DDoS mitigation, Silverline WAFaaS, Anti Fraud services

Anti-Fraud

Unlimited Expert Malware Analysis Assess damage, understand attackers and resolve vulnerabilities Specialized researchers and analyst at your service Analyzes any malware submitted including that detected by F5 Web Fraud Protection solutions Investigates and reports on malware including components, attributes, target, controls, purpose, etc.. Discovers indicators of compromise Identifies source and level of sophistication Helps prevent future malware attacks and eliminate risks associated with analyzing malware Always available 24x7 Malware Analysis Team Includes C&C shutdown services, and WebSafe C&C drop zone investigation

BIG-IP Fraud Protection Service Internet Organization s DMZ Web Application Online Users Internet WebSafe Components Via F5 irules Alert Server Cloud or on-premise

Phishing attacks

Malware detection

Citadel malware

External injections detection

Infected computers

Citadel domain availability

F5 Silverline DDOS protection

F5 Silverline proxy mode

F5 Silverline routed mode

Volumetric attacks real threat?

Mirai DNS Water Torture AUTHORITIVE DNS SERVER Unresponsive IOT BOT blabla.victim.com ISP S DNS SERVER AUTHORITIVE DNS SERVER Unresponsive AUTHORITIVE DNS SERVER Unresponsive AUTHORITIVE DNS SERVER Unresponsive

Mirai, Mirai, Mirai Take the focus off protocol attacks?

DDoS Future ImgSource: http://www.business2community.com/big-data/internetthings-iot-going-impact-business-01572401#ect94ktbwj7bzpyh.97 ImgSource: http://vavatech.pl/technologie/mobilne/android

Silverline WAFaaS

BIG-IP Application Security Manager Highest scaling & most flexible solution that provides transparent protection from ever-changing threats Best DAST integration & virtual patching to reduce risks from vulnerabilities Deploys as a full proxy or transparent full proxy (bridge mode) Industries best BOT detection measures Secures against the OWASP top 10 Request made BIG-IP ASM security policy checked Response inspection for errors and leakage of sensitive information Server response generated Secure response delivered BIG-IP ASM security policy checked BIG-IP ASM applies security policy Drop, block or forward request Application attack filtering & inspection SSL, TCP, HTTP DoS mitigation Vulnerable application BIG-IP Local Traffic Manager BIG-IP Application Security Manager

WAF as a Service F5 security experts proactively monitor, and fine-tune policies to protect web applications and data from new and emerging threats. Expert policy setup Policy fine-tuning Proactive alert monitoring False positives tuning Detection tuning Whitelist / Blacklist Set up and monitoring F5 Security Operations Center Expert Policy Setup and Management Availability & Support Active Threat Monitoring

Effective Policy Management Step 1: Deployment Phase Step 2: Building Phase Step 3: Learning Phase Step 4: Enforcement Phase: Step 5: Continual Tuning On Boarding Call is scheduled Set up an account Agree to an implementation plan Create a proxy environment for the application Analyze your applications Create and enable baseline policy for basic top security threats SOC analyzes app for security tuning per customer specifications Live traffic feeds ASM policy builder SOC tunes policies based on resolutions of WAF Violation Logs Virtual Patching via VA/DAST scans Enforcement call scheduled between customer and SOC Maintenance window is established Monitoring for False positives Follow call scheduled to obtain customer sign off Continual tuning based on WAF Violation Logs Resolution Periodic calls with customer Repeat Steps 2-5 as changes are made to the application

WAFaaS proxy mode

24x7 service, expert policy tuning

Web Scraping protection

Silverline WAF Express Predefined policies for different technologies Whitelisting available Low number of false-positives F5 SOC expertise during deployment phase

Threat Intelligence & Malware Research

F5 Threat Monitor

Fraud Targets

C&C Servers

Mobile Trojans

Phishing Sites

Threat Intelligence Statistics

Publications

F5 Newsroom https://f5.com/labs

Solutions for an application world. r.chrusciel@f5.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback