Intelligent and Secure Network

Similar documents
F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Automating Security Response based on Internet Reputation

IBM Security Network Protection Solutions

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

AKAMAI CLOUD SECURITY SOLUTIONS

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

August 14th, 2018 PRESENTED BY:

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

with Advanced Protection

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

F5 Synthesis Information Session. April, 2014

DDoS MITIGATION BEST PRACTICES

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

haltdos - Web Application Firewall

Compare Security Analytics Solutions

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Behavioral Analytics A Closer Look

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Symantec Ransomware Protection

Chapter 4. Network Security. Part I

RSA INCIDENT RESPONSE SERVICES

Encrypted Traffic Security (ETS) White Paper

HELP ME NETWORK VISIBILITY AND AI; YOU RE OUR ONLY HOPE

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Use Cases. E-Commerce. Enterprise

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA INCIDENT RESPONSE SERVICES

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Endpoint Protection : Last line of defense?

Your network is your business lifeline. Protect it. LEVEL 3 ADAPTIVE NETWORK SECURITY

Intrusion Detection by Combining and Clustering Diverse Monitor Data

Agile Security Solutions

Ethical Hacking and Prevention

Be certain. MessageLabs Intelligence: May 2006

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

NETWORK THREATS DEMAN

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

6 KEY SECURITY REQUIREMENTS

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

IDS: Signature Detection

A Unified Threat Defense: The Need for Security Convergence

Building Resilience in a Digital Enterprise

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Cisco Intrusion Prevention Solutions

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

JUNIPER SKY ADVANCED THREAT PREVENTION

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Seceon s Open Threat Management software

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Certified Ethical Hacker (CEH)

Evidence-based protection of web resources a must under the GDPR. How the Akamai Intelligent Platform helps customers to mitigate risks

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Gladiator Incident Alert

The Top 6 WAF Essentials to Achieve Application Security Efficacy

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

CloudSOC and Security.cloud for Microsoft Office 365

Cisco s Appliance-based Content Security: IronPort and Web Security

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Un SOC avanzato per una efficace risposta al cybercrime

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

The Interactive Guide to Protecting Your Election Website

IBM Next Generation Intrusion Prevention System

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Juniper Sky Advanced Threat Prevention

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Optimizing Security for Situational Awareness

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

8 Must Have. Features for Risk-Based Vulnerability Management and More

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

THE ACCENTURE CYBER DEFENSE SOLUTION

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Protect vital DNS assets and identify malware

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Security Gap Analysis: Aggregrated Results

Protection - Before, During And After Attack

IBM Cloud Internet Services: Optimizing security to protect your web applications

Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

Transcription:

Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com

2 Agenda Welcome & Intro Introduce F5 IP Intelligence Offering Security challenges Intelligent Network Global Delivery Intelligence IP Intelligence service Q & A

3 Security Challenges 54% A Denial of Service tool using SSL/TLS showed the of hacking breaches potential for an everyday laptop in larger organizations on an average connection to occur happen at the take down an enterprise web web application server We still see SQL Injection as a choice point of entry for attacker Threat detection today hinges on two elements: identifying suspicious activity among billions of data points, and refining a large set of suspicious incidents down to those that matter Anonymous proxies have steadily increased, more than quadrupling in number as compared to three years ago. The most significant change we saw in 2011 was the rise of hacktivism against larger organizations worldwide

4 The Shift To The Intelligent Network We want to leverage the business data We need to approach security different Users expect a better experience Business Analytics Evolving Threats Personalized Experience

5 Context leverages information about the end user to improve the interaction Who What Who is the user? What devices are requesting access? When are they allowed to access? How Where eeae are they eycoming from? Where How did they navigate to the page/site? When

6 What s Required To Build Context Capture Analyze Classify Events Analysis Action

7 New Subscription Services Global Delivery Intelligence

Locate IQ Intelligence 8 Trust IQ Intelligence Subscription Free IP Intelligence Today Free Location Service Context Fast Available Secure An ecosystem of cloud-based services to make better network decisions.

Trust IQ Intelligence Locate IQ Intelligence xxx IQ Intelligence 9 xxx IQ Intelligence Subscription IP Intelligence Free Today Free Location Service Roadmap Context Fast Available Secure An ecosystem of cloud-based services to make better network decisions.

10 IP Intelligence: Defend Against Malicious Activity and Web Attacks We need to approach security different Enhance automated application delivery decisions adding better intelligence and stronger security based on context. Layer of IP threat protection delivers context to identify and block IP threats using a dynamic data set of high-risk IP addresses. Visibility into threats from multiple sources leverages a global threat sensor network Deliver intelligence in a simple way reveals inbound and outbound communication Evolving Threats Real-time updates keep protection at peak performance refreshing database every five minutes.

11 IP Intelligence Reputation Deny access to infected IPs Scanners Probes, scans, brute force Windows Exploits Known distributed IPs Denial of Service DoS, DDoS, Syn flood Web Attacks IPs used for SQL Injection, CSRF Phishing Proxies Phishing sites host BotNets Infected IPs controlled by Bots Anonymous Proxies Anon services, Tor

Security Landscape 12 Network-based Threats Web-based attacks Anonymization: click fraud, malware, scraping and hacking Zombies hired for DOS attacks Website vulnerability probing Windows exploits High volume of exploiters, probers Scanners Probing across TCP ports and sensors Botnets Command and Control Zombie behavior Malware Security Implications Changing threat landscape Proliferation of malware, hacking, virus Malicious ecosystem growing Evolving attack motivations Evolved from notoriety to profit Profit leads to sophisticated attacks Enterprises have limited visibility & constraints Each has view on threat landscape Existing infrastructure under severe operational pressure Threat landscape requires Increase security posture Reduce appliance processing time Appliance leverages added layer of security intelligence

Threat Categories - IP Intelligence Protection 13 Categories Windows Exploits Web Attacks Botnets Scanners Denial of Service Reputation Phishing Exploits Windows exploit category includes active IP Address offering or distributing malware, shell code, rootkits, worms or viruses Web attacks category includes cross site scripting, iframe injection, SQL injection, cross domain injection or domain password brute force Botnet category includes Botnet C&C channels and infected zombie machine controlled by Bot master Scanners category includes all reconnaissance such as probes, host scan, domain scan and password brute force Denial of Services category includes DOS, DDOS, anomalous syn flood, anomalous traffic detection Deny access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points Phishing category includes IP addresses hosting phishing sites, other kind of fraud activities such as Ad Click Fraud or Gaming fraud Proxy Proxy category includes IP addresses providing proxy and anonymization services. This category also includes TOR anonymizer IP addresses

14 IP Intelligence Overview Service Module IP Intelligence Dynamic Threat IPs All BIG-IP appliances Near-real-time updates (up to 5min intervals) Dramatically reduces system loads Subscription-based service IP Intelligence Highlights Developed from customer-driven demand Ever-increasing i volume of threats Improves security stopping known bad traffic Static and publicly available Black Lists are insufficient Compelling value Better appliance efficiency reducing network traffic Value-add layer of IP-based security Faster threat response with near-real-time updates Provisioned across Multiple Threat Types Delivering Dynamic Updates in near real-time

IP Intelligence How it works 15 Fast IP update of malicious activity Global sensors capture IP behaviors Threat correlation reviews/ blocks/ releases KeyThreats Sensor Techniques Semi-open Proxy Farms Web Attacks Reputation Windows Exploits Botnets Scanners Network Attacks DNS Exploit Honeypots Naïve User Simulation Web App Honeypots Third-party Sources

IP Intelligence Identify and allow or block IP addresses with malicious activity 16 IP Intelligence Service? Scanners Internally infected devices and servers Use IP intelligence to defend attacks Reduce operation and capital expenses

17 IP Intelligence Use Cases for BIG-IP Use Cases Threat Prevention Scenarios Benefits Malicious Inbound Connection Attempts Rejecting inbound connection attempts from known Threat IPs Automatically update real-time feeds Improve security and performance Enhance perimeter security Mitigate DoS attacks Increase device throughput Malicious Outbound Communications Packet Parsing Reduction Block outbound communications from infected endpoints (i.e., zombies) to botnet networks Reduce processing time (e.g., form input parsing and validation overhead) by blocking sites from known Threat IPs Reduce security risk Prevent frauds Prevent information leakage Increase performance and scalability of protected applications Anonymization Prevention Block inbound connections from anonymous Increase security and performance of proxies device Prevent frauds Phishing Protection Botnets Protect high-value websites by preventing access of site objects by phishing sites, or by any non end-user source Block botnet C&C channels and infected zombie machine controlled by Bot master for DoS and other attacks Increase availability and performance of protected servers/applications Prevent frauds Improve security and performance Enhance perimeter security Mitigate DoS attacks Increase device throughput

18 irules Availability for IP Intelligence All BIG-IP Systems

Easily Configure Violation Categories IP Intelligence Service Management in BIG-IP ASM UI 19 Easily manage alarms and blocking in ASM Approve desired IPs with Whitelist Policy Building enabled for ignoring

IP Intelligence Violation Reporting 20 View and learn the current IP violations in BIG-IP ASM UI

21 Graphical Reporting Detailed chart path of threats in BIG-IP ASM

22 IP Intelligence Database and Limitations Database is refreshed as frequent as every 5 min Status is available in ASM UI Current Limitations: IPv6 is not supported

23 BIG-IP Global Delivery Intelligence: Key Points Intelligence-based predicted Threat IPs Based on observation, context and statistical modeling Aging & correlation of Threat IP data Broad-based threat identification Global l network of sensors addressing diverse use cases Threat IPs are catalogued and tracked indefinitely Cloud-based architected Global Delivery Intelligence: subscription-based service Real-time continuous updates Available throughout h t all BIG-IP IP systems Configurable in ASM UI Accessible from irules for all BIG-IP solutions

24 Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com http://www.f5.com/featured/video/ip-intelligence-service

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback