The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation &...
Transcript of The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation &...
![Page 1: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/1.jpg)
The F5 Security Blueprint for Extending the Defense Perimeter from On-Premises to the Cloud
Argon LAU Presales Consultant F5 Networks
#CLOUDSEC
![Page 2: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/2.jpg)
© F5 Networks, Inc 2
1
Today’s Attacks are
Complex and
Across the Protocol Stack
![Page 3: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/3.jpg)
© F5 Networks, Inc 3
![Page 4: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/4.jpg)
WEB APPLCIATIONS
© F5 Networks, Inc 4
![Page 5: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/5.jpg)
Generic malware, such as Zeus, infects a user’s device
The malware contains code designed to insert specific content to the browser session when
the user accesses specific sites The user requests the login page for Wells Fargo
This triggers the malware, which injects additional content to the browser
This information is sent to the legitimate web server as expected
This information is sent to the configured drop zone
*wellsfargo* add field *bankofamerica* add button, replace text *chase* add cc#, pin, remove text *telebank* send credentials *bankquepopulaire* …
The user enters the requested content and clicks Go
© F5 Networks, Inc
![Page 6: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/6.jpg)
6
SSL IS SECURITY GAP
© F5 Networks, Inc
… and the FW / IPS / NGFW / UTM vendors do not have a solution.
• Malware Attack • Phishing Attack • Web Defacement • Web Application Attack • SSL Attack • DNS Attack • DDOS Attack
![Page 7: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/7.jpg)
© F5 Networks, Inc 7
IN SECURITY, ARCHITECTURE IS KEY!!!
FULL PROXY
![Page 8: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/8.jpg)
Security Digital Air Gap
(Inherently more secure)
Outside “Untrusted”
Inside “Trusted”
HTTP SSL
HTTP SSL
FULL PROXY
© F5 Networks, Inc
![Page 9: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/9.jpg)
© F5 Networks, Inc 9
2
Today’s Network is
Way
Too Complex!
![Page 10: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/10.jpg)
Anti-DDoS WAF
Server
L3/4 FW
IDS/IPS
APT/ DLP
SSL Decrypter
Load Balancer
SSL Encrypter
A/V
???
???
???
???
Many Different Devices – Increased Risk
Many Hops - Increase latency
Complicated Troubleshooting
Capacity Increase affects All
TODAY’S SECURITY APPROACH
© F5 Networks, Inc
![Page 11: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/11.jpg)
Smart Consolidation is the way to go.
Fill the security gap
holistically using Full Proxy Architecture!
© F5 Networks, Inc
![Page 12: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/12.jpg)
Anti-DDoS WAF
Server
L3/4 FW
IDS/IPS
APT/ DLP
SSL Decrypter
Load Balancer
SSL Encrypter
A/V Anti-DDoS +
L3/4 FW LB +
SSL Offload + WAF
Less Devices to maintain / learn
Less Hops - Decreased latency
Simplier Troubleshooting
Fewer devices – Less Risk
Lower TCO 83%
SECURITY CONSOLIDATION WITH FULL PROXY
© F5 Networks, Inc
![Page 13: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/13.jpg)
© F5 Networks, Inc 13
3
Today’s DDoS Attacks Volume
is
Too Large
![Page 14: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/14.jpg)
Network Time Protocol (NTP) Attacks Zero to Huge in 3 months
NEW ATTACK VECTORS EMERGE:
© F5 Networks, Inc 14
![Page 15: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/15.jpg)
© F5 Networks, Inc 15
• DD4BC claims ~400 Gbps • Extortion demands of 1- 40 Bitcoin • FBI June 26 report – DD4BC Initially targeted at
illegal gaming/gambling, and now moving to legitimate businesses like Payment providers, banks and securities.
• UDP Amplification Attacks (NTP, SSDP, DNS); TCP SYN Floods; and Layer 7 attacks
April - June of 2015: emails sent to legitimate businesses with the threat of massive DDoS attacks
Sample from actual email
ATTACK THREATS: PAY UP OR ELSE!
![Page 16: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/16.jpg)
16
GARTNER ON DDOS – GO HYBRID!
© F5 Networks, Inc
Hybrid DDoS Protection: “Cloud + On-Premise” Makes the most sense.
![Page 17: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/17.jpg)
GO HYBRID
The combination of On-Prem Protection and Off-Prem
Cloud Services will enable organisations to get
Better & more Effective
Protection, Visibility and Control.
© F5 Networks, Inc 17 www.cloudsec.com | #CLOUDSEC
![Page 18: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/18.jpg)
© F5 Networks, Inc 18
HYBRID ARCHITECTURE WITH FULL PROXY SECURITY
Public Clouds
Remote User
Data Center
APPS
WORKER
IDENTITY
SaaS
Silverline • Integrity Services (WAF) • Availability Services (DDOS) SOC
HW/VE
VE
![Page 19: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/19.jpg)
Global Coverage
Fully redundant and globally distributed data centers world wide in each geographic region
– San Jose, CA US – Ashburn, VA US – Frankfurt, DE – Singapore, SG
Industry-Leading Bandwidth
• Attack mitigation bandwidth capacity over 2.0 Tbps
• Scrubbing capacity of over 1.0 Tbps
• Guaranteed bandwidth with Tier 1 carriers
24/7 Support
F5 Security Operations Center (SOC) is available 24/7 with security experts ready to respond to DDoS attacks within minutes
– Seattle, WA US
Frankfurt
Singapore
Ashburn
San Jose
Seattle (SOC)
GLOBAL COVERAGE
© F5 Networks, Inc
![Page 20: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/20.jpg)
Availability & Support
Expert DDoS Mitigation Policy Setup and Management
Active Threat Monitoring
Experts in DDoS Monitoring/Mitigation & WAF policy management
F5 Security Operations Center • Wealth of DDoS Monitoring and Mitigation experience from Defense.net acquisition.
• Experts in WAF Policy Setup, management and Mitigation of Web Application Threats
• Active Monitoring of worldwide threats • 24x7x365 Availability to work alongside with
customers for: – DDoS Mitigation and Remediation – Expert policy setup, Policy fine-tuning – Proactive alert monitoring – False positives tuning, Detection tuning – Whitelist / Blacklist Set up and monitoring
F5 SECURITY OPERATIONS CENTER
© F5 Networks, Inc
![Page 21: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/21.jpg)
© F5 Networks, Inc 21
HYBRID PROTECTION Combining the “resilience and scale” of the cloud with the “granularity and always-on capabilities” of on-premise.
Shun Signaling
Cloud (Silverline)
On-Premise (BIG-IP)
Unified Attack Command | Control
• Request for Service • IP List Management
![Page 22: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/22.jpg)
• Protects own backyard. Not all attacks are Full pipe.
• Protects against slow/low application layer attacks that may not trigger diversion into Cloud-based scrubber.
• Handles SSL or encrypted attacks where organisations may not be allowed to put SSL key in the cloud.
• Attacks are Blended. Protects against Web Application attacks like OWASP Top 10 (SQLi, XSS, CSRF), Zero-day vulnerabilities (Shellshock, POODLE, Heartbleed)
F5 On-Premise • Protects agasint Full Pipe attacks that
congest last mile. • Mitigate Volumetric attacks before
coming in an organisation’s data centre.
• Expertise from F5 SOC to react fast and mitigate effectively.
• Automatic Signalling and attack telemetry exchange between F5 On-premise and Silverline
F5 SilverLine
SUMMARY
© F5 Networks, Inc
![Page 23: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/23.jpg)
View on F5.com
“I just wanted to let you all know how extremely satisfied I am with the deployment procedure, management systems and support I received from… .
I can now surely say that F5 was an great choice for us and I'll gladly help out if you need a reference to onboard customers…
…., thanks for the explanations and looking after us ...thanks for all the detailed explanations that helped me drive my CTO, CEO and President to agree with my decision to go with F5-Silverline.
If you would like to have a quick call tomorrow or next week about our experience, I'd be more than glad to do so.”
-- A satisfied EMEA-based Trading Platform Customer
Key benefits of F5 • Protection against the largest attacks • Advanced and unique DDoS mitigation techniques • Team of industry expert DDoS fighters • Simple installation process
F5 Reference Architectures • Hybrid DDoS Protection
FOREIGN EXCHANGE TRADING PLATFORM
© F5 Networks, Inc
![Page 24: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/24.jpg)
View on F5.com
“The attacks are definitely getting larger and we know that trend will continue as the number of websites we support increases. That is why we are working with F5. When the big attacks come, we’ll be ready.”
Key benefits of F5 • Protection against the largest attacks • Advanced and unique DDoS mitigation techniques • Team of industry expert DDoS fighters • Simple installation process
F5 Reference Architectures • Hybrid DDoS Protection
-- Chris Fanini, Co-Founder and CTO, Weebly
F5 Silverline DDoS Protection
© F5 Networks, Inc
![Page 25: The F5 Security Blueprint for Extending the Defense ... · Experts in DDoS Monitoring/Mitigation & WAF policy management • Wealth of DDoS Monitoring and Mitigation F5 Security Operations](https://reader034.fdocuments.us/reader034/viewer/2022043002/5f7fa7a83f79764e8b4dfa57/html5/thumbnails/25.jpg)
Argon LAU Presales Consultant F5 Networks
#CLOUDSEC