Application Security Manager ASM. David Perodin F5 Engineer

Transcription

1

2 Application Security Manager ASM David Perodin F5 Engineer

3 3 Overview BIG-IP Application Security Manager (ASM) a type of Web application firewall ASM s advanced application visibility, reporting and analytics Vulnerability assessment and mitigation with well-known third-party partners (WhiteHat Sentinel, Oracle, Splunk)

4 4 Organizations Worldwide Trust F5 F5 Customer highlights 43 of the Fortune 50 companies 1 15 of the top 15 US commercial banks 1 6 of the 6 top US airlines 1 10 of the top 10 US insurance companies - property and casualty 1 5 of the top 6 healthcare: pharmacy and other services 1 14 of the 15 executive branch departments of the US federal government 2 10 of the top 10 fixed AND mobile global service providers 3 9 of the top 10 US online video brands 4 4 of the top 5 US Internet search providers 5 17 of 20 cloud infrastructure and Web hosting companies 6 Sources: 1 Fortune 2010; 2 USA.gov Web site listing 3 Q310 Ovum Market share, by revenue, global; 4 Nielson NetRatings September 2010; 5 Comscore November 2010; 6 Gartner Magic Quadrant Cloud Infrastructure as a Service and Web Hosting (On Demand, December 2010)

5 5 F5 Application Delivery Networking

6 6 Attacks are Moving Up the Stack Network Threats Application Threats 90% of security investment focused here 75% of attacks focused here Source: Gartner

7 7 Mobile Apps are consuming more of Web

8 8 Almost every web application is vulnerable! 97% of websites at immediate risk of being hacked due to vulnerabilities! 69% of vulnerabilities are client side-attacks 8 out of 10 websites vulnerable to attack - Web Application Security Consortium - WhiteHat security report 75 percent of hacks happen at the application. - Gartner Security at the Application Level 64 percent of developers are not confident in their ability to write secure applications. - Microsoft Developer Research

9 9 How long to resolve a vulnerability? Website Security Statistics Report

10 10 BIG-IP Application Security Manager Powerful Adaptable Solution Provides comprehensive protection for all web application vulnerabilities, including (D)DoS Logs and reports all application traffic and attacks Educates admin. on attack type definitions and examples Enables L2->L7 protection Unifies security, access control and application delivery Sees application level performance Provides On-Demand scaling

11 11 Anonymous Attack Anonymous targeted customer with bots Traffic attack melted legacy systems Solution: Implement BIG-IP BIG-IP Attack Protection: Greater connection management LTM to mitigate network DDoS ASM to mitigate application DDoS irules for agility and extensibility

12 12 Quickly Resolve Application Vulnerabilities Request made BIG-IP ASM security policy checked Server response Enforcement Secure response delivered BIG-IP ASM applies security policy Vulnerable application Maintain security at application, protocol, and network levels Launch secure applications protected from vulnerabilities

13 13 Automatic DOS Attack Detection and Protection Accurate detection technique based on latency 3 different mitigation techniques escalated serially Focus on higher value productivity while automatic controls intervene Detect a DOS condition Identify potential attackers Drop only the attackers

14 14 Creating an ASM Policy

15 15 BIG-IP ASM Configuration Policy Configuration Step 1

16 16 BIG-IP ASM Configuration Policy Configuration Step 2

17 17 BIG-IP ASM Configuration Policy Configuration Step 3

18 18 BIG-IP ASM Configuration Policy Configuration Step 4

19 19 BIG-IP ASM Configuration Policy Enforcement Mode

20 20 BIG-IP ASM Configuration Policy Blocking Settings

21 21 BIG-IP ASM Configuration File Type Configuration

22 22 BIG-IP ASM Configuration URL Configuration

23 23 BIG-IP ASM Configuration Content Profile Configuration

24 24 BIG-IP ASM Configuration Parameter Configuration

25 25 BIG-IP ASM Configuration Parameter Configuration JSON Parser

26 26 BIG-IP ASM Configuration AJAX Response Page

27 27 ASM and the Software Development Lifecycle Policy Tuning Pen tests Performance Tests WAF offload features: Cookies Brute Force DDOS Web Scraping SSL, Caching, Compression Final Policy Tuning Pen Tests Incorporate vulnerability assessment into the SDLC Use business logic to address known vulnerabilities Allow resources to create value

28 28 Reporting

29 29 Application visibility and reporting Monitor URIs for server latency Troubleshoot server code that causes latency

30 30 See the BIG Picture: From Violations to An Incident Automatically correlate multiple violations which share a common denominator into a single incident Correlation is based Source IP, and URL/ Parameter

31 31 Attack Expert System in ASM 1. Click on info tooltip

32 32 Centralized Advanced Reporting with Splunk Centralized reporting with Splunk s large-scale, high-speed indexing and search solution Packaged 15 different ASM specific reports Provide visibility into attack trends and traffic trends Identify unanticipated threats before exposure occurs ogy-alliances/security/splunk.html

33 33 Application Analytics Stats grouped by application and user Provides Business Intelligence ROI Reporting Capacity Planning Troubleshooting Performance Stats Collected URLs Server Latency Client-Side Latency Throughput Response Codes Methods Client IPs Client Geographic User Agent User Sessions Views Virtual Server Pool Member Response Codes URL HTTP Methods

34 34 Automation and Integration

35 35 The Real Problem Attacks have been operationalized but mitigation has not Attacks are persistent Discovery of Vulnerabilities and attacks are easily automated Operational gap between discovery and mitigation

36 36 The Result Organizations are consistently vulnerable An organizations web application presence is, on average, free from vulnerabilities for only 30 days during the year. 4 Years and 4 Thousand Websites Worth of Vulnerability Assessments: What Have We Learned? (WhiteHat Security)

37 37 The Result Organizations are highly vulnerable Simple vulnerabilities have a significant percentage chance of resulting in a breach

38 The Solution Operationalize web application security 38 Automatically close the gap between discovery and mitigation

39 Persistent Threat Management Applying the rule to web application security 39 80% 20% 80% of attacks can be prevented by applying common, standardized mitigation rules Immediately reduces window of opportunity for exploitation 20% of vulnerabilities require developer or vendor attention Leverage programmability in the network to temporarily mitigate

40 40 Persistent Threat Management Leveraging automation and integration to operationalize security

41 41 Persistent Threat Management The New Security Operational Model

42 42 Protection from Vulnerabilities Enhanced Integration: BIG-IP ASM and WhiteHat Sentinel Customer Website Finds a vulnerability Virtual-patching with one-click on BIG-IP ASM White Hat Sentinel Vulnerability checking, detection and remediation Complete website protection BIG-IP Application Security Manager Verify, assess, resolve and retest in one UI Automatic or manual creation of policies Discovery and remediation in minutes

43 43 Configuration

44 44 Configuration

45 45 Importing Vulnerabilities

46 46 Service Options F5 BIG-IP ASM Vulnerability Mitigation Assessment Scan finding data collected Findings imported into ASM Report Creation Deliverables Vulnerability Mitigation Roadmap F5 BIG-IP ASM Vulnerability Mitigation Subscription Performed periodically and remotely Findings imported into ASM Report Creation Deliverables Vulnerability Mitigation Report 4 hours tuning ASM to remediate findings AVAILABLE AUGUST 2012

47 Jon Teunis and David Perodin 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, icontrol, irules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries