efending The New Perimeter nd Protecting Applications Anywhere

Transcription

1 efending The New Perimeter nd Protecting Applications Anywhere oud-based Application Services: Silverline nnis de Leest

2 rends

3 e 21 st century application infrastructure Users are going Mobile Every application is a Web application Cloud and SaaS based application are being deployed more th and faster than, ever befor

4 20% of F5 customers have a cloud first strategy The State of Application Delivery, F5 Networks, Jan. 2015

5 p Status in the Cloud % of respondents in cloud NOW 29% 29% 16% 17% 19% 21% 6% Finance 7% Industry 8% IT 10% Billing 11% Service Customer Interaction Marketing Automation HR Utility/Sharing Collaboration CRM The State of Application Delivery, F5 Networks, Jan. 2015

6 curing applications can be complex re cloud and SaaS applications are being deployed than ever before, driving need for more flexible and cost efficient ways to protect web applications and end against volumetric DDoS attacks across multiple environments without ling out IT infrastructure and staff. Script kiddies The rise of hacktivism Cyber war 86% percent of all websites have at least one serious vulnerability. SC Magazine - Website Security Stats Report 2015, WhiteHat Security

7 curing applications can be complex re cloud and SaaS applications are being deployed than ever before, driving need for more flexible and cost efficient ways to protect web applications oss multiple environments without scaling out IT infrastructure and staff. How can I protect my business against zero-day attacks and vulnerabilities? How can I maintain compliance across hybrid environments? here can I find WAF policy experts? How can I scale prote without upfront I investments? How can I protect cloud and SaaS applications, quickly? How can I drive operational and cost efficiencies?

8 tack Threats: Pay up or Else! il - May of 2015: s sent to legitimate businesses with the threat of massive DDoS attacks DD4BC claims ~400 Gbps Extortion demands starting at 25 Bitcoins Initially targeted Bitcoin, Payment providers banks and now moving to other targets UDP Amplification Attacks (NTP, SSDP, DNS TCP SYN Floods; and Layer 7 attacks Sample from actual

9 curity breach impacts your business ckers are working around the clock ing ever increasing attack tactics to in access to your sensitive enterprise ta through your web applications. amages your brand reputation Evolving security threats $1M + Cost of single cyber attack can be well above $1,000,000 esults in significant downtime and evenue loss ompromises sensitive enterprise, mployee and customer data reaches compliance required to onduct business online M Successful attacks per week 1 Monitored cyber attac in US 2 ource: 1 Penomon Institute, Cost of Cyber Crime Study, 2 IBM Security Services, 2014 Cyber Security Intelligence Index

10 ntroducing F5 Silverline

11 Silverline terprise-grade application services in minutes Rapidly deploy enterprise-grade application services across hybrid environments with 24x7x365 support from F5 experts. Web Application Firewall DDoS Protection F5 Silverline Cloud-based application services 24x7x365 Expert Support

12 Silverline: Key Benefits Cloud based, nterprise-grade t on F5 s industry leading G-IP solutions, Silverline pplication services are nterprise-grade, highly grammable, and can be onfigured to maintain istency with your existing IG-IP implementations. Drive operational and cost efficiencies Improve operational efficiency and decrease IT overhead by rapidly deploying Silverline services in minutes and outsourcing support to F5 experts offering the highest level of 24x7x365 service. Deliver app service anywhere Ensure your applications a available and secure no ma where they reside. Enab cloud migration by deploy Silverline application servi across hybrid environment conjunction with existing B deployments.

13 Silverline Services Defend against DDoS attacks and keep your business online with the Silverline DDoS Protection cloudscrubbing service to detect and mitigate even the largest of volumetric DDoS attacks before they reach your network. Protect web applications and data, and enable compliance, such as PCI DSS, with the Silverline Web Application Firewall service which is built on BIG-IP Application Security Manager (ASM) with expert policy setup and fine-tuning.

14 obal Coverage SOC 24/7 Support curity Operations Center is available 24x7x365 ecurity experts ready to nd to DDoS attacks and WAF policies within es Seattle, WA US Global Coverage Fully redundant and globally distributed data centers world wide in each geographic region San Jose, CA US Ashburn, VA US Frankfurt, DE Singapore, SG Industry-Leading Bandwid Attack mitigation bandwidt capacity over 2.0 Tbps Scrubbing capacity of over Tbps Guaranteed bandwidth wit Tier 1 carriers

15 Customer Portal ess the F5 customer portal to securely setup and manage your services, municate with F5 experts, and view transparent traffic and attack mitigation orts.

16 ilverline DDoS Protection

17 otect Your Business and Stay Online During a DDoS Attack -premises and cloud-based services for comprehensive DDoS Protectio F5 SILVERLINE DDOS PROTECTION When under attack F5 ON-PREMISES DDOS PROTECTION Turn on cloud-based service to stop volumetric attacks from ever reaching your network Multi-layered L3-L7 DDoS attack protection against all attack vectors 24/7 attack support from security experts Mitigate mid-volume, SSL, or application targeted attacks on-premises Complete infrastructure control Advanced L7 attack protections

18 E Offers Comprehensive DDoS Protection Threat Intelligence Feed Next-Generation Firewall Corpo Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Volumetric attacks: L3-7 DDoS, floods, known signature attacks Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood F5 Silverline 24/7 expert support: security operations center CPE Cloud Signaling: Bad Actor IPs, Whitelist/ blacklist data DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application IPS Strategic Point of C

19 Offers Comprehensive DDoS Protection Threat Intelligence Feed Next-Generation Firewall Corpo Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Volumetric attacks: L3-7 DDoS, floods, known signature attacks F5 Silverline 24/7 expert support: security operations center Multiple ISP strategy CPE Cloud Signaling: Bad Actor IPs, Whitelist/ blacklist data CLOUD KEY FEATURES Network attacks: ICMP flood, UDP flood, SYN flood L3-L7 volumetric DDoS attack detection and mitigation in the cloud 24x7 expert SOC services Network and DNS DNS DNS amplification, attacks: Transparent attack query flood, dictionary reporting attack, via F5 customer DNS poisoning portal IPS SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E Strategic Point of C

20 e Silverline DDoS Protection Story Designed to address customer frustrations of legacy cloud-based DDoS providers Acquired by F5 Networks in 2014 to be the first in a series of F5 Silverline cloudbased service offerings Enhanced through the addition of BIG-IP technology and an increased global footprint Full integration between customer BIG-IP on-premises and Silverline DDoS coming soon Defense.net was founded by the pioneers of the commercial DDoS Mitigation industry

21 earing Challenges with Current Enterprise Options cale per Customer: Concentration Risk Solution Side Effect Slow Mitigation Startup False Positives Not Enough Visibilit into Attacks

22 Silverline DDoS Protection ud-based service customer benefits p your business nline during a DDoS Attack Protect your business F5 Silverline DDoS Protection Protect against the largest of DDoS attacks Multi-layered, comprehensive L3-L7 protection Industry-leading a mitigation bandw per custome Security Operations Center Protect against a attack vecto ccess to DDoS xperts 24/7 F5 customer portal Gain attack mitig insights

23 Strategic Point of C os Scrubbing Center Architecture Scrubbing Center Inspection Plane Inspection Toolsets Traffic Actioner Route Management Flow Collection Visibility Portal Tier 1 Signaling Management Copied traffic for inspection BGP signaling Netflow Data Plane Netflow GRE Tunnel Proxy F5 Silverline Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Switching Routing/ACL Switching Proxy and Asymmetric Mitigation Tier Routing (Customer VRF) IP Reflection X-Connect Customer

24 Silverline DDoS Protection - Service Options Always On Primary protection as the first line of defense Always Available Primary protection available on-demand

25 o Ways to Direct Traffic to lverline Scrubbing Centers Multiple Ways to Return Clean Traffic GRE TUNNELS GP (BORDER GATEWAY PROTOCOL) OUTED MODE L2VPN / VIRTUAL ETHERNET SERVICE IP REFLECTION EQUINIX CLOUD EXCHANGE NS ROXY MODE PROXY

26 paralleled Visibility and Reporting Before, During, and ter a DDoS Attack Attack Data Instant inspection on the filters and countermeasures used for mitigation Detailed timeline analysis on type, size, and attack vector Configuration and Provisioning Configure/ review/ modify settings for b Proxy and GRE mode through the portal Detailed Communication Real time attack communications Detailed events showing attack attribute SOC mitigations applied

27 y Resources he F5 DDoS Protection Reference Architecture White paper: The F5 DDoS Protection Reference Architecture Best practices: F5 DDoS Protection recommended Practices he F5 Silverline DDoS Protection Service Overview

28 ilverline Web Application Firewall ptional subhead here. Transition slides help break up presentations into separate sections or oints, helping orient your audience. Use punctuation in the slide title only if you have more than ne complete sentence. Choose blue, green, orange, or grey for your transition slides or a ombination of these colors.

29 Organizations need a more operationally and cost efficient way to protect web applications across multiple environments without scaling out IT infrastructure and staff. Secure data and web applications Maintain compliance (PCI DSS) Defend agains Layer 7 attacks

30 Solution: BIG-IP ASM the leading web application firew cognized as the most scalable WAF on the market Deployed in more datacenters worldwide than any other WAF VIPRION Platform BIG-IP Platform BIG-IP Virtual Edition

31 s web application firewall portfolio ilt on BIG-IP Application Security Manager (ASM) cognized as the most calable WAF on the market Deployed in more datacenters worldwide than any other WAF Now available as an enterprise-grade cloudbased service managed by F5 Security Operations Center (SOC) experts WAF VIPRION Platform BIG-IP Platform BIG-IP Virtual Edition F5 Silverline

32 lverline Web Application Firewall ven security effectiveness as a convenient cloud-based service tect web applications and data from layer 7 attacks, and enable compliance, such PCI DSS, with the Silverline Web Application Firewall service which is built on BIG-I plication Security Manager and backed by 24x7x365 support from F5 experts. Cloud L7 Protection: Geolocation attacks, DDoS, SQL injection, OWASP Top Ten attacks, zero-day threats, AJAX applications, JSON payloads Web Application Firewall Services Private C Hosted We itimate ser WAWAF F Physical H Web A ckers F5 Silverline VA/DAST Scans Policy can be built from 3 rd Party DAST Public C Hosted We

33 lverline Web Application Firewall ven security effectiveness as a convenient cloud-based service Silverline Cloud Security Operations Center 24x7x365 Policy Management Attack Escalation VA/DAST Scan Policy can be b from 3 rd Party D Web Application Firewall Services WAF WA F WAF Policy Engine Silverline Port F5 Silverline Violation Logs VIPRION Platform Customer Revi Violations

34 y benefits everage proven urity effectivness tect against critical web acks with an enterprisede service built on BIG-IP which is recommended by Labs with 99.89% overall ecurity effectiveness*. Reduce operating costs Rapidly deploy WAF protections and drive operational and cost efficiencies by outsourcing WAF policy management to F5 security experts. Protect web apps anywhere Protect web apps, no mat where they reside with consistent policies acros hybrid environments in conjunction with BIG-IP deployments. : NSS Labs Web Application Firewall Product Analysis. F5 BIG-IP ASM V

35 Leverage proven security effectiveness An enterprise-grade web application firewall service erprise-grade protection against er 7 geolocation attacks, DDoS, SQL ction, OWASP Top Ten attacks, zerothreats, AJAX applications, and N payloads delivered as a venient cloud-based service. recommends BIG-IP AS Web Application Firewall when compared with competitors: % %.124 Overall security effectiveness Minimal false positive : NSS Labs Web Application Firewall Product Analysis. F5 BIG-IP ASM V

36 Reduce operating costs by outsourcing WAF policy management to F5 SOC experts security experts proactively monitor, fine-tune policies to protect web lications and data from new and erging threats. Expert policy setup Policy fine-tuning Proactive alert monitoring False positives tuning Detection tuning Whitelist / Blacklist Set up and monitoring F5 Security Operations Center Expert Policy Setup and Management Availability & Support Active Threat Monitoring

37 in attack insights and intelligence Customer Portal ecurely communicate with Silverline OC experts iew centralized attack and threat onitoring reports with details ncluding: source geo-ip mapping blocked vs. alerted attacks blocked traffic and attack types alerted attack types Threats* bandwidth used hits/sec* type of traffic and visits (bots v. humans)* ted on initial release Customer Portal Visibility & Compliance Attack Rep

38 AF Violation Logs Detailed information provided in Violation logs showing request, SrcIP, all header information, etc Simplified workflow Block (policy is working as intended) Allow (policy should be updated to accept behavior)

39 w Silverline Web Application Firewall is different uilt on the industry leading purpose-built WAF: BIG-IP ASM compared to other WAF services built on ModSecurity Open Source technology he highest level of service from F5 SOC experts compared to other WAF services that are mostly self-serve omprehensive protections with the ability to import VA/DAST Scans ighly-customizable with irules and iapps programmability to protect gainst zero-day threats uture integrations with BIG-IP ASM to provide hybrid WAF services and PIs

40 esources on F5.com atasheet Product Overview F5 Silverline platform p:// oducts/f5-silverline-webplication-firewalltasheet.pdf products/f5-silverline-webapplication-firewall-productoverview.pdf platforms/silverline w F5 BIG-IP ASM modules/application-securitymanager

41