defending the new perimeter and protecting applications...

Defending The New Perimeter and Protecting Applications Anywhere

Dennis de Leest

Cloud-based Application Services: F5 Silverline

Trends

© F5 Networks, Inc 3

The 21st century application infrastructure

Every application is a

Web application

Cloud and SaaS based applications are being deployed more than, and faster than, ever before

Users are going

Mobile

20% of F5 customers have a cloud first

strategy

The State of Application Delivery, F5 Networks, Jan. 2015


App Status in the Cloud

6% 7%

8% 10%

11%

16% 17%

19% 21%

29% 29%

% of respondents

Fina

nce

Serv

ice

Billi

ng

IT

Indu

stry

Mar

ketin

g Au

tom

atio

n

Cus

tom

er In

tera

ctio

n

HR

CRM

Util

ity/S

harin

g

Colla

bora

tion

in cloud NOW

The State of Application Delivery, F5 Networks, Jan. 2015


More cloud and SaaS applications are being deployed than ever before, driving the need for more flexible and cost efficient ways to protect web applications and defend against volumetric DDoS attacks across multiple environments without scaling out IT infrastructure and staff.

Securing applications can be complex

Script kiddies

The rise of hacktivism

Cyber war

“86% percent of all websites have at least one serious vulnerability.” SC Magazine - Website Security Stats Report 2015, WhiteHat Security


Where can I find WAF policy experts?

How can I drive operational and cost

efficiencies?

How can I scale protection without upfront IT

investments?

How can I protect my business against zero-day attacks and

vulnerabilities?

How can I maintain compliance across hybrid environments?

More cloud and SaaS applications are being deployed than ever before, driving the need for more flexible and cost efficient ways to protect web applications across multiple environments without scaling out IT infrastructure and staff.

Securing applications can be complex

How can I protect cloud and SaaS applications,

quickly?


Attack Threats: Pay up or Else!

•  DD4BC claims ~400 Gbps

•  Extortion demands starting at 25 Bitcoins

•  Initially targeted Bitcoin, Payment providers, banks and now moving to other targets

•  UDP Amplification Attacks (NTP, SSDP, DNS); TCP SYN Floods; and Layer 7 attacks

April - May of 2015: emails sent to legitimate businesses with the threat of massive DDoS attacks

Sample from actual email


Security breach impacts your business

Evolving security threats

Cost of single cyber attack can be well above $1,000,000

Successful attacks per week1 122

1.5M Monitored cyber attacks in US2

Hackers are working around the clock using ever increasing attack tactics to gain access to your sensitive enterprise data through your web applications.

•  Damages your brand reputation

•  Results in significant downtime and revenue loss

•  Compromises sensitive enterprise, employee and customer data

•  Breaches compliance required to conduct business online

Source: 1 Penomon Institute, Cost of Cyber Crime Study, 2 IBM Security Services, 2014 Cyber Security Intelligence Index

$1M +

Introducing F5 Silverline


F5 Silverline Enterprise-grade application services in minutes

Web Application Firewall

Cloud-based application services

DDoS Protection

24x7x365 Expert Support

Rapidly deploy enterprise-grade application services across hybrid environments with 24x7x365 support from F5 experts.

F5 Silverline


F5 Silverline: Key Benefits

Drive operational and cost efficiencies

Deliver app services, anywhere

Cloud based, enterprise-grade

Improve operational efficiency and decrease IT overhead by rapidly deploying Silverline

services in minutes and outsourcing support to F5

experts offering the highest level of 24x7x365 service.

Ensure your applications are available and secure no matter

where they reside. Enable cloud migration by deploying Silverline application services across hybrid environments in

conjunction with existing BIG-IP deployments.

Built on F5’s industry leading BIG-IP solutions, Silverline application services are enterprise-grade, highly

programmable, and can be configured to maintain

consistency with your existing BIG-IP implementations.


F5 Silverline Services

Defend against DDoS attacks and keep your business online with the Silverline DDoS Protection cloud-scrubbing service to detect and mitigate even the largest of volumetric DDoS attacks before they reach your network.

Protect web applications and data, and enable compliance, such as PCI DSS, with the Silverline Web Application Firewall service which is built on BIG-IP® Application Security Manager™ (ASM) with expert policy setup and fine-tuning.

Global Coverage

Global Coverage

Fully redundant and globally distributed data centers world wide in each geographic region

•  San Jose, CA US •  Ashburn, VA US •  Frankfurt, DE •  Singapore, SG

Industry-Leading Bandwidth

•  Attack mitigation bandwidth capacity over 2.0 Tbps

•  Scrubbing capacity of over 1.0 Tbps

•  Guaranteed bandwidth with Tier 1 carriers

24/7 Support

F5 Security Operations Center (SOC) is available 24x7x365 with security experts ready to respond to DDoS attacks and build WAF policies within minutes

•  Seattle, WA US

SOC


Access the F5 customer portal to securely setup and manage your services, communicate with F5 experts, and view transparent traffic and attack mitigation reports.

F5 Customer Portal

Silverline DDoS Protection


Protect Your Business and Stay Online During a DDoS Attack On-premises and cloud-based services for comprehensive DDoS Protection

•  Mitigate mid-volume, SSL, or application targeted attacks on-premises

•  Complete infrastructure control

•  Advanced L7 attack protections

•  Turn on cloud-based service to stop volumetric attacks from ever reaching your network

•  Multi-layered L3-L7 DDoS attack protection against all attack vectors

•  24/7 attack support from security experts

F5 SILVERLINE DDOS PROTECTION When under attack

F5 ON-PREMISES DDOS PROTECTION


F5 Offers Comprehensive DDoS Protection

Scanner Anonymous Proxies

Anonymous Requests

Botnet Attackers

Threat Intelligence Feed

Cloud Network Application

Legitimate Users

DDoS Attackers

Volumetric attacks: L3-7 DDoS, floods,

known signature attacks

Multiple ISP strategy

Network attacks: ICMP flood, UDP flood, SYN flood

DNS attacks: DNS amplification,

query flood, dictionary attack,

DNS poisoning

IPS

Network and DNS Application HTTP attacks:

Slowloris, slow POST,

recursive POST/GET

Next-Generation Firewall Corporate Users

SSL attacks:

SSL renegotiation, SSL flood

Financial Services

E-Commerce

Subscriber

Strategic Point of Control

CPE Cloud Signaling: Bad Actor IPs, Whitelist/

blacklist data

24/7 expert support: security operations center

F5 Silverline


F5 Offers Comprehensive DDoS Protection

Scanner Anonymous Proxies

Anonymous Requests

Botnet Attackers

Threat Intelligence Feed

Cloud Network Application

Legitimate Users

DDoS Attackers

Volumetric attacks: L3-7 DDoS, floods,

known signature attacks

Multiple ISP strategy

Network attacks: ICMP flood, UDP flood, SYN flood

DNS attacks: DNS amplification,

query flood, dictionary attack,

DNS poisoning

IPS

Network and DNS Application HTTP attacks:

Slowloris, slow POST,

recursive POST/GET

Next-Generation Firewall Corporate Users

SSL attacks:

SSL renegotiation, SSL flood

Financial Services

E-Commerce

Subscriber


CPE Cloud Signaling: Bad Actor IPs, Whitelist/

blacklist data

24/7 expert support: security operations center

F5 Silverline

•  L3-L7 volumetric DDoS attack detection and mitigation in the cloud

•  24x7 expert SOC services

•  Transparent attack reporting via F5 customer portal

CLOUD KEY FEATURES


Defense.net was founded by the pioneers of the commercial DDoS Mitigation industry

Designed to address customer frustrations of legacy cloud-based DDoS providers

Acquired by F5 Networks in 2014 to be the first in a series of F5 Silverline cloud-based service offerings

Enhanced through the addition of BIG-IP technology and an increased global footprint

Full integration between customer BIG-IP on-premises and Silverline DDoS coming soon

The Silverline DDoS Protection Story


Hearing Challenges with Current Enterprise Options

Concentration Risk Solution Side Effects Scale per Customer:

False Positives Not Enough Visibility into Attacks

Slow Mitigation Startup


F5 Silverline DDoS Protection Cloud-based service customer benefits

F5 Silverline DDoS Protection

Keep your business online during a DDoS Attack

Protect your business

Access to DDoS experts 24/7

Security Operations Center

Protect against the largest of DDoS attacks

Industry-leading attack mitigation bandwidth

per customer

Multi-layered, comprehensive L3-L7 protection

Protect against all DDoS attack vectors

F5 customer portal

Gain attack mitigation insights


DDoS Scrubbing Center Architecture

Tier 1

Legitimate Users

DDoS Attackers

Volumetric attacks and floods, operations

center experts, L3-7 known signature attacks


Inspection Toolsets

Scrubbing Center

Inspection Plane

Traffic Actioner Route Management

Flow Collection

Portal

Switching Routing/ACL

Switching Proxy and Asymmetric

Mitigation Tier

Routing (Customer VRF)

GRE Tunnel

Proxy

IP Reflection

X-Connect Customer

Data Plane

Netflow Netflow

Copied traffic for inspection

BGP signaling

Signaling

Visibility

Management

F5 Silverline


F5 Silverline DDoS Protection - Service Options

Primary protection as the first line of defense

Always On Always Available Primary protection

available on-demand


Two Ways to Direct Traffic to Silverline Scrubbing Centers

Multiple Ways to Return Clean Traffic

L2VPN / VIRTUAL ETHERNET SERVICE

IP REFLECTION ™

GRE TUNNELS

PROXY

BGP (BORDER GATEWAY PROTOCOL) ROUTED MODE

DNS PROXY MODE

EQUINIX CLOUD EXCHANGE


Unparalleled Visibility and Reporting Before, During, and After a DDoS Attack

Attack Data •  Instant inspection on the filters and

countermeasures used for mitigation •  Detailed timeline analysis on type, size, origin,

and attack vector Configuration and Provisioning •  Configure/ review/ modify settings for both

Proxy and GRE mode through the portal Detailed Communication •  Real time attack communications •  Detailed events showing attack attributes and

SOC mitigations applied


•  The F5 DDoS Protection Reference Architecture •  https://f5.com/solutions/architectures/ddos-protection •  White paper: The F5 DDoS Protection Reference Architecture •  Best practices: F5 DDoS Protection – recommended Practices

•  The F5 Silverline DDoS Protection Service Overview •  https://f5.com/products/platforms/silverline/f5-silverline-ddos-protection

Key Resources

Silverline Web Application Firewall Optional subhead here. Transition slides help break up presentations into separate sections or points, helping orient your audience. Use punctuation in the slide title only if you have more than one complete sentence. Choose blue, green, orange, or grey for your transition slides or a combination of these colors.


Organizations need a more operationally and cost efficient way to protect web applications across multiple environments without scaling

out IT infrastructure and staff.

Maintain compliance (PCI DSS)

Defend against Layer 7 attacks

Secure data and web

applications


F5 Solution: BIG-IP ASM the leading web application firewall

VIPRION Platform BIG-IP Platform BIG-IP Virtual Edition

Recognized as the most

scalable WAF on the market

Deployed in more

datacenters worldwide than any other WAF


Recognized as the most

scalable WAF on the market

Deployed in more

datacenters worldwide than any other WAF

Now available as an enterprise-grade cloud-based service managed

by F5 Security Operations Center (SOC) experts

F5’s web application firewall portfolio Built on BIG-IP Application Security Manager (ASM)

VIPRION Platform BIG-IP Platform BIG-IP Virtual Edition F5 Silverline

WAF


Protect web applications and data from layer 7 attacks, and enable compliance, such as PCI DSS, with the Silverline Web Application Firewall service which is built on BIG-IP Application Security Manager and backed by 24x7x365 support from F5 experts.

Silverline Web Application Firewall Proven security effectiveness as a convenient cloud-based service

Legitimate User

L7 Protection: Geolocation attacks, DDoS, SQL

injection, OWASP Top Ten attacks, zero-day threats, AJAX applications, JSON payloads

Public Cloud Hosted Web App

Private Cloud Hosted Web App

VA/DAST Scans

Policy can be built from 3rd Party DAST

Web Application Firewall Services

WAF

Cloud

Physical Hosted Web App

Attackers F5 Silverline

WAF


Silverline Web Application Firewall Proven security effectiveness as a convenient cloud-based service

Legitimate User

Web Application Firewall Services

WAF

Attackers F5 Silverline

WAF

VIPRION Platform

Silverline Portal WAF Policy Engine

VA/DAST Scans

Policy can be built from 3rd Party DAST

Violation Logs

Customer Reviews Violations

24x7x365 Policy Management

Attack Escalation

Silverline Cloud

Security Operations Center


Key benefits

Reduce operating costs

Protect web apps, anywhere

Leverage proven security effectivness

Rapidly deploy WAF protections and drive operational and cost

efficiencies by outsourcing WAF policy management to F5

security experts.

Protect web apps, no matter where they reside with

consistent policies across hybrid environments in conjunction with BIG-IP

deployments.

Protect against critical web attacks with an enterprise-

grade service built on BIG-IP ASM which is recommended by NSS Labs with 99.89% overall

security effectiveness*.

Source: NSS Labs Web Application Firewall Product Analysis. F5 BIG-IP ASM 10200 V11.4.0. https://interact.f5.com/2015ALLF-NSS-Web-App-Firewall--Analysis-for-BIG-IP-ASM_2---Reg.html


recommends BIG-IP ASM Web Application Firewall when compared with competitors:

Overall security effectiveness

% 99.89 Minimal false positives % .124

Enterprise-grade protection against layer 7 geolocation attacks, DDoS, SQL injection, OWASP Top Ten attacks, zero-day threats, AJAX applications, and JSON payloads delivered as a convenient cloud-based service.

Leverage proven security effectiveness An enterprise-grade web application firewall service

Source: NSS Labs Web Application Firewall Product Analysis. F5 BIG-IP ASM 10200 V11.4.0. https://interact.f5.com/2015ALLF-NSS-Web-App-Firewall--Analysis-for-BIG-IP-ASM_2---Reg.html


F5 security experts proactively monitor, and fine-tune policies to protect web applications and data from new and emerging threats. •  Expert policy setup •  Policy fine-tuning •  Proactive alert monitoring •  False positives tuning •  Detection tuning •  Whitelist / Blacklist Set up and

monitoring

Availability & Support

Expert Policy Setup and Management

Active Threat Monitoring

Reduce operating costs by outsourcing WAF policy management to F5 SOC experts

F5 Security Operations Center


•  Securely communicate with Silverline SOC experts

•  View centralized attack and threat monitoring reports with details including: •  source geo-IP mapping •  blocked vs. alerted attacks •  blocked traffic and attack types •  alerted attack types •  Threats* •  bandwidth used •  hits/sec* •  type of traffic and visits (bots v. humans)*

Gain attack insights and intelligence F5 Customer Portal

Customer Portal Visibility &

Compliance Attack Reports

* Limited on initial release


•  Detailed information provided in Violation logs showing request, SrcIP, all header information, etc

•  Simplified workflow •  Block (policy is working

as intended) •  Allow (policy should be

updated to accept behavior)

WAF Violation Logs


•  Built on the industry leading purpose-built WAF: BIG-IP ASM - compared to other WAF services built on ModSecurity Open Source technology

•  The highest level of service from F5 SOC experts - compared to other WAF services that are mostly self-serve

•  Comprehensive protections with the ability to import VA/DAST Scans

•  Highly-customizable with iRules and iApps programmability to protect against zero-day threats

•  Future integrations with BIG-IP ASM to provide hybrid WAF services and APIs

How Silverline Web Application Firewall is different


Resources on F5.com

Product Overview http://www.f5.com/pdf/products/f5-silverline-web-application-firewall-product-overview.pdf

F5 Silverline platform https://f5.com/products/platforms/silverline

F5 BIG-IP ASM https://f5.com/products/modules/application-security-manager

Datasheet http://www.f5.com/pdf/products/f5-silverline-web-application-firewall-datasheet.pdf

defending the new perimeter and protecting applications...

Documents