f5's ip intelligence service
DESCRIPTION
F5 keeps customers protected with new IP Intelligence service. F5's BIG-IP solutions now offer a cloud-based service to guard against malicious activity, emerging threats, and IP address-related attacks.TRANSCRIPT
IP Intelligence ServiceBIG-IP v11.2
© F5 Networks, Inc.
2
of hacking breaches in larger organizations occur happen at the web application
The most significant change we saw in 2011 was the rise of “hacktivism” against larger organizations worldwide
Threat detection today… hinges on two elements: identifying suspicious activity among billions of data points, and refining a large set of suspicious incidents down to those that matter
We still see SQL Injection
as a choice point of entry for attacker
Anonymous proxies… havesteadily increased, more than quadrupling in number as compared to three years ago.
54% A Denial of Service tool… using SSL/TLS showed the potential for an everyday laptop on an average connection to take down an enterprise web server
Security Challenges
© F5 Networks, Inc.
3
The Shift To The Intelligent Network
We want to leverage the traffic data
Traffic Data
Users expect a better experience
PersonalizedExperience
We need to approach security different
Evolving Threats
© F5 Networks, Inc.
4
IP Intelligence
ReputationDeny access to infected IPs
Windows ExploitsKnown distributed IPs
Web AttacksIPs used for SQL Injection, CSRF
BotNetsInfected IPs controlled by Bots
Scanners Probes, scans, brute force
Denial of ServiceDoS, DDoS, Syn flood
Phishing ProxiesPhishing sites host
Anonymous ProxiesAnon services, Tor
© F5 Networks, Inc.
5
IP Intelligence: Defend Against Malicious Activity and Web Attacks
Enhance automated application delivery decisions adding better intelligence and stronger security based on context.
Layer of IP threat protection delivers context to identify and block IP threats using a dynamic data set of high-risk IP addresses.
Visibility into threats from multiple sources
leverages a global threat sensor network
Deliver intelligence in a simple way reveals
inbound and outbound communication
Real-time updates keep protection at peak performance refreshing database every five minutes.
We need to approach security different
Evolving Threats
© F5 Networks, Inc.
6
• Fast IP update of malicious activity
• Global sensors capture IP behaviors
• Threat correlation reviews/ blocks/ releases
IP IntelligenceHow it works
Internet
Web Attacks
Reputation
Windows Exploits
Botnets
Scanners
Network Attacks
DNS
Semi-open Proxy Farms
Exploit Honeypots
Naïve User Simulation
Web App Honeypots
Third-party Sources
Key Threats Sensor Techniques
BIG-IP System
Dynamic Threat IPsevery 5min.
IP Intelligence
IP Intelligence Service:Threat Correlation
© F5 Networks, Inc.
7
IP IntelligenceIdentify and allow or block IP addresses with malicious activity
IP address feed updates every 5 min
• Use IP intelligence to defend attacks
• Reduce operation and capital expenses
Anonymous Proxies
?
BIG-IP System
Scanners
Financial Application
IP Intelligence Service
Botnet
CustomApplication
Attacker
Anonymous requests
Geolocation database
Internally infected devices and servers
© F5 Networks, Inc.
8
• Broad-based IP threat intelligence– Global network of sensors addressing diverse use cases
– Threat IPs are catalogued and tracked indefinitely
• Consolidated platform increases performance and reduces network costs – Offload unwanted traffic and block at the edge of network
– Improved network and app performance
• Cloud-based architected– Paid subscription-based service with 1yr and 3yr licenses
– Real-time continuous updates
• Available throughout all BIG-IP systems– Configurable in BIG-IP ASM UI
– Accessible from iRules for all BIG-IP solutions
BIG-IP Intelligence Service: Context-based delivery & protection
© 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries