Uploaded bystkannan1
PPTX, PDF178 views

F5 XC Distributed cloud Security and Application Delievery

This document discusses F5's cloud security and application delivery solutions. It provides 5 key capabilities: 1) Preventing application exploits, 2) Mitigating bots and automated attacks, 3) Discovering and controlling APIs, 4) Protecting application infrastructure, and 5) Stopping fraud and account takeover. The solutions aim to make security more consistent across applications, maximize protection for modern apps and APIs, and help detect and mitigate threats more rapidly through artificial intelligence and connected intelligence.

Embed presentation

Download to read offline
Cloud Security & Application Delivery for your Production Grade Applications - An F5 Primer Rohit Andani Solutions Architect , F5
©2022 F5 2 Application delivery is changing CDNs Scale out static object serving Cloud Scale out app servers Distributed Cloud Scale and connect everything Origin Site Origin Site Origin Site(s) Data Center Distributed Cloud Hybrid Cloud Multi-Cloud Cloud Cloud(s)
©2022 F5 3 Explosive app growth brings big opportunities & challenges OPPORTUNITIES CHALLENGES Security Complexity IT as enabler of innovation Improve customer experience Transform the business Differentiate Modernization CONFIDENTIAL
©2022 F5 4 Apps Security Posture Controls Challenges?
©2022 F5 5 Consistent protection + policies for legacy & modern apps 1 • Employ natively-embedded and continuously available controls across your digital experience • Mobile, browser-based and API-centric apps • Create policies once and easily deploy them anywhere • Consistently apply policies in real-time across constantly changing apps • Reduce cost and simplify operations through self-service SaaS or a managed service On-premises Edge Consistent policy Consistent policy Consistent policy Cloud
©2022 F5 6 • Defend modern apps and microservices with automated discovery and allow listing of all APIs (shadow, vulnerable, etc.) • Automatically baseline API behavior and detect anomalies • Achieve faster app dev cycles and stronger protection and compliance • Integrate security into your digital supply chains …all without extra time from DevOps or DevSecOps Protect modern apps &APIs at the pace of digital business 2 APIs Microservices Containers Cloud-native
©2022 F5 7 • Continuously improve threat detection by integrating ML + human expertise • Drive rapid mitigation by receiving real-time actionable insights • Reduce false positives through behavioral telemetry Scale defenses with integrated intelligence (AI/data + human) 3 Web app firewall Denial of service Antibot & antifraud Secure access API security Workload protection Network Effect Threat Intelligence via ML via human expertise App infrastructure protection
©2022 F5 8 Apps Security Posture Controls 1 Prevent app exploits 2 Mitigate bots & other automated attacks 3 Discover & control APIs 4 Protect app infrastructure Stop fraud & account takeover 5
©2022 F5 9 • Mitigation of common application attacks • OWASP 10, known vulnerabilities, zero-day • Protection from denial of service (DoS) attacks • Continuously monitor app stress to automatically detect and mitigate app-layer DoS attacks • Protect apps + infrastructure from Layer 3 DDoS • Protection from sophisticated attacks • Automatically detect + block malware • Credential protection • Prevent man-in-the-browser credential theft associated with app-level credential encryption Threat Stack F5 Advanced WAF F5 NGINX App Protect F5 Distributed Cloud WAF F5 WAF Engine 1 Prevent application exploits
©2022 F5 10 • Mitigate sophisticated bot attacks in real-time with network, device and environmental signals • Adapt quickly to attacker retooling with global collective threat intelligence and AI • Prevent reverse engineering and tampering with advanced obfuscation • Improve customer experience by minimizing the user friction of CAPTCHA and MFA • Flexibly deploy with pre-built connectors: cloud, on-prem or hybrid • Augment security staff through managed service Mitigate bots & other automated attacks 2 Collect telemetry & transaction metadata F5 Distributed Cloud Bot Defense 1 Analysis 2 Real-time Mitigation Action 3 Browser Fingerprint User Behavior Pattern Header Pattern Timing IP/ASN
©2022 F5 11 Distributed Cloud API Security BIG-IP Advanced WAF NGINX+/NGINX Controller API API API Discover & control APIs 3 Real-time automated API protection and reporting…without additional resourcing or time • Automated API discovery and control • ML-based auto-discovery of APIs • Automatic allow-listing of good APIs • Automated baselining of behavior and ongoing anomaly detection • Rich reporting for behavioral analysis, forensics gathering and visualization of API usage • Simple integration with DevOps processes
©2022 F5 12 app Applications Orchestration Virtual machines Cloud provider APIs Containers Threat Stack Cloud Security Platform Protect application infrastructure 4 • Secure your cloud application infrastructure • Detect and remediate threats in cloud-native infrastructure across billions of events • Get unified visibility of real-time threats • Comprehensively monitor for threats using behavior-based alerting, ML-generated insights, and human expertise • Streamline compliance and audits • Simplify cloud certifications and audit requests for HIPAA, SOC2-Type II, ISO-27001, PCI-DSS
©2022 F5 13 Stop fraud & account takeover (ATO) 5 • Stop fraud before it happens • Identify 2x–5x more fraud per month with accurate fraud detection rates and lower false positives • Adapt quickly to attacker retooling with global collective threat intelligence • Provide frictionless consumer experiences • Reduce MFA challenges up to 90% for legitimate users • Increase operational efficiency • Decrease fraud team time spent reviewing transactions by more than 50%
©2022 F5 14 F5 secures Production Grade apps & APIs everywhere Make security enforcement more consistent & less complex across all apps 1 Maximize protection + reduce risk for modern apps & APIs at modern pace 2 Detect and mitigate threats more rapidly through AI, data & connected intelligence 3
F5 XC Distributed cloud Security and Application Delievery

More Related Content

PPTX
F5 Distributed Cloud.pptx
byabenyeung1
 
PPTX
APM Overall Use Case Presentation - Final
byzyberpal
 
PPTX
Getting Started with Azure Sentinel
bySamik Roy
 
PDF
Tashyeed profile
byDr. Majid Ahmed Abdalla Ahmed
 
PDF
Making App Security and Delivery Ridiculously Easy
byCristian Garcia G.
 
PDF
Découvrez NGINX AppProtect
byNGINX, Inc.
 
PDF
Combating Cyberattacks on Digital Transformation by David D Geer
byDavid Geer
 
PPTX
knowledgeforthebestofthe_bestestguy.pptx
byADARSHKUMAR87428
 
F5 Distributed Cloud.pptx
byabenyeung1
 
APM Overall Use Case Presentation - Final
byzyberpal
 
Getting Started with Azure Sentinel
bySamik Roy
 
Tashyeed profile
byDr. Majid Ahmed Abdalla Ahmed
 
Making App Security and Delivery Ridiculously Easy
byCristian Garcia G.
 
Découvrez NGINX AppProtect
byNGINX, Inc.
 
Combating Cyberattacks on Digital Transformation by David D Geer
byDavid Geer
 
knowledgeforthebestofthe_bestestguy.pptx
byADARSHKUMAR87428
 

Similar to F5 XC Distributed cloud Security and Application Delievery

PDF
Modern App Architecture - Microservices, API Friendly
byDevOps Indonesia
 
PDF
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
byTu Pham
 
PPTX
Unc charlotte prezo2016
bySanjay R. Gupta
 
PPTX
Securing and automating your application infrastructure meetup 23112021 b
bylior mazor
 
PPTX
Cloud Security in 2025_ Top Challenges, Daily Risks & Key Threats You Need to...
byinfosprintseo
 
PPTX
Application security from cloud computing
byrockybaiiiii143
 
PDF
How to Ensure SaaS App Security with DevOps.pdf
byMadvITSolutions
 
PPTX
cloudComputingSec_p3.pptx
bySteven Quach
 
PPTX
F5 and HashiCorp Multi-Cloud
byabenyeung1
 
PDF
Markets_Cloud Web Application and API Protection.pdf
byctare2011
 
PDF
Top 10 Cloud Security Trends in 2025.pdf
byjfstechnologies6
 
PPTX
Novel cloud computingsecurity issues
byJoo Manthar
 
PDF
Connect Ops and Security with Flexible Web App and API Protection
byDevOps.com
 
PDF
Security in the cloud protecting your cloud apps
byCenzic
 
PPTX
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
byShannon Lietz
 
PPTX
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
byKarim Vaes
 
PPTX
Container Workload Security Solution Ideas by Mandy Sidana.pptx
byMandy Sidana
 
PDF
Application Security with NGINX
byNGINX, Inc.
 
PDF
Cloud the path forward
byVasu Thiyagarajan
 
PDF
Cloud Security Services: Safeguarding Enterprise Data, Applications, and Infr...
bybasilmph
 
Modern App Architecture - Microservices, API Friendly
byDevOps Indonesia
 
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
byTu Pham
 
Unc charlotte prezo2016
bySanjay R. Gupta
 
Securing and automating your application infrastructure meetup 23112021 b
bylior mazor
 
Cloud Security in 2025_ Top Challenges, Daily Risks & Key Threats You Need to...
byinfosprintseo
 
Application security from cloud computing
byrockybaiiiii143
 
How to Ensure SaaS App Security with DevOps.pdf
byMadvITSolutions
 
cloudComputingSec_p3.pptx
bySteven Quach
 
F5 and HashiCorp Multi-Cloud
byabenyeung1
 
Markets_Cloud Web Application and API Protection.pdf
byctare2011
 
Top 10 Cloud Security Trends in 2025.pdf
byjfstechnologies6
 
Novel cloud computingsecurity issues
byJoo Manthar
 
Connect Ops and Security with Flexible Web App and API Protection
byDevOps.com
 
Security in the cloud protecting your cloud apps
byCenzic
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
byShannon Lietz
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
byKarim Vaes
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
byMandy Sidana
 
Application Security with NGINX
byNGINX, Inc.
 
Cloud the path forward
byVasu Thiyagarajan
 
Cloud Security Services: Safeguarding Enterprise Data, Applications, and Infr...
bybasilmph
 

Recently uploaded

PPTX
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
What Is AI LXP and Why Enterprises Are Adopting It.pdf
byneuralminds4
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
connectives-linking words in English.ppt
byAmrMohammed82
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
What Is AI LXP and Why Enterprises Are Adopting It.pdf
byneuralminds4
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 

F5 XC Distributed cloud Security and Application Delievery

  • 1.
    Cloud Security &Application Delivery for your Production Grade Applications - An F5 Primer Rohit Andani Solutions Architect , F5
  • 2.
    ©2022 F5 2 Application deliveryis changing CDNs Scale out static object serving Cloud Scale out app servers Distributed Cloud Scale and connect everything Origin Site Origin Site Origin Site(s) Data Center Distributed Cloud Hybrid Cloud Multi-Cloud Cloud Cloud(s)
  • 3.
    ©2022 F5 3 Explosive appgrowth brings big opportunities & challenges OPPORTUNITIES CHALLENGES Security Complexity IT as enabler of innovation Improve customer experience Transform the business Differentiate Modernization CONFIDENTIAL
  • 4.
    ©2022 F5 4 Apps SecurityPosture Controls Challenges?
  • 5.
    ©2022 F5 5 Consistent protection+ policies for legacy & modern apps 1 • Employ natively-embedded and continuously available controls across your digital experience • Mobile, browser-based and API-centric apps • Create policies once and easily deploy them anywhere • Consistently apply policies in real-time across constantly changing apps • Reduce cost and simplify operations through self-service SaaS or a managed service On-premises Edge Consistent policy Consistent policy Consistent policy Cloud
  • 6.
    ©2022 F5 6 • Defendmodern apps and microservices with automated discovery and allow listing of all APIs (shadow, vulnerable, etc.) • Automatically baseline API behavior and detect anomalies • Achieve faster app dev cycles and stronger protection and compliance • Integrate security into your digital supply chains …all without extra time from DevOps or DevSecOps Protect modern apps &APIs at the pace of digital business 2 APIs Microservices Containers Cloud-native
  • 7.
    ©2022 F5 7 • Continuouslyimprove threat detection by integrating ML + human expertise • Drive rapid mitigation by receiving real-time actionable insights • Reduce false positives through behavioral telemetry Scale defenses with integrated intelligence (AI/data + human) 3 Web app firewall Denial of service Antibot & antifraud Secure access API security Workload protection Network Effect Threat Intelligence via ML via human expertise App infrastructure protection
  • 8.
    ©2022 F5 8 Apps SecurityPosture Controls 1 Prevent app exploits 2 Mitigate bots & other automated attacks 3 Discover & control APIs 4 Protect app infrastructure Stop fraud & account takeover 5
  • 9.
    ©2022 F5 9 • Mitigationof common application attacks • OWASP 10, known vulnerabilities, zero-day • Protection from denial of service (DoS) attacks • Continuously monitor app stress to automatically detect and mitigate app-layer DoS attacks • Protect apps + infrastructure from Layer 3 DDoS • Protection from sophisticated attacks • Automatically detect + block malware • Credential protection • Prevent man-in-the-browser credential theft associated with app-level credential encryption Threat Stack F5 Advanced WAF F5 NGINX App Protect F5 Distributed Cloud WAF F5 WAF Engine 1 Prevent application exploits
  • 10.
    ©2022 F5 10 • Mitigatesophisticated bot attacks in real-time with network, device and environmental signals • Adapt quickly to attacker retooling with global collective threat intelligence and AI • Prevent reverse engineering and tampering with advanced obfuscation • Improve customer experience by minimizing the user friction of CAPTCHA and MFA • Flexibly deploy with pre-built connectors: cloud, on-prem or hybrid • Augment security staff through managed service Mitigate bots & other automated attacks 2 Collect telemetry & transaction metadata F5 Distributed Cloud Bot Defense 1 Analysis 2 Real-time Mitigation Action 3 Browser Fingerprint User Behavior Pattern Header Pattern Timing IP/ASN
  • 11.
    ©2022 F5 11 Distributed CloudAPI Security BIG-IP Advanced WAF NGINX+/NGINX Controller API API API Discover & control APIs 3 Real-time automated API protection and reporting…without additional resourcing or time • Automated API discovery and control • ML-based auto-discovery of APIs • Automatic allow-listing of good APIs • Automated baselining of behavior and ongoing anomaly detection • Rich reporting for behavioral analysis, forensics gathering and visualization of API usage • Simple integration with DevOps processes
  • 12.
    ©2022 F5 12 app Applications Orchestration Virtual machines Cloudprovider APIs Containers Threat Stack Cloud Security Platform Protect application infrastructure 4 • Secure your cloud application infrastructure • Detect and remediate threats in cloud-native infrastructure across billions of events • Get unified visibility of real-time threats • Comprehensively monitor for threats using behavior-based alerting, ML-generated insights, and human expertise • Streamline compliance and audits • Simplify cloud certifications and audit requests for HIPAA, SOC2-Type II, ISO-27001, PCI-DSS
  • 13.
    ©2022 F5 13 Stop fraud& account takeover (ATO) 5 • Stop fraud before it happens • Identify 2x–5x more fraud per month with accurate fraud detection rates and lower false positives • Adapt quickly to attacker retooling with global collective threat intelligence • Provide frictionless consumer experiences • Reduce MFA challenges up to 90% for legitimate users • Increase operational efficiency • Decrease fraud team time spent reviewing transactions by more than 50%
  • 14.
    ©2022 F5 14 F5 securesProduction Grade apps & APIs everywhere Make security enforcement more consistent & less complex across all apps 1 Maximize protection + reduce risk for modern apps & APIs at modern pace 2 Detect and mitigate threats more rapidly through AI, data & connected intelligence 3

Editor's Notes

  • #3 CDN/Edge 1.0 Assumed a limited number of origin sites Designed to deal with “dumb” clients with bad connectivity options Requires massive number of PoPs and immense storage Cloud/Edge 1.5 Assumes multiple origin sites, manually interconnected Still presumes clients might have bad connectivity More storage-efficient but still requires massive number of PoPs Distributed Cloud/Edge 2.0 Creates mesh of all origin sites Assumes clients are modern and well connected Does not require a high number of PoPs supplements with client assist, app distribution and excellent peering Distributed applications and data, which we call a distributed cloud. In this environment you can take advantage of anywhere compute/network/storage exists to offer the applications and services you need. We will go deeper into this in a moment but it begs the question, what’s changed that requires this distributed cloud? It would seem this would make the operational challenges of multi-cloud worse? Those thougthts aren’t wrong but let me start with WHY we think this is happening. We believe a Distributed Cloud architecture is required to address the demand of modern apps.
  • #5 Key Customer use cases bring the vision to life…
  • #6 Key Point: F5 provides a fabric for application security that breaks down siloes and bridges legacy + modern app architectures: Narrative: Consistent and intelligent application firewall engine; ability to plug in intelligence and deploy security when and where needed Common declarative policy; create policies once then deploy automatically across data centers, clouds and the edge. controls that are natively embedded and continuously available Automate DevOps and Security (Security as Code) w/ controls natively embedded and continuously available, via declarative APIs and/or JSON Easy, low cost and self-serve deployment flexibility as SaaS or managed service.
  • #7 Key Point: Protect modern apps and APIs at the pace of digital business  Narrative: Automated API discovery, allow-listing and anomaly detection Lightweight, high-performance security policies for microservices and Kubernetes Achieve both faster modern app dev cycles and strong protection and compliance for DevOps and DevSecOps Real-time threat detection and remediation for cloud-native infrastructure workloads
  • #8 Key Point: Scale your defenses with ML and data while turbocharging SecOps with fewer false positives Narrative: Leverage data, ML, and threat intelligence to continuously improve detection of advanced cyber threats like bots, malware, ransomware and API penetration as well as fraud Reduce false positive rates by leveraging AI / ML to combine telemetry of automated and human behaviors, as well as shared network intelligence Vision is for devices & application services providing telemetry that dynamically identifies and mitigates risk
  • #9 Key Customer use cases bring the vision to life…
  • #10 Addt big IP, XC, NGINX Highlight API… Key Point: For application layer security, our WAF (web application firewall) portfolio, as F5 managed, customer managed, or deployed as SaaS, helps to protect against common application attacks such as the OWASP Top 10 or SQL/PHP injections. We also protect from Layer 7 DoS attacks by monitoring application stress, detecting, and mitigating attacks without human intervention. Narrative COMMON APPLICATION ATTACKS OWASP 10, SQL/PHP injection. Mitigate these application vulnerabilities and the automated attacks that try to exploit them PROTECTION FROM APPLICATION-LAYER DOS ATTACKS Continuously monitors application stress, detecting and mitigating attacks without human intervention PROTECTION FROM THREAT CAMPAIGNS Automatically detects and blocks malware and sophisticated attacks CREDENTIALS PROTECTION Prevents man-in-the-browser credential theft associated with app-level credential encryption
  • #11 Before Scenario / Challenges: The impacts of bots extend beyond security​ .. Attacks that end in fraud or compliant data breaches often start with bots. Bots are used to confirm breached login information, giving access to customer accounts. Fraudsters use that access to commit fraud. Customers that are locked out of accounts and defrauded have terrible experiences. Bots will spike traffic to web and mobile apps causing downtime. Security people will spend thousands of hours per year manually blocking IPs or configuring custom rules to try and block bots.​ ​ *data from Forrester TEI report: https://www.f5.com/solutions/stop-online-fraud-forrester-tei-study?utm_medium=owned-social&utm_source=twitter&utm_campaign=amer-sde_ofp_sat&utm_content=wb-​ Key Point in Summary: XC Bot Defense will give you measurable ROI​ ​By blocking bad bot traffic with lasting efficacy, we dramatically reduce the harm caused by bots. You will enjoy dramatic cost savings brought on by credential stuffing, downstream fraud as a result of ATO, infrastructure costs associated with high traffic load, and man hours spent blocking bots. In end, XC Bot Defense permanently changes the economics in your favor. Your brand will be rewarded with happier customers, more engagement, and ultimately higher topline revenue.  Flexible deployments: We meet you where you’re at when it comes to deployment flexibility​ - We want to make it easy for you to deploy XC Bot Defense either in the cloud, on-prem, or as a hybrid configuration. In addition, we have pre-built connecters in leading application platforms and CDNs to make deployment easy and fast.​ Distributed Cloud Bot Defense mitigates malicious bots in real-time with the highest efficacy and near-zero false positives while maintaining access for good bots. Bot attacks are difficult to stop—criminals retool to bypass defenses, solving CAPTCHAs and mimicking human behavior. To stay ahead, Bot Defense uses AI for unparalleled long-term efficacy How we do it: Obfuscate web and mobile data traffic to prevent reverse engineering, collect and analyze high quality telemetry, add data from extensive network and two-stage detection and mitigation approach (1. rules based detection 2. human analyst and AI feedback) UNIFIED, SECURE TELEMETRY - JavaScript and SDK analyze web and mobile traffic data. We obfuscate both to prevent reverse engineering; proprietary signals we collect are superior to other customer deployments NETWORK INTELLIGENCE - Strong network effect with the largest customers/brands in finance, banking, ecommerce, hospitality, travel delivering a robust intelligent network THREAT MANAGEMENT WITH ML, AI, AND HUMAN INSPECTION - Stage 1: we create rules based on our historical detection patterns. Stage 2: we use AI and human analysis to constantly update the rules
  • #12 Key Point: Distributed Cloud Platform, Advanced WAF, NGINX App Protect combine the power of data analytics and deep learning to discover your app APIs, allowlist and mitigate threats. Analyzes the data collected to automatically detect APIs and create authorization policies to simplify implementation for DevOps and SecOps. Narrative: ADVANCED WAF PROTECTS REST API, JSON, SOAP, AJAX. It also provides brute force mitigation, attack signatures, and L7 DoS protection. aaS PLATFORM FOR API MANAGEMENT, GATEWAY, AND SECURITY TOOLS Volterra platform automatically discovers APIs, allow-lists good APIs, identifies malicious users, and provides a rich reporting framework for behavioral & response analysis, forensics gathering and visualizing API usage API MANAGEMENT & PROTECTION FOR MODERN APPS Solutions for environments that require lightweight, high-performance security solutions easily integrated into DevOps processes. DevOps-friendly API management and Gateway
  • #13  Key Point: Modern application development and deployment relies on cloud-native infrastructure. Threat Stack is focused on cloud-native infrastructure that powers those digital experiences. Applications are only as secure as the underlying infrastructure. Threat Stack offers security observability for the cloud. Detect and remediate threats in cloud native infrastructure. Maintain compliance (e.g. HIPAA, SOC2-Type II, ISO-27001, PCI-DSS). Proactively improve security hygiene and reduce threat surface Narrative: UNIFIED VISIBILITY INTO REAL-TIME THREATS Comprehensive monitoring leveraging behavior-based alerting rules, ML-generated insights, and human expertise CLOUD INFRASTRUCTURE SECURITY Detect and remediate threats in cloud native infrastructure across billions of events ACHIEVE COMPLIANCE AND STREAMLINE AUDITS Complete cloud certifications and satisfy audit requests for HIPAA, SOC2-Type II, ISO-27001, PCI-DSS
  • #14 Before Scenario / Challenges:  Solving ATO is complex as attackers have ready access to more automation and sophistication, fraud teams struggle to keep up, and most vendors offer point solutions that have narrow focus and take a long time to effectively detect fraud.  Key Point: In summary, Account Protection delivers a safe digital experience – it blocks fraud, while reducing friction and operational burden for fraud teams. Narrative: Account Protection focuses on detecting fraudulent behavior and stopping fraud while also reducing friction. It collects signals across the user journey –network signals, digital identity, behavioral biometrics, behavioral profiling.- these signals are aggregated, analyzed and processed in real time by an AI fraud engine which quickly detects fraudulent behavior, delivering very high fraud detection rates with very low false positives. Reduce fraud losses accurately identifies fraudulent activity in real time across the entire journey. Its AI fraud engine, fueled with advanced signal collection and highly trained machine learning (ML) models, detects malicious intent and stops fraud before it happens. increased fraud detection – we typically see 2x -5x more fraud per month than current solutions – while keeping very low false positive rates Increase operational efficiency delivers a single, high-fidelity outcome and blocks fraud in real time. There's no need to interpret scores or write or maintain rules—and transactions flagged for review are dramatically reduced. Additional outputs include reason codes and data elements to enhance existing client fraud detection systems. Our ability to quickly and accurately determine intent (good vs fraudulent behavior) gives Account Protection the ability to recommend up to 90% fewer challenges, like MIFA challenges, for legitimate users – after all an MFA challenge to a good user is not a good thing. We want to reduce friction for our loyal customers. Account Protection reduces the burden on fraud teams – it dramatically reduces the number of transactions needing review, and it takes away the constant need to create and maintain rules to respond to new fraud schemes Protect legitimate users By accurately separating legitimate users from fraudsters, Distributed Cloud Account Protection enables a low-friction customer experience without burdensome MFA. . How we do it: AI Fraud Engine uses several main families of features to determine if an online transaction is risky and potentially fraudulent. Using a JavaScript tag, it collects hundreds of clients signals per transaction and securely communicates with our API service to obtain real-time predictions on risk levels. The system uses families of proprietary features developed from years of analyzing fraudulent user traffic patterns.  Our platform tackles automated, retooled human-driven attacks – provides ATO protection across the attack lifecycle Our advanced JavaScript is hardened and built to prevent reverse engineering – it can't be defeated Our platform does away with siloes, it can bring fraud and security teams together Account Protection uses user profiles, but as those take a long time to reach prime time, it monitors and collects many more signals to give it the ability to detect fraud in real-time soon after deployment.  It takes away the need to build and maintain rules. Account protection's AI is based on proven customer fraud data, on actual signals being collected – so it is customized to the customer environment, resulting in high detection rates, low false positives.  Our platform provides real-time recommendations to allow, block or challenge when fraud is detected
  • #15 Key Point: F5 uniquely secures your applications and APIs wherever you need them (data center, cloud, edge) from a comprehensive range of cyber threats and fraud     Narrative: These drive F5s focus on the three pillars where we are leading the charge in protecting our customers applications. Build consistent security across legacy and modern applications, help our customers deploy and enforce consistent security controls for all their apps, everywhere. Provide security tools to address the unique challenges protecting modern applications and APIs How do we pull this together? By building a platform to use real customer data, combined with new machine learning models to identify real time attacks and provide real time insights and real time mitigation