CDN/Edge 1.0
Assumed a limited number of origin sites
Designed to deal with “dumb” clients with bad connectivity options
Requires massive number of PoPs and immense storage
Cloud/Edge 1.5
Assumes multiple origin sites, manually interconnected
Still presumes clients might have bad connectivity
More storage-efficient but still requires massive number of PoPs
Distributed Cloud/Edge 2.0
Creates mesh of all origin sites
Assumes clients are modern and well connected
Does not require a high number of PoPs supplements with client assist, app distribution and excellent peering
Distributed applications and data, which we call a distributed cloud. In this environment you can take advantage of anywhere compute/network/storage exists to offer the applications and services you need. We will go deeper into this in a moment but it begs the question, what’s changed that requires this distributed cloud? It would seem this would make the operational challenges of multi-cloud worse? Those thougthts aren’t wrong but let me start with WHY we think this is happening. We believe a Distributed Cloud architecture is required to address the demand of modern apps.
Key Customer use cases bring the vision to life…
Key Point: F5 provides a fabric for application security that breaks down siloes and bridges legacy + modern app architectures:
Narrative:
Consistent and intelligent application firewall engine; ability to plug in intelligence and deploy security when and where needed
Common declarative policy; create policies once then deploy automatically across data centers, clouds and the edge. controls that are natively embedded and continuously available
Automate DevOps and Security (Security as Code) w/ controls natively embedded and continuously available, via declarative APIs and/or JSON
Easy, low cost and self-serve deployment flexibility as SaaS or managed service.
Key Point: Protect modern apps and APIs at the pace of digital business
Narrative:
Automated API discovery, allow-listing and anomaly detection
Lightweight, high-performance security policies for microservices and Kubernetes
Achieve both faster modern app dev cycles and strong protection and compliance for DevOps and DevSecOps
Real-time threat detection and remediation for cloud-native infrastructure workloads
Key Point: Scale your defenses with ML and data while turbocharging SecOps with fewer false positives Narrative:
Leverage data, ML, and threat intelligence to continuously improve detection of advanced cyber threats like bots, malware, ransomware and API penetration as well as fraud
Reduce false positive rates by leveraging AI / ML to combine telemetry of automated and human behaviors, as well as shared network intelligence
Vision is for devices & application services providing telemetry that dynamically identifies and mitigates risk
Key Customer use cases bring the vision to life…
Addt big IP, XC, NGINX
Highlight API…
Key Point: For application layer security, our WAF (web application firewall) portfolio, as F5 managed, customer managed, or deployed as SaaS, helps to protect against common application attacks such as the OWASP Top 10 or SQL/PHP injections. We also protect from Layer 7 DoS attacks by monitoring application stress, detecting, and mitigating attacks without human intervention.
Narrative
COMMON APPLICATION ATTACKS OWASP 10, SQL/PHP injection. Mitigate these application vulnerabilities and the automated attacks that try to exploit them
PROTECTION FROM APPLICATION-LAYER DOS ATTACKS Continuously monitors application stress, detecting and mitigating attacks without human intervention
PROTECTION FROM THREAT CAMPAIGNS Automatically detects and blocks malware and sophisticated attacks
CREDENTIALS PROTECTION Prevents man-in-the-browser credential theft associated with app-level credential encryption
Before Scenario / Challenges:
The impacts of bots extend beyond security .. Attacks that end in fraud or compliant data breaches often start with bots. Bots are used to confirm breached login information, giving access to customer accounts. Fraudsters use that access to commit fraud. Customers that are locked out of accounts and defrauded have terrible experiences. Bots will spike traffic to web and mobile apps causing downtime. Security people will spend thousands of hours per year manually blocking IPs or configuring custom rules to try and block bots.
*data from Forrester TEI report: https://www.f5.com/solutions/stop-online-fraud-forrester-tei-study?utm_medium=owned-social&utm_source=twitter&utm_campaign=amer-sde_ofp_sat&utm_content=wb-
Key Point in Summary: XC Bot Defense will give you measurable ROI
By blocking bad bot traffic with lasting efficacy, we dramatically reduce the harm caused by bots. You will enjoy dramatic cost savings brought on by credential stuffing, downstream fraud as a result of ATO, infrastructure costs associated with high traffic load, and man hours spent blocking bots. In end, XC Bot Defense permanently changes the economics in your favor. Your brand will be rewarded with happier customers, more engagement, and ultimately higher topline revenue.
Flexible deployments: We meet you where you’re at when it comes to deployment flexibility - We want to make it easy for you to deploy XC Bot Defense either in the cloud, on-prem, or as a hybrid configuration. In addition, we have pre-built connecters in leading application platforms and CDNs to make deployment easy and fast.
Distributed Cloud Bot Defense mitigates malicious bots in real-time with the highest efficacy and near-zero false positives while maintaining access for good bots. Bot attacks are difficult to stop—criminals retool to bypass defenses, solving CAPTCHAs and mimicking human behavior. To stay ahead, Bot Defense uses AI for unparalleled long-term efficacy
How we do it: Obfuscate web and mobile data traffic to prevent reverse engineering, collect and analyze high quality telemetry, add data from extensive network and two-stage detection and mitigation approach (1. rules based detection 2. human analyst and AI feedback)
UNIFIED, SECURE TELEMETRY - JavaScript and SDK analyze web and mobile traffic data. We obfuscate both to prevent reverse engineering; proprietary signals we collect are superior to other customer deployments
NETWORK INTELLIGENCE - Strong network effect with the largest customers/brands in finance, banking, ecommerce, hospitality, travel delivering a robust intelligent network
THREAT MANAGEMENT WITH ML, AI, AND HUMAN INSPECTION - Stage 1: we create rules based on our historical detection patterns. Stage 2: we use AI and human analysis to constantly update the rules
Key Point: Distributed Cloud Platform, Advanced WAF, NGINX App Protect combine the power of data analytics and deep learning to discover your app APIs, allowlist and mitigate threats. Analyzes the data collected to automatically detect APIs and create authorization policies to simplify implementation for DevOps and SecOps.
Narrative:
ADVANCED WAF PROTECTS REST API, JSON, SOAP, AJAX.
It also provides brute force mitigation, attack signatures, and L7 DoS protection.
aaS PLATFORM FOR API MANAGEMENT, GATEWAY, AND SECURITY TOOLS
Volterra platform automatically discovers APIs, allow-lists good APIs, identifies malicious users, and provides a rich reporting framework for behavioral & response analysis, forensics gathering and visualizing API usage
API MANAGEMENT & PROTECTION FOR MODERN APPS
Solutions for environments that require lightweight, high-performance security solutions easily integrated into DevOps processes. DevOps-friendly API management and Gateway
Key Point: Modern application development and deployment relies on cloud-native infrastructure. Threat Stack is focused on cloud-native infrastructure that powers those digital experiences. Applications are only as secure as the underlying infrastructure. Threat Stack offers security observability for the cloud. Detect and remediate threats in cloud native infrastructure. Maintain compliance (e.g. HIPAA, SOC2-Type II, ISO-27001, PCI-DSS). Proactively improve security hygiene and reduce threat surface
Narrative:
UNIFIED VISIBILITY INTO REAL-TIME THREATS
Comprehensive monitoring leveraging behavior-based alerting rules, ML-generated insights, and human expertise
CLOUD INFRASTRUCTURE SECURITY
Detect and remediate threats in cloud native infrastructure across billions of events
ACHIEVE COMPLIANCE AND STREAMLINE AUDITS
Complete cloud certifications and satisfy audit requests for HIPAA, SOC2-Type II, ISO-27001, PCI-DSS
Before Scenario / Challenges: Solving ATO is complex as attackers have ready access to more automation and sophistication, fraud teams struggle to keep up, and most vendors offer point solutions that have narrow focus and take a long time to effectively detect fraud.
Key Point: In summary, Account Protection delivers a safe digital experience – it blocks fraud, while reducing friction and operational burden for fraud teams.
Narrative:
Account Protection focuses on detecting fraudulent behavior and stopping fraud while also reducing friction. It collects signals across the user journey –network signals, digital identity, behavioral biometrics, behavioral profiling.- these signals are aggregated, analyzed and processed in real time by an AI fraud engine which quickly detects fraudulent behavior, delivering very high fraud detection rates with very low false positives.
Reduce fraud losses accurately identifies fraudulent activity in real time across the entire journey. Its AI fraud engine, fueled with advanced signal collection and highly trained machine learning (ML) models, detects malicious intent and stops fraud before it happens.
increased fraud detection – we typically see 2x -5x more fraud per month than current solutions – while keeping very low false positive rates
Increase operational efficiency delivers a single, high-fidelity outcome and blocks fraud in real time. There's no need to interpret scores or write or maintain rules—and transactions flagged for review are dramatically reduced. Additional outputs include reason codes and data elements to enhance existing client fraud detection systems.
Our ability to quickly and accurately determine intent (good vs fraudulent behavior) gives Account Protection the ability to recommend up to 90% fewer challenges, like MIFA challenges, for legitimate users – after all an MFA challenge to a good user is not a good thing. We want to reduce friction for our loyal customers.
Account Protection reduces the burden on fraud teams – it dramatically reduces the number of transactions needing review, and it takes away the constant need to create and maintain rules to respond to new fraud schemes
Protect legitimate users By accurately separating legitimate users from fraudsters, Distributed Cloud Account Protection enables a low-friction customer experience without burdensome MFA.
.
How we do it:
AI Fraud Engine uses several main families of features to determine if an online transaction is risky and potentially fraudulent. Using a JavaScript tag, it collects hundreds of clients signals per transaction and securely communicates with our API service to obtain real-time predictions on risk levels. The system uses families of proprietary features developed from years of analyzing fraudulent user traffic patterns.
Our platform tackles automated, retooled human-driven attacks – provides ATO protection across the attack lifecycle
Our advanced JavaScript is hardened and built to prevent reverse engineering – it can't be defeated
Our platform does away with siloes, it can bring fraud and security teams together
Account Protection uses user profiles, but as those take a long time to reach prime time, it monitors and collects many more signals to give it the ability to detect fraud in real-time soon after deployment. It takes away the need to build and maintain rules.
Account protection's AI is based on proven customer fraud data, on actual signals being collected – so it is customized to the customer environment, resulting in high detection rates, low false positives.
Our platform provides real-time recommendations to allow, block or challenge when fraud is detected
Key Point: F5 uniquely secures your applications and APIs wherever you need them (data center, cloud, edge) from a comprehensive range of cyber threats and fraud
Narrative: These drive F5s focus on the three pillars where we are leading the charge in protecting our customers applications.
Build consistent security across legacy and modern applications, help our customers deploy and enforce consistent security controls for all their apps, everywhere.
Provide security tools to address the unique challenges protecting modern applications and APIs
How do we pull this together? By building a platform to use real customer data, combined with new machine learning models to identify real time attacks and provide real time insights and real time mitigation
