This document discusses application threats and how to protect applications from attacks. It begins with statistics on data breaches and how web application attacks are the most common source. It then provides an overview of various types of application attacks, including client-side attacks, DDoS attacks, and web application attacks. The rest of the document discusses F5 solutions for proactively detecting and blocking bots and credential stuffing, implementing OAuth for authentication, and using a cloud-based platform for DDoS mitigation. It also touches on advanced authentication and auto-tuning thresholds to improve protection.
This PDF describe how F5 ASM can detect and mitigate Application DDoS as well as Fine Tuning the DDoS profile thresholds. this file is public.
f5 ddos best practices
f5 ddos protection recommended practices
f5 ddos protection recommended practices
This PDF describe how F5 ASM can detect and mitigate Application DDoS as well as Fine Tuning the DDoS profile thresholds. this file is public.
f5 ddos best practices
f5 ddos protection recommended practices
f5 ddos protection recommended practices
WAF ASM / Advance WAF
F5 WAF
Brute force mitigation options
Anomaly – identify the criteria that fail too many times and apply prevention policy on it
Anti bot – identify the attack agent as bot and apply prevention policy on it
Source IP – identify the attack agent origin from which the attack is originating and apply prevention policy on it
Signature – identify a pattern of the exploit or the attack agent in the payload and apply prevention policy on it
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.
Primer on DNS tunneling used as a vector for data theft via malware and insider threats with mitigation techniques and pointers on improving outbound DNS security architecture.
What You Should Know Before The Next DDoS AttackCloudflare
Last month, the world’s largest-ever distributed denial of service (DDOS) attack — 1.35 Tbps — hit GitHub and raised the stakes for every commercial website. These increasingly larger and more distributed attacks challenge security practitioners to better anticipate potential attacks on their own applications and infrastructure. In this live webinar, Cloudflare security experts will discuss the new DDoS landscape and mitigation techniques.
F5 EMEA Webinar Oct'15: http2 how to ease the transitionDmitry Tikhovich
HTTP/2 is here. It improves the way browsers and servers communicate, allowing for faster transfer of information. Today’s websites use many different components besides standard HTML, including design elements, client-side scripting, images, video, and flash animations. To transfer that information, a browser has to create several connections, putting a huge load on both the server delivering the content and the browser, which can lead to a slowdown as more and more elements are added to a site.
ASM DDoS profile - This session provides an overview on how to configure the ASM DoS profile to detect and mitigate denial of service (DoS) attacks at layer 7 of the OSI model.
This training was created by Lior Rotkovitch
F5 Offers Advanced Web Security With BIG-IP v10.1DSorensenCPR
With the new v10.1 release of BIG-IP, F5 tackles existing and emerging web security threats, while optimizing web applications to enhance end-user experience. The new release enhances an IT staff’s operational efficiency, reduces security risks and associated litigation costs, while streamlining application delivery.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
WAF ASM / Advance WAF
F5 WAF
Brute force mitigation options
Anomaly – identify the criteria that fail too many times and apply prevention policy on it
Anti bot – identify the attack agent as bot and apply prevention policy on it
Source IP – identify the attack agent origin from which the attack is originating and apply prevention policy on it
Signature – identify a pattern of the exploit or the attack agent in the payload and apply prevention policy on it
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.
Primer on DNS tunneling used as a vector for data theft via malware and insider threats with mitigation techniques and pointers on improving outbound DNS security architecture.
What You Should Know Before The Next DDoS AttackCloudflare
Last month, the world’s largest-ever distributed denial of service (DDOS) attack — 1.35 Tbps — hit GitHub and raised the stakes for every commercial website. These increasingly larger and more distributed attacks challenge security practitioners to better anticipate potential attacks on their own applications and infrastructure. In this live webinar, Cloudflare security experts will discuss the new DDoS landscape and mitigation techniques.
F5 EMEA Webinar Oct'15: http2 how to ease the transitionDmitry Tikhovich
HTTP/2 is here. It improves the way browsers and servers communicate, allowing for faster transfer of information. Today’s websites use many different components besides standard HTML, including design elements, client-side scripting, images, video, and flash animations. To transfer that information, a browser has to create several connections, putting a huge load on both the server delivering the content and the browser, which can lead to a slowdown as more and more elements are added to a site.
ASM DDoS profile - This session provides an overview on how to configure the ASM DoS profile to detect and mitigate denial of service (DoS) attacks at layer 7 of the OSI model.
This training was created by Lior Rotkovitch
F5 Offers Advanced Web Security With BIG-IP v10.1DSorensenCPR
With the new v10.1 release of BIG-IP, F5 tackles existing and emerging web security threats, while optimizing web applications to enhance end-user experience. The new release enhances an IT staff’s operational efficiency, reduces security risks and associated litigation costs, while streamlining application delivery.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
How to scale threat modelling activities across many applications and large development teams using templates and risk patterns.
Introducing IriusRisk Community edition
Presentation given at O'Reilly Security Amsterdam 2016
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
At Cloudflare, we want to share our unique position — with more than 14 million domains interacting with 175 data centres worldwide, we can draw unparalleled insights into attack trends and what these attacks look like.
Join this webinar and learn:
- Three factors that we see are leading customers to a growing exposure to security threats
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent Layer 7 attacks, and bots
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Application Security session given as part of the Solvay Executive Master in IT Management.
Explaining application security challenges for web, mobile, cloud and internet of things.
Positioning OWASP SAMM as structural and measurable framework to get application security under control in the complete application lifecycle.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Top Application Security Trends of 2012DaveEdwards12
Learn about the major risks to Cloud and Web-based Applications. What are their weaknesses? How can you deploy them in a more confident fashion and avoid the risks? What can you do to protect these applications without creating a major burden on your end-users and customers. Application Security has become one of the top most priorities of CIOs, CSOs and IT Staff in 2012. Cloud has created a paradigm shift in how we leverage technology. Learn about the power of the Cloud to Secure your applications.
Application Security-Understanding The HorizonLalit Kale
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I tried to cover broader aspects of Application Security basics. This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Prezentace z webináře dne 10.3.2022
Prezentovali:
Jaroslav Malina - Senior Channel Sales Manager, Oracle
Josef Krejčí - Technology Sales Consultant, Oracle
Josef Šlahůnek - Cloud Systems sales Consultant, Oracle
Prezentace z webináře ze dne 9.2.2022
Prezentovali:
Jaroslav Malina - Senior Channel Sales Manager, Oracle
Josef Krejčí - Technology Sales Consultant, Oracle
Josef Šlahůnek - Cloud Systems Sales Consultant, Oracle
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
7. YOUR DATA
HAS VALUE “In 429 reported
breaches studied
between 2005 and
2017, attackers have
profited $2.75 billion.”
F5 Labs Research
APPLICATIONS
ARE THE
BUSINESS
8. Web App Attacks
are the #1 Source
of Data Breaches
1%
2%
4%
5%
9%
11%
11%
14%
15%
29%
0% 5% 10% 15% 20% 25% 30% 35%
Denial of Service
Crimeware
Physical Theft and Loss
Payment Card Skimmers
Everything Else
Point of Sale
Miscellaneous Errors
Privilege Misuse
Cyber-Espionage
Web App Attacks 29%
2017 Verizon Data Breach Investigations Report
”Web Application Attacks remains the most prevalent”
“Use of stolen credentials against web applications was the dominant hacking tactic“
9.
10. “Ransomware Surges Again As
Cybercrime-as-Service Becomes
Mainstream for Crooks”
ZD Net
“Russian Hackers Selling Login
Credentials of UK Politicians,
Diplomats ‒ Report”
The Register
“Rent-a-Botnet Services Making
Massive DDoS Attacks More
Common Than Ever Before”
PC World
“IoT Botnets Are Growing ‒
and Up for Hire”
MIT Technology Review
“Attacker Demands Ransom
After Series of DDoS Attacks
on Poker Site”
Hack Read
“Hacked Yahoo Data Is
for Sale on Dark Web”
New York Times
“93% of breaches in 2016 involved organised crime”
Source: Verizon 2017 Data Breach Investigations Report
12. CLIENT
Man-in-the-browser
Session hijacking
Malware
Cross-site scripting
Cross-site request forgery
DNS hijacking
DNS spoofing
DNS cache poisoning
Man-in-the-middle
Dictionary attacks
DDoS
DNS
Eavesdropping
Protocol abuse
Man-in-the-middle
DDoS
NETWORK
Certificate spoofing
Protocol abuse
Session hijacking
Key disclosure
DDoS
TLS
Credential theft
Credential stuffing
Session hijacking
Brute force
Phishing
ACCESS
API attacks
Injection
Abuse of functionality
Man-in-the-middle
DDoS
Malware
Cross-site scripting
Cross-site request forgery
APP SERVICES
13. REPORTS ARTICLES BLOGS
“IoT Devices are the Latest
Minions in Cyber
Weaponry Toolkits”
“Mirai: The IoT Bot That Took
Down Krebs and Launched a
Tbps Attack on OVH”
“IoT Threats: A First Step into a
Much Larger World of
Mayhem”
Search by topic, type, tag, and author.
F5Labs.com
Visit Us at F5Labs.com
14. Intel Action
“Hackers Are Going Phishing In An
Overstocked Pond”
“Applications are the Targets,
Identities are the Exploit Key”
“DDoS is Plug and Play at Rates
your Network Can’t Sustain”
TECHNICAL IDENTITY APPLICATION
Administrative Recommendation:
Define your DDoS strategy:
on-premises, hybrid, or cloud?
Identity Recommendation:
Implement ID federation and multi-factor
authentication (MFA).
Administrative Recommendation:
Train your entire staff on phishing
regularly.
Technical Recommendation:
Implement a WAF to bridge the gap
between detection and remediation.
Application Recommendation:
Automated vulnerability remediation with
a WAF.
Preventative Recommendation:
Implement MFA to ensure compromised
credentials don’t compromise your app!
ADMINISTRATIVE PREVENTATIVEADMINISTRATIVE
15. Application
Threat
Intelligence
Free to the public at
Client-Side Attacks
Malware
Ransomware
Man-in-the-browser
Session hijacking
Cross-site request forgery
Cross-site scripting
DDoS Attacks
SYN, UDP, and HTTP floods
SSL renegotiation
DNS amplification
Heavy URL
App Infrastructure Attacks
Man-in-the-middle
Key disclosure
Eavesdropping
DNS cache poisoning
DNS spoofing
DNS hijacking
Protocol abuse
Dictionary attacks
Web Application Attacks
API attacks
Cross-site scripting
Injection
Cross-site request forgery
Malware
Abuse of functionality
Man-in-the-middle
Credential theft
Credential stuffing
Phishing
Certificate spoofing
Protocol abuse
f5labs.com
18. of Internet traffic
is automated
of 2016 web application
breaches involved
the use of bots
98.6M bots observed
Source: Internet Security Threat Report, Symantec, April 2017
19. Client-Side Attacks
Malware
Ransomware
Man-in-the-browser
Session hijacking
Cross-site request forgery
Cross-site scripting
DDoS Attacks
SYN, UDP, and HTTP floods
SSL renegotiation
DNS amplification
Heavy URL
App Infrastructure Attacks
Man-in-the-middle
Key disclosure
Eavesdropping
DNS cache poisoning
DNS spoofing
DNS hijacking
Protocol abuse
Dictionary attacks
Web Application Attacks
API attacks
Cross-site scripting
Injection
Cross-site request forgery
Malware
Abuse of functionality
Man-in-the-middle
Credential theft
Credential stuffing
Phishing
Certificate spoofing
Protocol abuse
Acommon
source of
many threat
vectors
Malware
Ransomware
Man-in-the-browser
Cross-site scripting
Dictionary attacks
SYN, UDP, and HTTP floods
SSL renegotiation
DNS amplication
Heavy URL
API attacks
Cross-site scripting
Injection
Malware
Abuse of functionality
Credential stuffing
Phishing
31. • No prior breach
• Dozens of account takeovers left users picking up food bills they
never ordered
• Unsuspecting victims received receipts via email, after it was too late
Fraudsters eat for free as Deliveroo
accounts hit by mystery breach
32. 70
MILLION
427
MILLION
150
MILLION
3
BILLION
In the last 8 years more than 7.1 billion identities have been exposed in data breaches1
1) Symantec Internet Security Threat Report, April 2017
2) Password Statistics: The Bad, the Worse and the Ugly, Entrepreneur Media
117
MILLION
“Nearly 3 out of 4 consumers use duplicate passwords,
many of which have not been changed in five years or more”2
3 out of 4
33. USERNAME Credit Card
Data
USERNAME Intellectual
Property
USERNAME Healthcare
Data
USERNAME Passport
Data
USERNAME Financial
Data
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
34. Info on emerging threats
What is it?
Who does it affect?
Protection strategy recommendations
Application
Threat
Intelligence
39. 1
4
2
1. User login to application
6
3
5
Auth
Server
2. User redirected to
authorisation server
3. Authorisation server
requires authentication
before authorisation
6. User access application
4. User logs in
5. Auth server grants token
SOLUTION
PROBLEM
Token-based
authorisation (OAuth)
40. • Improve user experience and registration workflow when
logging into new sites
• Ability for users to share community content
• Improve application API sharing protection
• Simplify user access to SaaS apps that support OAuth
• APM serves as OAuth client for social login
• APM is an authorization delegate for SaaS apps
• APM protects and authorizes web services APIs
DMZ
AAA
BIG-IP APM
as Client
DMZ Enterprise
Resources
BIG-IP APM as
Authorization ServerOAuth Client
External Authorization Server
41. • Centralization of authorization & SSO across apps including with non-OIDC enabled apps
• Move to industry and App Developer friendly standardization for AuthN/Z across apps
• App authorization or customization based on user identity from another Identity Provider
• OpenID Connect for Client / Resource Server
• Built-in support for Identity Providers: Azure AD,
Google, and Ping
• OpenID Connect for Authorization Server coming in
BIG-IP v14.0 (Flatrock) Release
Resource
s
OAuth 2.0
Client and
Resource Server
Identity
Provider
Network
(1
)
(2
)
(5
)
(3
)
(7
)
Authorizatio
n Server
Resources
Network
(6
)
Any
IDP
AAA Server
(4a
)
AAA Server
(4b)
42. • Mobile apps access or APIs access without an always-on or connection to the Identity Provider
• Scaling for high volume API calls or clients
• JWT required with for popular OAuth Identity Providers (i.e. Azure AD)
• JWT tokens for APM as OAuth Authorization or
Server Client / Resource Server – use digital
signatures instead of statefull tokens that need
validation
• Access and Refresh Tokens (RFC 7519)
• JWK (RFC 7517) and Well-known end points
• Support for signing JWS (RFC 7515)
• Support for asymmetric key rotation
• Built-in JWT support for Identity Providers: Azure AD,
ADFS, Amazon, F5, FB, Google
Any
IDP
AAA Server
(1b)
AAA Server
(1b)
Enterprise
Resources
BIG-IP
APM As
Resource
Server
(RS)
(2)
(1a)
(4)
(3)
Authorization Server
(AS)
OAuth
Client
(1c)
43. • Multi-level applications carry higher risk
• Desire to add additional or multi-factor
authentication (MFA) to secure parts of apps
• Need to re-validate user credentials for certain
high security sections of apps
• Protects sections of apps with client certificates
with validation, MFA providers that use HTTP or
RADIUS AAA (DUO, Yubico, RSA SecurID), or
local database
• Credentials can be checked based on any session
variable
44. • Scaling of on-prem MS ADFS for O365, MS on-prem apps,
and other apps for federation without large TCO
• Device posture checks and use of existing MFA vendor
investments
• Security concerns with having Windows in DMZ (MS WAP)
• Issues with getting MS support previously with APM as
ADFS proxy
• Proxy for Active Directory Federation Services 3.0 & 4.0
• Replaces the Proxy functionality in Microsoft WAP
• Secure access to Office365 from on-premises ADFS
• Meets Proxy Integration Protocol (PIP) specifications
• F5 APM provides proxy capability for pre-authentication (endpoint
inspection and MFA support) enabling scaling of MS ADFS
• First PIP implementation outside Microsoft
Public
Cloud
Apps
Private
Cloud
Apps
Mobile User
Remote User
Contractor
45.
46. Volumetric take-downs
Consume bandwidth of target
Network layer attack
Consume connection state tables
Application layer
Consume application resources
2005
8 Gbps
2013
300 Gbps
2016
1.2 Tbps
Source: How DDoS attacks evolved in the past 20 years, BetaNews
47. 1.2 Tbps1 Tbps620 Gbps
Mirai DDoS attacks
Source: The Hunt for IoT: The Rise of Thingbots, F5 Labs, August 2017
48. Source: Securelist, Kaspersky Lab, March 2017
Low sophistication, high accessibility
• Accessible
Booters/stressers easy to find
• Lucrative
Profit margins of up to 95%
• Effective
Many DDoS victims pay up
49. Critical info on threat source
and attack type trends
Application
Threat
Intelligence
51. • DDoS attacks are more complex – now multi-vectored
• Detection of complex multi-vectored attacks is limited with
static/single dimensional vectors
• Aggregate Rate-limiting “catches” good traffic with bad
• Per-SrcIP ineffective with spoofed IP’s or “wide” botnet
attacks
• Attack detection in both inline and out-of-band
deployments
• Sub-second attack detection
• Detects anomalies compared against historical baseline
• Statistical method baselines 3,000+ L3/4 metrics
• Dynamically generates “signatures” (vectors) upon attack
detection
• On-demand/real-time “signature” creation and sharing
• Targeted “signatures” = Low false positive rate
• Detect-only mode allows review before enforcement
Monitor and Baseline L3/L4
AFM
52. Per-App (VS) Auto-Thresholding and SrcIP
Awareness
• Administrators have difficulty determining correct static
thresholds for DDoS
• Normal traffic patterns change as applications evolve and
administrators are unable to keep up
• There is difficulty in distinguishing between “good guys”
(legitimate traffic) and “bad actors” (threats)
• Computes thresholds automatically for all 120+ DDoS vectors or
only selected vectors
• Thresholds are continuously adjusted based on changes in
traffic patterns
• “What-If” mode available, with report-only and no drops
• Per-SrcIP awareness available on every vector
• Significantly reduces human involvement and errors resulting in
greater DDoS accuracy and lower operational impact
53. L7 DDoS Threshold Auto-Tuning
• Determining appropriate DDoS thresholds is difficult
• Ensuring DDoS threshold accuracy as traffic patterns change is a
challenge
• Simplifies DDoS threshold settings configuration
• Safeguards accuracy of DDoS threshold settings as traffic patterns
change
• Analyzes measured resource usages and automatically establishes
threshold values based on historic normalized traffic behavior
• Thresholds can be automatically established per DeviceID, Source
IP, URL and site wide, automatically adjusting to continuously
strengthen attack responses
• Drives efficiency, accuracy and control
• Strengthens defense policies for greater application protection
60. In the first quarter
of 2017, a new
specimen of
malware emerged
every 4.2 seconds
1 in every 131
emails included
malware in 2016
of all breaches in
2016 involved
some form of
malware
Sources:
1) Malware trends 2017, G DATA Software
2) Symantec Internet Security Threat Report, April 2017
3) WannaCry Update, Rapid7 Blog, May 2017
4.2 seconds
1 in every 131
Over half (51%)
61. Use our research to
learn about new types
of malware
Application
Threat
Intelligence
62. Injects into running processes
Hooks functions inside Windows DLLs
MitM – sends credentials to command
and control center
64. Drop zone
Mobile
Field Name Encryption
AJAX
JSON
Hacker
Bots
DataSafe Encryption
Users
credentials
088373be1 = user
0x8xb28 = 12345
User = user
Password = 12345
App-level encryption
No Client or Impact to users
Stolen credential cannot be re-used No app updates required
Goes beyond TLS/SSL
65. What Are The Problems and Solutions?
Sales have challenges in
positioning subscriptions
Existing sale model require
registered users
MiTB stealing credentials
MiTM attacks
What We Will Offer:
Perpetual License
Perpetual license, this is what sales are used
to sell, easily add-on to any other product
Message Level Encryption
Encrypt sensitive fields such as password, similar
to what we offer with WebSafe
Add-on Module
Add-on to any TMOS based platform, No
user count, Price based on Platform
1 2 3
69. Key Benefits:
• Protects Web and mobile apps from
exploits, bots, theft, app-layer DoS
• Prevent malware from stealing data
and credentials
• Prevent Brute Force attacks that
use stolen credentials
• Eliminate time-consuming manual
tuning for App-layer DoS protection
Defend against bots
• Proactive bot defense
• Anti-bot mobile SDK
• Client and server monitoring
Protect apps from DoS
• Auto-tuning
• Behavioral analytics
• Dynamic signatures
Prevent Account Takeover
• App-level encryption
• Mobile app tampering
• Brute Force protection
Mobile
Bot Mitigation
Credential Protection
App-Layer DoS
Hacker
Anti-bot
Mobile SDK
Bots
F5 Advanced WAF
Users
credentials
70. Key F5 Advantages
✓ Bot Protection
✓ Account Takeover
✓ App-Layer DoS
Bot protection beyond signatures and reputation
✓ Web and mobile app protection
✓ Client fingerprinting
✓ Server performance monitoring
Account Takeover that stops credential theft and abuse
✓ Application Layer Encryption
✓ Obfuscation and evasion detection
✓ Comprehensive Brute Force mitigation
App-Layer DoS that adapts to changing apps
✓ Real-time application baselines
✓ Behavioral analysis with machine learning
✓ Dynamic signatures with low false positives
71. F5 Networks Positioned as a
Leader in 2017 Gartner Magic
Quadrant for Web Application
Firewalls*
F5 is highest in execution within the Leaders Quadrant.
* Gartner, Magic Quadrant for Web Application Firewalls,
Jeremy D’Hoinne, Adam Hils, Claudio Neiva, 7 August 2017
89. • Deep technical expertise
• Global footprint
• Rapid resolution to issues
• Monitoring tools and AskF5
• ISO 9001: 2008
BIG-IP Virtual Edition subscription SKUs
• ELA compatible VE visions V11.4 forward
• New versions will be added as available
Premier Support Included in PriceProducts Covered
GBB Level 25M 200M 1G 3G 5G 10G
Good ● ● ● ● ● ●
Better ● ● ● ● ● ●
Best ● ● ● ● ● ●
* - Maximum user license
# - 250K / 1M License – End of Jan. 2018
Standalone Modules 25M 200M 1G 3G 5G 10G
BIG-IP ASM ● ● ●
BIG-IP AFM ● ● ● ● ● ●
BIG-IP APM* ● ●
BIG-IP DNS # 250K 1M
Per-App VE 25M 200M
BIG-IP LTM ● ●
BIG-IP ASM ● ●
90. Significantly Reduce Your Initial Investments
With Subscriptions
0 1 2 3 4 5
TotalInvestment
Years
Significantly Increase Ability To Support Your
Apps With The Same Budget
16 18
37
40 44
93
$300K $500K $700K
VE Version +
VE Subscription
1G GOOD
1G BEST
1G BETTER
More Than 3
Years Of Savings
~2.5X VEs With
Subscription
93. DEVELOP
Source : F5 SOAD 2018Q. How is digital transformation influencing your application decisions? Select all that apply
DEPLOY DELIVER
IT’S CHANGING HOW WE
DEVELOP APPS
(MOVING TO AGILE)
WE’RE USING
AUTOMATION AND
ORCHESTRATION
ACROSS IT
WE’RE MOVING TO
DELIVER MORE APPS
FROM THE PUBLIC
CLOUD