Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly.
Together with our event partners Cisco, F5, and Bromium, Scalar brings you solutions to these problems, as well as a full presentation on our managed security services portfolio.
19. What Youāll Learn from This Presentation
āŗ How existing NGFWs focus only on apps and
ignore threats that creates challenges
āŗ How CiscoĀ® FireSIGHT Management Center
provides comprehensive visibility into threats
āŗ How Cisco Adaptive Security Appliances (ASA) with
FirePOWER Services deliver superior protection across the
entire attack continuum
āŗ How Cisco ASA with FirePOWER reduces costs and
complexity
46. peĀ·rimĀ·eĀ·ter
1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s),
periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call itā¦DMZ
48. Defense in depth
The principle of defense-in-depth is that layered security
mechanisms increase security of the system as a whole. If an
attack causes one security mechanism to fail, other mechanisms
may still provide the necessary security to protect the systemā¦ā¦
Implementing a defense-in-depth strategy can add to the
complexity of an application, which runs counter to the āsimplicityā
principle often practiced in security. That is, one could argue that
adding new protection functionality adds additional complexity that
might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth
50. Protecting against Threats is challenging
Webification of apps Device proliferation
71% of internet experts predict
most people will do work via web
or mobile by 2020.
95% of workers use at least
one personal device for work.
130 million enterprises will
use mobile apps by 2014
Evolving security threats Shifting perimeter
58% of all e-theft tied
to activist groups.
81% of breaches
involved hacking
80% of new apps will
target the cloud.
72% IT leaders have or will
move applications to the cloud.
F5 Agility 2014 50
54. BIG-IP Application Security Manager
BIG-IP Ā® ASMā¢ protects the applications your business relies on most and scales
to meet changing demands.
Multiple deployment
options
Visibility and
analysis
Comprehensive
protections
ā¢ Standalone or ADC add-on
ā¢ Appliance or Virtual edition
ā¢ Manual or automatic policy
building
ā¢ 3rd party DAST integration
ā¢ Visibility and analysis
ā¢ High speed customizable syslog
ā¢ Granular attack details
ā¢ Expert attack tracking
and profiling
ā¢ Policy & compliance reporting
ā¢ Integrates with SIEM software
ā¢ Full HTTP/S request logging
ā¢ Granular rules on every HTTP
element
ā¢ Client side parameter
manipulation protection
ā¢ Response checks for error &
data leakage
ā¢ AV integrations
F5 Agility 2014 54
55. Comprehensive Protections
BIG-IP ASM extends protection to more than application vulnerabilities
L7 DDOS
Web Scraping
Web bot
identification
XML filtering,
validation &
mitigation
XML Firewall
Geolocation
blocking
ICAP anti-virus
Integration
ASM
F5 Agility 2014 55
58. Whoās Requesting Access?
Employees Partner Customer Administrator
Manage access based on identity
IT challenged to:
ā¢ Control access based on user-type and role
ā¢ Unify access to all applications (mobile, VDI, Web, client-server, SaaS)
ā¢ Provide fast authentication and SSO
ā¢ Audit and report access and application metrics
F5 Agility 2014 58
59. Security at the Critical Point in the Network
Physical
Virtual
Cloud
Storage
Total Application Delivery Networking
Services
Clients Remote
access
SSL
VPN
APP
firewall
F5 Agility 2014 59
60. BIG-IP APM Use Cases
Internet Secure Web Gateway
Accelerated Remote
Access
Internet Apps
Enterprise Data
& Apps
Federation
Cloud, SaaS,
and Partner
Apps
App Access Management
BIG-IP APM
OAM
VDI
Exchange
Sharepoint
F5 Agility 2014 60
61. Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
F5 Agility 2014 61
63. Full Proxy Security
Client / Server
Web application
Application
Session
Network
Physical
Application health monitoring and performance anomaly detection
HTTP proxy, HTTP DDoS and application security
SSL inspection and SSL DDoS mitigation
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
Client / Server
Web application
Application
Session
Network
Physical
F5 Agility 2014 63
64. F5 Provides Complete Visibility and Control
Across Applications and Users
DNS Web Access
Intelligent
Services
Platform
Users
Securing access to applications
from anywhere
Resources
Protecting your applications
regardless of where they live
Dynamic Threat Defense
DDoS Protection
Protocol Security
Network Firewall
TMOS
F5 Agility 2014 64
65. PROTECTING THE DATA CENTER
Use case
Load
Balancer
Firewall/VPN
ā¢ Consolidation of
firewall, app security,
traffic management
Network DDoS
DNS Security
Balancer & SSL
ā¢ Protection for data
centers and
application servers
Application DDoS
Web Application Firewall
Load
ā¢ High scale for the
most common
inbound protocols
Before f5
with f5
Web Access
Management
F5 Agility 2014 65
66. F5 Bringing deep application fluency to Perimeter security
One platform
SSL
inspection
Traffic
management
DNS
security
Access
control
Application
security
Network
firewall
EAL2+
EAL4+ (in process)
DDoS
mitigation
F5 Agility 2014 66
67. How do I implement
perimeter Security with
F5?
68. Reference Architectures
DDoS
Protection
S/Gi Network
Simplification
Security for
Service
Providers
Application
Services
LTE
Roaming
Migration
to Cloud
DevOps
Secure
Mobility
DNS
Cloud
Federation
Cloud
Bursting
F5 Agility 2014 68