f5 advanced waf playbook 2018 - softchoice · f5 is uniquely positioned application protection |...
TRANSCRIPT
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
F5 Advanced WAF
Playbook 2018
April 2018
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition
Pricing and
PackagingSales Resources
Mobile
Bot Mitigation
Credential Protection
App-Layer DoS
Hacker
Anti-bot
Mobile SDK
Bots
F5 Advanced WAF
Userscredentials
What is Advanced WAF Why Sell Advanced WAFMarket Opportunity Why Customers Buy
Protect against bots, credential attacks, and app-layer DoS
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
$840
$941
$1,025
$1,100
$0
$200
$400
$600
$800
$1,000
$1,200
2018 2019 2020 2021
Total Market
High growth market fueled by proliferation of apps, APIs, and business
digital transformation
What is Advanced WAF Market Opportunity Why Sell Advanced WAF Why Customers Buy
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
1%
2%
4%
5%
9%
11%
11%
14%
15%
0% 10% 20% 30% 40%
Denial of Service
Crimeware
Physical Theft and Loss
Payment Card Skimmers
Everything Else
Point of Sale
Miscellaneous Errors
Privilege Misuse
Cyber-Espionage
Web App Attacks 29%2017 Verizon Data
Breach
Investigations Report
”Web Application Attacks
remains the most
prevalent”
“Use of stolen credentials
against web applications
was the dominant hacking
tactic“
•Protecting apps is a hard problem to cost-efficiently solve
•Apps continue to be the #1 source of data breaches
•WAF deployment is leading practice – your customer is going to buy one
•Addresses a C-Level risk management concern
What is Advanced WAF Market Opportunity Why Sell Advanced WAF Why Customers Buy
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
SENSITIVE DATA CLOUD
APPS
APIs
Half of applications remain vulnerable
APIs are being exploited and abused
Transformation createsoperational challenges
Web Application Firewalls are the fastest and most cost-effective way to address application vulnerabilities in production
What is Advanced WAF Market Opportunity Why Sell Advanced WAF Why Customers Buy
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Addresses Top Threat App Protections Advanced Protections
3%
11%
33%
53%
Other (VPN, PoS, infra.)
Physical
User / Identity
Web App AttacksWeb app attacks are the #1 single point of entry in successful data breaches…
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Stop web attacks
Fix vulnerabilities
Risk & compliance
WAF
Technology
WAFs provide coverage
for OWASP Top 10
WAFs can be an
alternative to code review
WAFs fix vulnerabilities
promptly without
maintenance windows
WAFs don’t require
access to source code
or developers
Addresses Top Threat App Protections Advanced Protections
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Traditional WAF:
SSL/TLS InspectionSSL/TLS Inspection
ScriptingScripting
OWASP Top 10OWASP Top 10
Advanced WAF:
Malicious Bots
Credential Attacks
API Attacks
SSL/TLS Inspection
Scripting
OWASP Top 10
Addresses Top Threat App Protections Advanced Protections
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security
F5 is uniquely positioned
Application Protection | Advanced WAF
• Mitigate bots for web and mobile apps
• Prevent credential theft and abuse
• Defend against application DoS
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from F5 Networks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Automated attacks are increasing in frequency and sophistication
77% of web attacks are from bots
Mobile apps are a growing target
Malicious Bots
MobileProactive Bot Defense
Hacker
Anti-Bot
Mobile SDK
Bots
F5 Advanced WAF
Web
Advanced WAF | mitigate bots for web and mobile apps
✓ Proactive Bot Defense blocks web bots automatically
✓ F5 Anti-Bot Mobile SDK only allows trusted mobile users
Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Hackers target credentials and sensitive data
3 billion credentials reported stolen in 2016
Credential Attacks
The victim is infected
with malware
Advanced WAF | prevent credential theft and abuse
✓ DataSafe encrypts and obfuscates sensitive data
✓ Brute Force Mitigation prevents credential stuffing
Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security
OverviewCapabilities &
Use CasesBusiness Drivers
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Application Denial of Service (DoS)
Advanced WAF | defend against application DoS
✓ Automated baseline and stress monitoring
✓ Behavioral analytics and machine learning
Application layer DoS has increased by 43%
Application layer DoS evades static security solutions
Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security
OverviewCapabilities &
Use CasesBusiness Drivers
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
API Security
Unprotected APIs are being exploited
Modern application architectures leverage
Application Programming Interfaces (APIs)
Advanced WAF protects APIs:
✓ Rest API, JSON, SOAP, AJAX, XML, WSDL parsing
✓ Brute Force mitigation, attack signatures, L7 DoS
Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetitionBusiness Drivers Sales Resources
Pricing and
Packaging
OWASP Top 10
A broad consensus on the most critical web application
security flaws
Advanced WAF protects from the OWASP Top 10:
✓ Mitigations for all well known persistent attacks
✓ Beyond OWASP: bots, credential theft, application DoS
Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Qualifiers Key Stakeholders Discussion Questions Objection Handling
▪ New application initiatives
- Net new application deployments with budget
- Moving existing apps to cloud environments
- Business digital transformation projects
- Building new application APIs
▪ Compelling events
- Data breach
- Out of compliance / fines
- Failed audit
▪ Has competitive product
- Using Imperva, Barracuda, or other basic
WAF
▪ Few or limited applications
- No apps or apps are not a part of the business
model
- Low risk exposure for applications
- No application APIs
▪ No compelling event or initiative
- No pain
- No budget AND no pain
Qualifiers Disqualifiers
Check back in 3-6 months, things may have changed
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Stakeholder $ Top Concerns
CIO/CISO (or representative)Focus on business capacity and asset control
YesKeeping pace with business - Become an enabler of business and not an the bottle neck
Reducing business risk – Identification and implementation of risk mitigating controls
LOB/App Owner
Focus on speed to market/implementationYes
Business success - Leverage IT tools for business objectives, not deeply concerned with details of
deployment, just want to get it done. Don’t want to know the sausage ingredients, just want the finished
product
IT Ops/Director (Ops)Focus on availability, uptime, and resource
allocation
No Happy users / Operational success - Application availability, business as usual
Compliance Officer Focus on privacy and regulatory compliance
NoKeeping up to date – Regulatory & compliance laws: PCI-DSS, data protection.
Developing process - Implement technology and practices compliant with best practices
Director Risk ManagementFocus on implementation & awareness of risk
management
NoConsulting lines of business – provide education and training for risk management policy
Identify Risk Gaps – in business process and projects, escalate and work to resolution
Enterprise / Security ArchitectFocus on infrastructure, costs, and best
practices
No
Improving decision making - Technology strategy for enterprise operations.
Leading adoption - The identification, analysis, evaluation, and life-cycle management security
technologies
Qualifiers Key Stakeholders Discussion Questions Objection Handling
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Questions to Ask Follow-up Questions
How many web/mobile business apps do you
host?
Do you have the SecOps capacity to manage all of
your application security policies?
What are you doing to protect apps from
attacks?
What is the business impact of a an app outage or
breach? What about an app data breach?
How do you create and manage app security
policies?Are they efficient? How do you know?
How do you safeguard sensitive user data in
use by your applications?
What is the business impact of an app data breach?
If you could encrypt this data without impact to the
app or client, would you do it?
What percentage of your app traffic is from
bots? Do you have a solution in place to block
malicious bot traffic?
Would blocking bot traffic make your apps more
efficient? Reduce costs? How do you stop bot-
based fraud?
Qualifiers Key Stakeholders Discussion Questions Objection Handling
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Qualifiers Key Stakeholders Discussion Questions Objection Handling
Our customer have found that the Advanced WAF helps optimize efficiency and operational costs by using behavioral analytics to automatically generate and deploy optimal security policies. The added advanced features – for bot mitigation, credential protection, and data encryption have also been compelling drivers for our customers.
I already have a WAF, why should I care about F5 Advanced WAF?
I understand, basic WAFs are easy to use. However these only provide simple protections. With AWS you pay per rule and request. If you want to keep it simple, consider F5 managed rules for AWS WAF our managed service, Silverline. These provide simplicity and offer advanced protections created by F5 pros.
I’ll just use the AWS WAF
OverviewCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingBusiness Drivers
Market Advantages Imperva
Bot Protection beyond signatures and reputation
✓ Web and mobile application protection
✓ Client fingerprinting
✓ Server performance monitoring
Account Takeover that stops credential theft and abuse
✓ Application Layer Encryption
✓ Obfuscation and evasion detection
✓ Comprehensive Brute Force mitigation including credential stuffing
Application DoS that adapts to changing apps
✓ Real-time application baselines
✓ Behavioral Denial of Service with machine learning
✓ Dynamic signatures with low false positives
Key F5 Advantages
✓ Bot Protection
✓ Account Takeover
✓ Application DoS
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
• Imperva lacks capabilities to defend against web and mobile bots, protect from data compromise, and mitigate application layer DoS.
• Imperva lacks bot protection for mobile apps, has no ability to protect from credential compromise, has limited ability to protect against client-side evasions, lacks server monitoring of mitigation effectiveness, lacks behavioral analysis or dynamic signature creation.
• There is serious performance degradation for SSL/TLS decryption for Perfect Forward Secrecy (PFS), content re-writing, and authentication.
• Imperva has a high TCO due to reliance on multiple subscriptions and requirements for Gateway and Management (MX) servers.
• There is no integration between SecureSphere and Incapsulsa (e.g. dynamic signaling), and Incapsula has a limited Security Operations Center (SOC) and customers become reliant on self-managed policies.
Market Advantages Imperva
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Solution Components Platforms Upgrades and Migration Sample Orders
Standard WAF(ASM)
Anti-Bot
L7 DDoS
DataSafe
$ A.Bot M$ API Sec*
Base ADC
Upstream Signaling*
C. Device ID* (S)
Behavioral DoS Unlimited
Credential Stuffing DB*(S)
Threat Campaign* (S)
(S$) - Subscription ($) - Add On (I) – Advanced WAF
APP-LAYER
ENCRYPTION
BEHAVIORAL
DDOS
ANTI-BOT
MOBILE SDK
PROACTIVE
BOT DEFENSE
(*) – Coming soon
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Th
rou
gh
pu
t
Virtual Editions (VEs)
• All F5 VEs
Cloud Platforms (Cal Q2)
• AWS
• Azure
Managed Services
• F5 Silverline
F5-BIG-AWF-i2800
Solution Components Platforms Upgrades and Migration Sample Orders
$32,995
F5-BIG-AWF-i4800
F5-BIG-AWF-i7800
F5-BIG-AWF-i10800
$154,495
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Customer Type What to Sell Available Add-ons
(At Launch)
New Customer Advance WAF
• Anti-bot mobile SDK
• DataSafe
• IP Intelligence
ASM stand-alone Upgrade to Advanced WAF
• Anti-bot mobile SDK
• DataSafe
• IP Intelligence
GBB (Best) Upgrade to Advanced WAF
• Anti-bot mobile SDK
• DataSafe
• IP Intelligence
LTM LTM Add-on for Advanced WAF
• Anti-bot mobile SDK
• DataSafe
• IP Intelligence
Solution Components Platforms Upgrades and Migration Sample Orders
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Solution Components Platforms Upgrades and Migration Sample Orders
F5-BIG-AWF-I5800BIG-IP i5800 Advanced Web Application
Firewall (48 GB Memory, SSD, Max SSL, Max
Compression, vCMP)
BIG-IP Anti-Bot Mobile SDK Add-on License
for i5X00 Advanced Web Application Firewall
BIG-IP IP Intelligence License for
5250v/5050s/i5X00 (3-Year Subscription)
Installation BIG-IP Advanced Web Application
Firewall (per pair, standard hours)
BIG-IP Essentials Training (4 days)
F5-BIG-AWF-I10800BIG-IP i10800 Advanced Web Application
Firewall (128 GB Memory, SSD, Max SSL,
Max Compression, vCMP, Dual AC Power
Supplies)
BIG-IP Anti-Bot Mobile SDK Add-on License
for i10X00 Advanced Web Application Firewall
BIG-IP IP Intelligence License for
102XXv/10X5Xs/72XXv/705Xs/i7X00 (3-Year
Subscription)
Installation BIG-IP Advanced Web Application
Firewall (per pair, standard hours)
BIG-IP Essentials Training (4 days)
F5-VPR-AWF-C4480-ACVIPRION 4480 Advanced Web Application Firewall
Chassis (4 x Slots, 4 x AC Power Supplies)
VIPRION 4450 Advanced Web Application Firewall
Blade NEBS (256 GB Memory, 6 x QSFP+ Ports, 2 x
QSFP28 Ports, NEBS Level 3 Certified)
VIPRION Anti-Bot Mobile SDK License for 4800
Chassis
VIPRION IP Intelligence License for 4800 Chassis (3-
Year Subscription)
Installation BIG-IP Advanced Web Application
Firewall (per pair, standard hours)
BIG-IP Essentials Training (4 days)
Capabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
PackagingOverview Business Drivers
Sales Motions Key ResourcesIncentives
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
Upsell Sales Motion Key ResourcesIncentives
Program Details:
• PIO opportunities must be created and closed between October 1, 2017 and September 30, 2018
• All qualified PIOs that include a qualifying WAF SKU above $10k will be eligible for rebate
• Maximum payout per opportunity is $20k USD
• List price is defined as the SKU price on F5’s price list
• Proof of Imperva displacement is required to earn kicker
• All qualifying PIO deals must be closed and booked at 100% in F5 systems on or before September 30, 2018
• Rebates will be paid at the end of every quarter for deals that closed in the previous quarter
• This rebate is stackable with other current F5 partner rebates and incentives; check Partner Central for additional information
F5 List Price Rebate
$10k - $50k $1000 USD
$50k - $100k $2500 USD
$100k + $4500 USD
Additional Kickers:
• 2x rebate when displacing an eligible Imperva product
• Additional $1000 for all ASM upgrade to Adv. WAF SKUs sold
WAF Rebate Program Offer details:
Sell any standalone, add-on ASM or WAF SKU (including Silverline) above $10k list price to earn a rebate. To qualify, it must be a Partner Initiated Opportunity (PIO) and meet the minimum list price target:
Overview Business DriversCapabilities &
Use Cases
Qualifying &
DiscoveryCompetition Sales Resources
Pricing and
Packaging
• Customer Deck
• Quick Reference Guide (QRG)
• Advanced WAF FAQ
• F5 Security Product Line Card
• Email Template
• Advanced WAF
• DataSafe
• Anti-bot SDK
• WAF Assessment Service
• IP Intelligence Service
• App Protect Library
• Gartner WAF Magic Quadrant
• OWASP Top 10 Webinar
• Case Studies
• F5 Labs
Upsell Sales Motion Key ResourcesIncentives