F5 comprehensive protection against application attacks

Jakub Sumpich

Territory Manager Eastern Europe

j.sumpich@f5.com

F5 Agility 2014 2

Evolving Security Threat Landscape

spear phishing

redirected traffic

DNS malformed packet

smurf attack

syn flood

slowloris

web scraping

malware

URL tampering

brute force

SSL renegotiation CSRF

recursive GET

cookie tampering

CVE

XSS

DNS Cache Poisoning Identity Extraction

Trojans

ICMP Flood

parameter tampering

social engineering

SQL Injection

UDP flood

privilege escalations

HashDos

HTTP fragmentation

excessive GET/POST

key loggers

sockstress attack

ping of death Phishing

DNS Amplification

F5 Agility 2014 3

The Growing Complexity of Application Attacks

Webification of apps

Evolving security

threats

71% of surveyed experts predict most work will be done via web-based or mobile apps by 2020

Cost of single cyber attack can be well above $1,000,000

Successful attacks per week, Penomon Institute, Cost of Cyber Crime Study

Monitored cyber attacks in US, IBM Security Services,

2014 Cyber Security Intelligence

Index

1.5M 1M

of all Americans use web apps

122

69%

F5 Agility 2014 4

Attacks are Moving “Up the Stack”

90% of security investment focused here

Network Threats Application Threats

75% of attacks focused here

Source: Gartner

F5 Agility 2014 5

• Most developers have known production software issues

• Vulnerabilities result from defects and issues

• Most developers cannot also be web security experts

• Not scalable to address on per-application basis

Some Firewall Vendors Would Have You Believe...

“Only those corporations that believe they have coding issues in their web applications need a WAF.”

F5 Agility 2014 6

• “97% of websites at immediate risk of being hacked due to vulnerabilities! • 69% of vulnerabilities are client side-attacks”

• - Web Application Security Consortium

• “8 out of 10 websites vulnerable to attack” • - WhiteHat “security report ”

• “75 percent of hacks happen at the application.” • - Gartner “Security at the Application Level”

• “64 percent of developers are not confident in their ability to write secure applications.” - Microsoft Developer Research

Almost every web application is vulnerable!

F5 Agility 2014 7

How long to resolve a vulnerability?

Website Security Statistics Report

F5 Agility 2014 8

Protecting the application layer requires a Web Application Firewall (WAF)

App Security not Addressed by Traditional Firewall Vendors

Slowloris

SQL injections

Cross site request forgery (CSRF)

HTTP DOS

Cross site scripting (XSS)

HashDOS

SSL-encrypted application attacks

Phishing attacks

GET Floods

Sensitive Data Leakage

Site reconnaissance

Web page scraping Cookie injection and poisoning

Brute force logins & forceful browsing

Session hijacking

F5 Security Strategy

F5 Agility 2014 10

We support the biggest

47 of the Fortune 50 Companies

9 of the top 10 US

Airlines 29 of the top 30 US

Commercial Banks

10 of the top 10 US Telecoms

9 of the top 10 US Wireless Carriers

10 of the top 10

Global Brands

10 of the top 10 Global Automotive Companies

9 of the top 10 Global

Oil & Gas Companies

F5 Agility 2014 11

Application Delivery Firewall (ADF) Solution Protecting your applications regardless of where they live Bringing deep application fluency and price performance to firewall security

EAL2+

EAL4+ (in process)

Network Firewall

One Platform

Traffic Management

Application Security

DNS Security

SSL Access Control

DDoS Protection

Web Fraud Protection

F5 Agility 2014 12

Full Proxy Architecture = Full Proxy Security

Network

Session

Application

Web application

Physical

Client / server

L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation

SSL inspection and SSL DDoS mitigation

HTTP proxy, HTTP DDoS, and application security

Application health monitoring and performance anomaly detection

Network

Session

Application

Web application

Physical

Client / server

F5 Agility 2014 13

Full Proxy Security

Network

Session

Application

Web Application

Physical

Client / Server

L4 Firewall: full stateful policy enforcement and TCP DDoS mitigation

SSL inspection & SSL DDoS mitigation

HTTP proxy, HTTP DDoS, and Application Security

Application health monitoring and performance anomaly detection

Network

Session

Application

Web Application

Physical

Client / Server

SS

L

SS

L

TC

P

TC

P

Ac

ce

ss

On

eC

on

nec

t

HT

TP

Ap

p F

W

Th

ird

part

y

HT

TP

High-performance HW

iRules

iControl API

Traffic management microkernel

Proxy

Client side

Server side

F5’s Approach

• TMOS traffic plug-ins

• High-performance networking microkernel

• Powerful application protocol support

• iControl—External monitoring and control

• iRules—Network programming language

IPv4

/IP

v6

F5 Agility 2014 14

Benefits of Full-Proxy Architecture

Rule

Rule

Rule

TCP

SSL

HTTP

TCP

SSL

HTTP

Rule

Rule

Rule

ICMP flood SYN flood

SSL renegotiation

Data leakage Slowloris attack XSS

Network firewall

WAF WAF

F5 Agility 2014 15

Application Access

Network Access

Network Firewall

Network DDoS Protection

SSL DDoS Protection

DNS DDoS Protection

Application DDoS Protection

Web Application Firewall

Fraud Protection

Virtual Patching

Comprehensive Application Security

F5 Agility 2014 16

• Provide transparent protection from ever-changing threats

• Secure against the OWASP top 10 and targeted zero-day threats

• Offer bot detection measures

• Enable DAST integration and virtual patching to reduce risks from vulnerabilities

• Provide positive/negative security, L7 DoS protection, and IP reputation

• Support dynamic intelligent services

Choose the Right Web Application Firewall (WAF) Solution

Secure response delivered

Request made

Server response generated

Firewall applies security policy

Vulnerable application

Firewall security policy checked

WAF

F5 Agility 2014 17

• Provides comprehensive protection for all web application vulnerabilities, including (D)DoS

• Logs and reports all application traffic and attacks

• Educates admin. on attack type definitions and examples

• Enables L2->L7 protection

• Unifies security, access control and application delivery

• Sees application level performance

• Provides On-Demand scaling

BIG-IP Application Security Manager Powerful Adaptable Solution

ASM and SSL

ASM can do SSL termination and Offload SSL traffic from Web Servers

SSL key exchange done by hardware

SSL bulk encryption done by hardware

Centralize certificate management

SSL Offload

End-to-End Encryption

F5 Agility 2014 19

4000 series 10000 Series

5000 Series 7000 Series

Good, Better, Best Platforms

11000 Series

Choosing the Right Platform

5Gbps

3Gbps

1Gbps

200M

25M

VIPRION 2400

VIPRION 4480 VIPRION 4800

F5 physical ADCs High-performance with specialized and

dedicated hardware

Physical ADC is best for: • Fastest performance

• Highest scale

• SSL offload, compression, and DoS mitigation

• An all F5 solution: integrated HW+SW

• Edge and front door services

• Purpose-built isolation for application delivery workloads

Physical + virtual =

hybrid ADC infrastructure Ultimate flexibility and performance

Hybrid ADC is best for: • Transitioning from physical to

virtual and private data center to cloud

• Cloud bursting

• Splitting large workloads

• Tiered levels of service

F5 virtual editions Provide flexible deployment options for virtual environments and the cloud

Virtual ADC is best for: • Accelerated deployment

• Maximizing data center efficiency

• Private and public cloud deployments

• Application or tenant-based pods

• Keeping security close to the app

• Lab, test, and QA deployments

Physical Hybrid Virtual

2000 series*

New 10Gbps

*Note: 2000 Series appliances is not offered with Better or Best bundles

New VIPRION 2200

Built for intelligence, speed and scale

Users

Concurrent user sessions

200K Concurrent logins

3,000/sec.

Throughput

640 Gbps Concurrent connections

288 M Connections per second

12.2 M

SSL TPS (2K keys)

240K/sec

DNS query response

12 M/sec

Resources

F5 Agility 2014 21

Working with Other Security Technologies Ensuring the best protection requires a multi-vendor approach

ENDPOINT INSPECT/AV

CERTIFICATES ENCRYPTION

SIEM DAST MULTI-FACTOR

AUTHENTICATION

WEB ACCESS MANAGEMENT

DATABASE FIREWALL

MOBILE OS MOBILE DEVICE MANAGEMENT

SECURITY CHANGE

MANAGEMENT

FIPS/HSM SECURITY

DNS SECURITY AND SBS

WEB AND SAAS SECURITY

F5 Agility 2014 22

F5 Reference Architectures Real solutions for real problems

Benefits • Minimize deployment times

• Reduce security design costs

• Strengthen security posture

© F5 Networks, Inc.

DDoS

Protection

S/Gi Network

Simplification

Security for

Service Providers

Application

Services

Migration to Cloud

DevOps

LTE

Roaming

Intelligent

DNS Scale

Cloud

Federation

Cloud

Bursting

Secure Web

Gateway

Web Fraud Protection

High Performance

IPS