Enhancing Modern App Security: Introducing F5 Distributed Cloud App Infrastructure Protection

Today, we announced a new solution from F5 Distributed Cloud Services to help customers secure their modern app infrastructure: F5 Distributed Cloud App Infrastructure Protection (AIP). Distributed Cloud AIP—powered by technology from Threat Stack—delivers comprehensive telemetry and high-efficacy intrusion detection for cloud-native workloads and is now available as a service on the F5 Distributed Cloud Platform. With this new offering, we are able to provide customers with heightened security visibility and defense against modern threats on their app infrastructures.

Making Distributed Cloud AIP available on the Distributed Cloud Platform marks an important step for customers looking to secure today’s application environments. According to F5’s 2022 State of Application Strategy Report, 88% of organizations continue to manage a mix of modern container-native and mobile apps in addition to legacy applications that remain critical to business operations and success. More and more, customers are leveraging this modern mix to realize business benefits like greater pace of innovation, increased business agility, and improved total cost of ownership. While this is certainly a positive for customers, a tradeoff to these benefits quickly becomes apparent: there are new surfaces like containers, Kubernetes, and cloud management consoles that present new security challenges.

The Increasing Threat Surface

When we launched Distributed Cloud Services, our initial app security focus was supporting customers with our web application and API protection (WAAP) solution. This solution mitigates app vulnerability exploits, bots, and automated threats, as well as denial-of-service and client-side attacks like digital skimming malware/Magecart. This was a good start; however, apps and their APIs are only as secure as the infrastructure they are built, deployed, and operated on. As our customers continue modernizing their apps, focusing solely on WAAP capabilities is not enough. In these new environments, vulnerabilities and misconfigurations at the infrastructure level leave applications open to attack from both internal and external bad actors.

Major infrastructure attacks like Log4j, Spring4Shell, or Dirty Pipe gave intruders a new way to access the organization because they targeted cloud-native infrastructure. Bad actors could then leverage vulnerabilities in cloud services or stolen keys to get access to cloud-native resources, where they could move freely throughout the infrastructure, inject malware, run cryptominers, or access sensitive data.

Zero-day attacks evade most signature-based WAF detection mechanisms. Other attacks like Dirty Pipe targeted vulnerabilities in the Linux kernel. These threats can evade many WAAP solutions due to the nature of the attack. Distributed Cloud AIP can augment a traditional WAAP solution by detecting vulnerable components and potentially malicious behavior in real time at the infrastructure level—delivering critical information needed to take action to block or thwart further attacks/exploits of app resources and cloud workloads.

With Distributed Cloud AIP, customers can better address a larger threat surface, giving organizations increased security visibility and support by defending both modern applications and the infrastructure they run on. By having both WAAP and Distributed Cloud AIP in your environment, Distributed Cloud AIP can provide actionable insights needed for mitigation before threats are able to impact the infrastructure and the application itself.

A Closer Look at F5 Distributed Cloud AIP

Distributed Cloud AIP is a SaaS offering that combines rules and machine learning to detect threats in real time across the entire infrastructure stack: cloud provider APIs, virtual machine instances, containers, and Kubernetes clusters. With behavioral-based detection, Distributed Cloud AIP can identify insider threats, external threats, and data exposure risks for modern applications. Distributed Cloud AIP is deployed in minutes and will begin collecting telemetry on all events occurring in cloud workloads. Once deployed, customers will be able to access insightful analytics, gain assured compliance, and increase their threat detection capabilities to improve their security posture.

When combined with application and API security via Distributed Cloud WAAP, customers have a detection-in-depth approach to security threats that span applications, APIs, and the cloud-native infrastructure on which they run.

The outcomes and benefits of integrating Distributed Cloud AIP functionality into F5 Distributed Cloud Services can be summed up in four points:

• High-efficacy threat detection: Distributed Cloud AIP detects threats in real-time across billions of events collected per day with context to increase security observability within the customer environment.
• Speed of deployments for new apps: Distributed Cloud AIP is made for ephemeral environments and automates the deployment of telemetry collection without disrupting app delivery.
• Increased visibility: Distributed Cloud AIP can collect telemetry from cloud resources wherever they’re deployed—on-prem, hybrid, public, and multiple cloud providers—helping customers achieve a unified view for real-time threat detection.
• Remediation integration: Distributed Cloud AIP has robust integrations to existing security workflow tools like security information and event management (SIEM) or security orchestration automation and response (SOAR) to support remediation efforts that improve the mean time to respond.

We’re excited to deliver cloud workload protection to our customers to help them continue to take advantage of modernizing their applications and environments. To learn more about F5 Distributed Cloud AIP, visit the product page or schedule some time to connect with one of our cloud security experts.