BLOG

Business as Usual, Making the CISO Smile

F5 Miniatur
F5
Published April 10, 2018

CISOs don’t smile much these days. It’s a hard job. Tasked with having ultimate responsibility of corporate security, the CISO must balance business driving innovation with the corporate responsibility for security and adequate system controls. Business advantages however, are not often gained without some degree of risk. As organizations transform the business with new applications and automation, it usually means exposing these business applications to the Internet and all the dangers that come with it. These applications are out there. Exposed. Potentially vulnerable. Scary. There are security options out there, but can the right mitigation be enforced before the bad happens?

At the top of the bad list is service disruption. Disruptions measurably impact the business, and denial of service (DoS) attacks come cheap these days. Earlier this year, the "JenX" DDoS-for-hire thingbot could be bought for $20. For less than the price of a decent pizza, an attacker could launch a 300 Gbps DDoS attack capable of taking down your average business app. The critical CISO mission becomes to ensure the application (business) stays available, uneventful, and “business as usual.”

Protecting applications against a litany of attacks requires mitigating controls. However, the attacks today are both larger and more sophisticated. The Mirai thingbot generated traffic volumes of over 1.2 terabit per second. GitHub went down to an even larger attack. Other attacks rely on guile instead of brute force – attaching at the application layer. Low bandwidth attacks like Slowloris can target the application itself. Slowloris attacked the web server’s request handling capabilities by sending multiple requests that never complete – exhausting connection resources resulting in a denial of service. No CISO smiles here.

Defending against these DoS attacks requires both application and network layer protections. The newly updated F5 DDoS Hybrid Defender provides the best of both. The ultra-resilient design enables applications to stay available even under the most intensive attacks. The on-premises appliance serves as the primary defense. When needed, it can automatically redirect traffic to F5 Silverline DDoS Protection for off-premises scrubbing service and then smoothly transition traffic back to business as usual operations.

At the application layer is where DDoS Hybrid Defender is truly impressive. F5 has proficiency in the healthy delivery of applications. This technological expertise is infused into DDoS Hybrid Defender leveraging analytics and machine learning to understand the expected “code of conduct” for protected applications. It identifies when applications are under siege from low volume attacks (e.g., slowloris) that evade network-only (layer 4) defenses. DDoS Hybrid Defender knows when these attacks are customer-impactful by monitoring the server’s customer-visible health metrics. But here is the really cool part – it automatically creates and deploys a mitigation signature to stop it before it can impact application availability. Are self-tuning and automated defenses enough to make a CISO smile? I think we are getting close.

It gets better. F5 has designed the DDoS Hybrid Defender specifically for the SOC operator. It offers simple out-of-the box configuration and a number of deployment options to fit just about any environment. The new console clearly shows all the important things to know, not a just mountain of data. The real kicker is the performance. DDoS Hybrid Defender delivers the best performance for the price on the market. Huzzah!

Can our stern-faced CISO feel confident about authorizing new applications and technologies? What if the mitigating controls actually contribute ROI by increasing uptime and business capacity? What if these controls can be implemented cost-effectively and with minimal staffing requirements. What if using F5 DDoS Hybrid Defender made every day an uneventful, nothing to see here, “business as usual” day? I think that could be enough to crack a smile, if only short term.