Historically, many people assume that cybersecurity is a relatively new concern, ascending as a priority within the last decade. Practically speaking, though, cybersecurity dates to the 80s, before most people even had a computer. In 1988, Robert Morris accidentally created a computer worm, which slowed the early Internet down significantly. This was an era when few people were concerned about malicious software and no one had protective software installed. It infected 10 percent of the computers then on the Internet.
Today’s Internet is much larger, but perhaps not much more secure. Some things have actually gotten worse. Today, many more cyber adversaries are after applications, as they represent the defining value propositions for most businesses. As in the F5 Labs’ 2019 Application Protection Report, “Any way you measure it—by port, by breaches, by compromised records—applications are the number one target on the Internet.”
The trend of digital transformation has also increased the application footprint (consider different and expanding form factors like web, mobile, APIs, microservices, bots, and more). Additionally, modern app architectures are diverse in nature and extend across hybrid and multi-cloud environments, with each app service carrying a potential for compromise and increased exposure. The need to protect each app service has become more vital since app layer attacks remain the #1 type of attack.
Standard security tools generally fall short in defending against sophisticated attack campaigns, as some are difficult to detect automatically. For comprehensive app protection, modern web application firewalls (WAFs) need to be equipped with live, strategic, and actionable threat intelligence. And while manual threat hunting in-house might be the best path for some organizations, it may not constitute a practical approach in terms of cost and efficacy.
F5’s approach: To better address the security landscape described above, F5 has introduced its Threat Campaigns subscription as an add-on service to F5 Advanced WAF. The service helps customers protect their applications and IT infrastructure from sophisticated attacks by detecting active attack campaigns and malware.
Returning to the historical comparison, figuring out who is behind particular attacks is not as easy as waiting for that person to get worried and send out apology notes and warnings, as Morris did in 1988. F5 Threat Campaigns can proactively gather context on target information, payload analysis, tactics, prevention, malicious requests, and intent. In return, there are fewer false positives, enabling the security team to mitigate effectively and leading to lower overall costs.
F5 is helping businesses digitally transform by enabling developers, security teams, and operations to scale their security capabilities without impacting business velocity. The value of accurate, insightful data is realized by detecting and acting upon a threat before the attack occurs, not a month after the breach. The F5 Threat Campaigns offering provides a glance into a hacker’s preliminary approach to block attacks proactively.
Like any security solution, F5 Threat Campaigns won’t solve all your problems, but it can be an essential line of defense. Applications are integral to organizations' business models—and in many cases not only are businesses dependent on apps, but the apps are the business (consider companies like Airbnb, Uber, Netflix).
Many of today’s most prevalent attack types aren’t new, but they remain commonly seen as not everyone understands the risks and how to mitigate them properly over time.
The underlying equation is simple: If applications lack security, organizations lose business. There is no modern world without cybersecurity, and not everyone can outpace the proverbial bear that’s after the livelihood of organizations and their competitors. Cyclically, the more cybercrime we see, the more cybersecurity will emerge (and vice versa).
This is why we’ll continue discussing them. And this is why cybersecurity is becoming even more relevant in an age of digital transformation.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...