Securing the New Perimeter

Multiplying applications means multiplying risks

Applications today are everywhere, crossing boundaries between personal and professional, mobile and desktop, the data center and the cloud. This is causing the traditional network perimeter to quickly dissolve as organizations’ infrastructures decentralize. As such, business data now 'lives' everywhere: Disparate and mobile user bases with multiple devices are accessing data in applications located across data centers, private clouds and the public cloud. And by some estimates, an upwards of 75% of internet traffic is now encrypted, which means IT is attempting to protect all of this data in all of these places while wearing a virtual blindfold.

The challenge for organizations is daunting: They face a decrease in visibility, context and control, which means an increase in surface area for cybercriminals to mount attacks. CISOs and their teams are struggling with how to keep up with this ever-changing landscape. Defending the network is no longer enough. It’s time to rethink traditional security architectures to begin addressing in earnest the areas of greatest vulnerability: applications and users.

Application-centric security

True application-centric security requires deep visibility into application traffic and users, cutting edge threat intelligence alongside sophisticated response strategies, and control over access to applications and data. F5 believes these solutions need to be an integrated, intrinsic, dedicated part of application and access and identity management, not standalone or bolt-on.

It is to this end that F5 is focused on making apps safer in three areas:

• SSL Visibility: Give customers critical visibility into the traffic on their networks that many traditional defenses leave exposed, making the entire security stack more effective and simplifying management.
• Application Access:  Mitigate risk by authenticating and authorizing the right people access to the right applications and data, while ensuring they connect to those applications securely.
• Application Protection:  Keep security close to the app to protect against data theft and ensure constant app availability—whether in the data center or in the cloud.

New innovations and services 
Today, we are announcing several new products and services aimed at delivering critical visibility, context and control to customers.

• We are launching the first two solutions in our new Herculon line – a family of dedicated enterprise security products built on a high-performance F5 hardware platform. Herculon products provide visibility, intelligence, and protection for vulnerabilities that traditional defenses leave exposed. The Herculon products are built specifically for security professionals, to address their unique needs and the critical role they play in digital transformation.
  • Herculon SSL Orchestrator (SSLO) combines industry-leading cryptographic capabilities with context-aware dynamic service chaining and native integration with a vast number of popular standalone network security and advanced threat management solutions to enhance enforcement capabilities, heighten detection capabilities, and improve network operations and orchestration.
  • Herculon DDoS Hybrid Defender delivers superior infrastructure protection by combining sub-second detection of and multilayered defense against multi-vector and volumetric DDoS attacks across network, session, and application layers while intelligently integrating offsite cloud scrubbing in a convenient, all-in-one form factor.
     
• F5 Silverline WAF Express Service. Built on BIG-IP Application Security Manager (ASM), the Silverline WAF Express Service is designed to offer a simple, Agile-friendly deployment experience without compromising on the protections necessary to defend applications, no matter where they reside. This new service enables anyone to quickly initiate and provision WAF services without requiring training or in-depth security knowledge, while providing valuable insights through a cloud-based reporting, monitoring and management portal.
   
• To augment these and our full line of F5 security products, a global Security Incident Response Team (SIRT) is now available to deliver immediate response for all F5 customers facing threats to their applications and data.

Finally, F5’s position in the network – successfully routing high volumes of application traffic – places us on the front line of security and provides us a deep understanding of security threats. This builds a strong foundation for the expansion of our F5 Labs team, which combines the expertise of our security researchers with threat intelligence data we collect to provide actionable, global intelligence on the “who, what, when, where, why and how” of cyber threats—and to identify future trends. Through the work of F5 Labs, we aim to enhance the discussion of threat intelligence in today’s application-centric world with a broadened set of perspectives and data sources. 

It takes a village

We recognize every organization has different needs and different approaches, and no vendor has a “one size fits all” solution. That’s why F5 is part of and continues to build a rich security ecosystem – our partnerships are the glue that empowers us to deliver innovative, integrated, comprehensive application security solutions to customers.

We are committed to helping our customers secure their critical applications and data, and enhance their total security portfolio with end-to-end protection across all applications, from the data center to the cloud; with flexible control over access and users; and real-time intelligence informing real-time mitigation strategies.

We aspire to create a world where customers feel safer, where their investments are protected and where they may confidently grow their businesses and succeed in today’s rapidly transforming digital world.