セキュリティに対する懸念からWeb Application Firewall（WAF）の需要は高まっていますが、どのWAFが自社のニーズに最もよく合っているかを判断することは簡単ではありません。
組織は、ハイブリッド クラウドおよびマルチクラウド環境のレガシー アプリケーションと最新のアプリケーションを保護するために、常に多数のセキュリティ管理を導入し調整しています。アプリケーションの安全性はそれらが稼働するインフラストラクチャに依存するため、アプリケーションやAPIから基盤となるクラウドネイティブ インフラストラクチャまで、アーキテクチャ スタック全体にセキュリティを拡張する必要があります。
DNS（ドメイン ネーム システム）は多くの方に知られていますが、GSLB（Global Server Load Balancing）としても知られるDNSロード バランシングをご存じの方はあまりいないかもしれません。簡単に言えば、これはDNSのよりインテリジェントなバージョンであり、アプリケーションの正常性とクライアント ソースIPアドレスに基づいたトラフィックのステアリングを可能にします。
ビジネス部門とIT部門で生じるサイロは、モダン エンタープライズ アーキテクチャにSREを組み込むことで橋渡しすることができ、これが、効率的で拡張性のあるデジタル ビジネスを目指す変革を後押しします。
エクスペリエンスは視点に基づくものであり、視点は構築できないため、良好なデジタル エクスペリエンスの技術的要件である可用性、セキュリティ、パフォーマンスに対応するデジタル サービスの構築に重点を置く必要があります。
今日のエンタープライズ アーキテクチャには、技術革新を推進する鍵となる、俊敏性、拡張性、セキュリティ、可観測性といった必須の要素が欠けていますが、ここで説明する6つの主要な技術力は、企業がそのデジタル トランスフォーメーションにおいて、リスクと課題をうまく制御するのに役立ちます。
F5は、AWS MarketplaceのConsulting Partner Private Offers（CPPO）プログラムと標準のPrivate Offerプログラムの両方にローンチ パートナーとして参加して以来、AWS上のアプリケーションを保護する信頼できるプロバイダとなるため、クラウド対応セキュリティ ソリューションを進化させ続けています。
オンライン小売業者とeコマース ベンダーの皆様へ：クライアント側のデータとオンライン決済をデジタル スキミングやMagecart攻撃から保護するための、新たなセキュリティ基準が策定されました。
デジタル トランスフォーメーションの取り組みが加速し続ける一方で、さまざまな業界が、悪意のあるボットに対するアプリケーション セキュリティを確保してビジネス インパクトを最小限に抑えるという大きな課題に直面しています。では、最初に行うべきことは何でしょうか。それは、ボットがビジネスに及ぼす定量的な影響と定性的な影響を経営幹部や役員に説明することです。
Threat Stackのテクノロジを搭載したF5 Distributed Cloud AIPは、クラウドネイティブ ワークロード向けの包括的なテレメトリと高性能な侵入検知を提供します。お客様は、モダンアプリケーションとそれらが稼働するインフラストラクチャをどちらも保護するための可視性とサポートを強化することで、拡大する攻撃対象に適切に対処できます。
APIの爆発的な普及により、ヘッドレス アーキテクチャが台頭し、GraphQLがこのネオモダンなアプリケーション アーキテクチャで注目されています。
F5 Chief People Officer Ana White is spearheading an ambitious plan to transform F5’s culture—making the company both human-first and high-performance.
アプリケーション プログラミング インターフェイス（API）が大きな注目を集めています。APIは新しいものではありませんが、COVID-19によるデジタル トランスフォーメーションの加速、ソフトウェア統合の強化、レガシー アプリケーションをクラウド用に再プラットフォーム化する取り組みといった最近の動向により、APIスプロールが継続的に発生しています。これは、組織が現代のデジタル経済で成功を収めるために行う管理、セキュリティ、さらにはアーキテクチャの選択にも影響を与えています。
多くの企業は、現在もデジタル トランスフォーメーションの過程にあり、デジタル サービスの品質は、人、ソフトウェア、システムなど、消費者のデジタル エクスペリエンスに影響を与えます。 アプリの配信とセキュリティは、これらのデジタル サービスをサポートし、企業がデジタルの世界で競争できるようにするために不可欠です。
ボット対策、アカウント保護、認証インテリジェンス ソリューションを含むF5 Distributed Cloud Servicesを使用してAdobe Commerceアプリケーションを保護します。
私たちの多くは、待ち望んでいた休暇旅行やバケーションをようやく計画し始めています。おそらく、パンデミックが始まって以来、実際に短期休暇をとる初めてのチャンスでしょう。ロイヤルティ プログラムで使わずにたまっていたマイレージやホテルのポイントを償還する予定の方もいるかもしれません。サイバー犯罪者によってロイヤルティ ポイントが吸い取られたことが判明したとしたら、どれほど驚くか想像できますか。サイバー犯罪者は、あなたのロイヤルティ アカウントに対して不正を働き、侵害したのです。
既報の通り、日立製作所様のOSSソリューションのポートフォリオに弊社F5 NGINX Plusが採用されました。今回、その採用に至った背景、協業の経緯、狙い、市場動向など様々な角度から日立製作所様と話し合う対談の場を設けました。その対談の書き起こしブログです！！
F5も参加したGlobal Privacy Assemblyは、先日、クレデンシャル スタッフィングに関する初の政府間ガイドラインを発表しました。このガイドラインでは、この種の脅威によって世界規模で個人データにリスクが及ぶこと、組織がこの脅威への対策を講じることがデータ保護法で義務付けられていることを述べています。
F5は、今年2022年2月にセキュリティ、マルチクラウド接続、エッジベースコンピューティングのソリューションをクラウド上で一元的に提供するSaaSプラットフォーム「F5 Distributed Cloud Services」を発表し、そのDistributed Cloud Services上のサービスの第1弾として、F5のセキュリティ技術を単一のSaaSサービスへ統合した「F5 Distributed Cloud WAAP（Web Application and API Protection）（以下、WAAP）」サービスの提供を開始しました。
F5は、2022年のTech for Good助成金受領者を発表しました。選定されたのは、世界中でより活気のあるコミュニティを作ることに取り組んでいる25のNGOです。
Cindy Borovick：組織がデジタル トランスフォーメーションの取り組みを進める中で、アプリケーション セキュリティとデリバリ技術が中核的な能力として浮上してきました。それと同時に、企業にとって最も重要なデジタル資産であるアプリケーションには、パフォーマンス、可用性、セキュリティ、IDといった包括的なカテゴリで、あらゆる種類のサポート手段が必要であることがわかってきました。
ワークロードの導入が多様な環境やアプリケーション アーキテクチャに急速に広がっているため、組織はすべてのアプリケーションに対して、どこでも一貫したセキュリティ管理を実施できるようにしたいと考えています。F5では、市場をリードするWeb Application Firewallツールの統合スイートを提供して、ポリシー、テレメトリ、インサイトを共有しながら、組織がユース ケースに適したWAFを導入できるようにすることをビジョンとして掲げています。
本連載では皆様にF5 Distributed Cloud Services(略称 F5 XC)を使い始めていただくための情報をまとめております。F5 XCが求められる状況、そして「無料」でご利用いただくための手順、用途に合わせた機能の紹介を行っております。第3回目となる今回は、F5 XC App Stackを用いてアプリケーションのデプロイを簡単に、そしてパワフルに実施する方法をご紹介いたします。
本連載では皆様にF5 Distributed Cloud Services(略称 F5 XC)を使い始めていただくための情報をまとめております。F5 XCが求められる状況、そして「無料」でご利用いただくための手順、用途に合わせた機能の紹介を行っております。第２回目となる今回は、アプリケーションのロードバランス機能についてご紹介いたします。
多くの企業は、データとアプリケーションの分散ワークロードをエッジに展開することを計画していますが、そのためには、これらのワークロードをサポートできるエッジ アプリケーション プラットフォームが必要になります。このプラットフォームは、新しいアプリケーション パターンのニーズに対応し、運用エクスペリエンスとデータおよび制御のフローの両方に重点を置いたものであることが求められます。
Edge computing is under pressure to simultaneously evolve with each wave of the internet. As we ride the third wave, this next evolution demands the creation of a platform to support new capabilities within the edge ecosystem. A platform that cannot simply be bolted together, but requires a new approach with design considerations at the architectural level.
F5 Labsは先日、今年度の「アプリケーション プロテクション レポート」を公開しました。このレポートは、複数のソースのデータを組み合わせて、時間とともに進化する脅威の状況、組織の特性と組織が直面する攻撃手法との関係、そして最も重要な、リスクを軽減するためにセキュリティ担当者ができることを理解するためのものです。
本連載では、皆様にF5 Distributed Cloud Servicesのご利用を開始いただくための情報をまとめております。F5 Distributed Cloud Servicesが求められる状況、そして無料でご利用いただくための手順、用途に合わせた機能をご紹介いたします。
どんなに巧妙な脅威であっても、F5のAdvanced Threat Research Center of Excellenceにはすべてお見通しです。このチームは、今日のサイバーセキュリティ脅威の詳細を解明するために厳格な調査を実施し、インサイトを共有して、脅威を阻止できるよう支援しています。
Dan Woodsが、組織を悩ますサイバーセキュリティに関する７つの神話を提示してから２年が経ちました。その後、世界は経済的、政治的、技術的に衝撃を受け、ITチームを悩ませ続けている追加の７つの神話がさらにクローズ アップされています。
ゲスト ブロガーのSean Wrightが、証明書の目的と、証明書がTLS接続の安全性確保において重要な役割を果たす理由を説明します。
今年の「アプリケーション戦略状況」レポートは、デジタル トランスフォーメーションのリーダーであるために必要な資質を解明することを目的としています。デジタル イノベーターは、お客様とどのように対話すべきか、組織では製品やサービスをどのように製造および作成すべきか、社内の運用チームや技術スタックはこれらの体験をどのように提供すべきかという点について、最前線で対応にあたります。
The need for multi-cloud and edge deployments stems from the growing digital landscape and accelerating business requirements.
ソフトウェア サプライ チェーンに対して既存のセキュリティでは不十分であり、組織がSREのアプローチを用いて運用をモダナイズするにつれて、状況は悪化の一途をたどっていくことでしょう。デジタル トランスフォーメーションの取り組みをやり遂げたいと考えている組織は、今の不足している状況を真摯に受け止め、最初から、ツールと運用ソフトウェアに安全なソフトウェア サプライ チェーンのアプローチを取り入れる必要があります。
サイバー攻撃の増加や世界的なサプライ チェーン不足の中でセキュリティ ニーズに対応するため、F5はAmazon Web Services（AWS）と提携し、BIG-IP SSL Orchestratorのハイパフォーマンス仮想エディションをAWSに導入するソリューションの提供を開始しました。Catherine Newcombが、AWSでのSSL Orchestrator（SSLO）の導入が最適な選択となり得る理由を詳しく説明します。
企業は、ゼロ トラスト アーキテクチャを採用し、F5のDistributed Cloud Bot DefenseとDistributed Cloud Account Protectionを使用してクレデンシャル スタッフィング攻撃を阻止することで、リスクの軽減を図ることができます。
半世紀近く前に確立された、ビジネスで使用されるエンタープライズ アーキテクチャのフレームワークは、今日のデジタル トランスフォーメーションをサポートするには十分ではありません。デジタル ビジネスを成功させるために、企業とIT部門はエンタープライズ アーキテクチャをモダナイズする必要があります。
2022年2月に発表されたF5 DCS(Distributed Cloud Services)を利用することで、どのようなセキュリティ対策を取ることができるか、いくつかのユースケースのご紹介をしてきます。
デジタル トランスフォーメーションの勢いを持続させるために、組織はビジネス部門に改めて焦点を当てる必要があることが明らかになってきました。カスタマ エクスペリエンスが依然として優先される一方で、法務、人事、財務などのビジネス部門をデジタル化することが必要なのです。つまり、デジタル トランスフォーメーションがアプリケーションのモダナイズから運用のモダナイズへと移行する中で、主導権はCIOに移りつつあります。
2022年4月９日、NGINXのLDAP拡張機能におけるセキュリティの脆弱性が公開されました。拡張機能のみが影響を受けると判断しております。NGINX オープンソースやNGINX Plus自身は影響を受けません。詳細についてはこちらの記事をご覧ください。
Linuxカーネルで発生する脆弱性「Dirty Pipe」では、任意の読み取り専用ファイルのデータを上書きできるようになるため、ルート プロセスへのコード挿入による権限昇格につながる可能性があります。つまり、Dirty Pipeはインフラストラクチャ レベルに集中していますが、環境全体を包括的に把握することで、このような脆弱性が発生しても適切に管理することができます。
この半年間に自動車、洗濯機、ノートパソコンなどを買おうとした人は、世界的な半導体不足により、消費者向け製品のリード タイムが軒並み長くなっていることをご存知でしょう。そして、ITの世界も（F5を含めて）残念ながら例外ではありません。ただし、F5には、F5 Journeys Migration Utilityのような革新的なツールがあり、ビジネスに影響を与えるサプライ チェーンの課題にお客様が迅速に対応できるよう支援します。
デジタル技術の加速は、組織が直面するさまざまな機会や課題に影響を与えます。ビジネス リーダーは、カスタマ エクスペリエンスの向上、ビジネスの変革、アプリケーション ポートフォリオによる差別化を目指しています。同時に、ITオペレータは、増大し続けるセキュリティの脅威、レガシー アプリケーションとインフラストラクチャ、圧倒的な複雑さに取り組んでいます。
F5とPromonの提携により、お客様は、Promonのコード不要で手間のかからないSDK統合プラットフォームを通じて、モバイル アプリケーションにF5 Distributed Cloud Bot Defenseの全機能を迅速かつ容易に実装することができます。つまり、AndroidおよびiOSアプリケーションを、アプリのコードに触れることなく、すばやく（数分以内で）保護できるのです。保護されたアプリケーションは、公開アプリ ストアを介してすぐに配信できます。
F5 Distributed Cloud WAAP（Web App and API Protection）は、業界をリードするWAF機能にDDoS緩和やボット対策、API保護を組み合わせた多層ソリューションです。これらすべての機能を導入が簡単なSaaSソリューションに統合することで、F5はシンプルなコントロール セットによって最先端のセキュリティ機能を提供し、アプリケーションとAPIをさまざまな脅威から保護します。
BIG-IP Cloud-Native Network Functions（CNF）は、ゼロコピー アーキテクチャによるネットワークのモダナイズに向けた移行への道筋の一部として、セキュリティに重点を置いています。
家庭や企業でコネクテッド デバイスへの依存度が高まり、ITとOTの融合が加速する中、運用とデジタル システムの境界は曖昧になり続けています。このような統合の流れにはわくわくしますが、同時に考慮しなければならない課題や懸念も生じます。
F5 Distributed Cloud Web Application and API Protectionは、マルチクラウドや分散環境に導入されたWebアプリケーションやAPIを保護し、今日の現代企業のデジタル エクスペリエンスを保護するために重要な4つの主要なコンポーネント（Web Application Firewall、API Security、Bot Defense、およびDDoS Mitigation）を統合しています。
F5 Distributed Cloud Web Application and API Protection（WAAP）の提供開始は、当社のパートナーエコシステムと共同顧客にとって大きなチャンスとなります。この新しいSaaSサービスは、アプリケーションセキュリティ最新の進化を象徴するものであり、セキュリティと価値を最大限に高めるために当社パートナーと連携する場合も含め、お客様のエンタープライズ アプリケーションを保護するという当社のコミットメントを広げるものです。
モダンアプリケーション環境は、マルチクラウド、マイクロサービス、APIと、データセンタベースのレガシーアプリケーションが共存する世界へと進化し続けています。プロセスが複雑になり、アプリケーション開発に対する時間的な制約が増していることから、セキュリティ対策ははるかに困難になっています。組織はアプローチを簡素化する必要がありますが、F5 Distributed Cloud Servicesではすぐにご支援可能です。
今月は、IT業界の多くの人々にとって厳しい月でした。12月10日、Javaアプリケーションで広く一般的に使用されているApache Software FoundationのLog4jと呼ばれるロギング ライブラリに重大なゼロデイ脆弱性が発見されたと発表されました。
世界中のセキュリティチームでは、12月9日に公表されたApache Log4j2セキュリティの脆弱性 (CVE-2021-44228)によってもたらされる脅威を理解し、そのリスクの度合いを特定し、緩和策を講じるために、24時間体制で取り組んでいます。Apache Log4j2の脆弱性に対する防御についてF5エンジニアが解説いたします。
What do you do when SD-WAN over the Internet isn’t enough? Move that automation to a physical network and connect it everywhere.
As December comes to a close, tech pundits dust off their crystal balls and share their predictions for the coming year. For Peter Silva's annual list, he's compiled a collection of what the industry is saying (and anticipating) for 2022.
Vulnerabilities, exploitations, mitigation, and remediation are always disruptive, and it’s F5’s mission to do what we can to provide expertise and support for customers. Teams across F5 have been actively working on tools and guidance to help already overburdened application and security teams mitigate this significant industry threat.
企業はパブリック クラウド環境の魅力として、拡張性、コスト削減を可能にする多様な利用方法、俊敏性の向上など、多くの理由を挙げています。しかし、既存のアプリケーションを移行する場合でも、パブリック クラウドでホストされる新しいアプリケーションのために拡張した運用を構築する場合でも、またはその両方でも、採用するアーキテクチャのアプローチによって、ビジネス ケースの成否が決まると言っても過言ではありません。
What we call ourselves in this world matters. And when our lives and identities change, our names often do too. In the quarter century since F5 Networks was founded, we’ve gone through many evolutions, but our name has remained the same. It’s time for a change.
企業は、最新のサイバー攻撃に対抗し、eコマース ビジネスを保護して、ユーザーがチェックアウトするまでのシームレスで安全なプロセスを確保する必要があります。そのためには、セキュリティと不正行為対策のソリューションとチームを連携させ、リアルタイムのモニタリングとインテリジェンスを提供することで、カスタマ エクスペリエンスを損なうことなく、ビジネスに影響が及ぶ前に、人為的な不正行為と自動化された不正行為の両方を軽減する必要があります。
F5 Bot Defenseを使用してボット攻撃などから防御および保護することで、あらゆるチャネルでSalesforce Commerce Cloudのセキュリティを確保します。
カスタマ エクスペリエンス（CX）がアップタイムにのみ関連していると考えるのは誤りです。CXは、電源が入っているかどうかだけでなく、全体的な操作から生じる感覚の影響を受けます。また、CXは顧客とじかに接するアプリケーションに限定されるものではありません。主に人間以外の存在（機械やスクリプトなど）がアクセスするアプリケーションでも、プロセスのどこかに人間が介在しています。その結果、CXはデジタル トランスフォーメーションにおいてますます重要な要素となり、開発ライフサイクルにも関連してきます。
Services like AWS Transit Gateway have significantly simplified cloud networking. F5's Volterra further extends the concept of multi-tiered hub-and-spoke networking to the global level, effectively functioning as a multi-cloud transit gateway to connect public and private clouds.
Formjacking attacks can be overlooked, in part because of threats like ransomware tend to generate more headlines. However, as the holiday season approaches and online shopping ramps up, we can be sure that attackers aren't overlooking it, so here's a quick reminder about what this threat means to e-commerce organizations and what we can do about it.
デジタル トランスフォーメーションとクラウド テクノロジの導入により、アプリケーションのアーキテクチャに変化が生じています。このような変化により、新たな攻撃対象が登場し、資金力があり高度に組織化された巧妙な攻撃手法に狙われています。F5は、NVIDIAのMorpheusフレームワークを利用して、リアルタイムのテレメトリとAIを活用した分析により、このような高度な脅威を検出する技術を研究しています。
How to achieve operational freedom by mixing and matching cloud providers and app services
David Warburton looks at the good, the not so good, and the just plain bad in terms of how organizations are using encryption, sourced from F5 Labs' 2021 TLS Telemetry Report.
Volterraが、Gartnerによる「2020年版クラウド コンピューティングにおけるクール ベンダー」に選出されました。2021年のクラウド ネットワーキングにおいて、Gartnerがなぜ当社を引き続き取り上げているのかをご確認ください。
企業がコネクテッド クラウド戦略に移行する中で、ワークロードの管理と保護は複雑な課題となっています。F5がどのようにして、マルチクラウド ネットワーキングへの新しいアプローチの需要に応えているかをご覧ください。
Justin Brister outlines how a secure cloud architecture can enable financial services organizations in the UK (and beyond) to meet their regulatory and security obligations without compromising on innovation.
モニタリング2.0とも呼ばれる可観測性は、オペレータやデジタル ビジネスにとって、ユーザー エクスペリエンスとビジネス成果の関係を理解して安定させる際にこの技術の導入を大きく前進させるものです。しかしまだ戦いの半分に過ぎず、残りの半分には分析と自動化が関わってきます。
Cultural Survivalは、世界中の先住民族文化のアドボカシーを強化するために、F5の2021年Tech for Good助成金を利用してWebサイトを再構築しています。
When it comes to ensuring every security product in your stack is in the position to do what it does best, an approach that centralizes all SSL management and intelligently steers traffic to your security devices will be the foundation of your orchestration solution.
驚いたことに、F5がBIG-IP VE for SmartNICsソリューションを発表してから1年余りが経ちました。このソリューションは、BIG-IP Virtual EditionとIntel SmartNICを統合し、パフォーマンスと効率を向上させると同時にコストを削減する製品です。
F5の2021年Tech for Good助成金を受け取ったSacred Valley Projectでは、ペルーの遠隔地に住む先住民族の少女たちが大学への出願や受験勉強ができるように、27台のノートパソコンを購入しています。
Astonishingly, a little over a year has passed since F5 launched the BIG-IP VE for SmartNICs solution and during this time, both the internet and application landscape have continued to rapidly evolve.
企業が「デジタル アズ デフォルト」運用モデルへの移行を続けると、運用は容易になりますが、複雑さが増すことになります。タスクの自動化にはより多くのコードが必要であり、デジタル拡張にはより多くの接続が必要であり、AIを活用したビジネスにはより多くのデータが必要です。そして、複雑さはセキュリティの敵でもあります。そのため、企業はセキュリティ スタックを適応させて維持する必要があります。
銀行および金融サービス業界は数年前からデジタル トランスフォーメーションに取り組んでおり、顧客のデジタルへの期待がCOVID-19と相まって、オープン バンキングやプラットフォーム バンキングなどの主要な取り組みを加速させています。
Over the past several years, many organizations have been going through a digital transformation, a process which has accelerated due to the COVID19 pandemic.
The HTTP protocol is, for the most part, running the web. It is the communications protocol that drives most internet traffic. New ways of network optimizing internet communications are emerging.
One of 20 recipients of an F5 2021 Tech for Good Grant, Thriving Families is using these funds to help new mothers obtain the mental health support and community connections and resources they need during the COVID-19 pandemic and beyond.
自動化とデジタル化が爆発的に成長し、ハイブリッド ワーク モデルの傾向が強まることで、IPベースのセキュリティからIDベースのアクセス戦略への流れが加速するでしょう。
The DNS (Domain Name System) is one of the most important protocols on the Internet — it’s often referred to as “the phonebook of the Internet” (although most DNS experts despise this description).
F5 Labs recently collaborated with the Cyentia Institute, leaders in security data science, to publish a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, ‘the state of the state of.’ This blog from Sander Vinberg comments on the degree of consensus and clarity within the world of application security researchers.
It was recently confirmed by the U.S. Department of Defense (DoD) that NGINX Plus has received formal authorization from the DoD’s Enterprise DevSecOps Initiative, Iron Bank. This gives DoD teams expanded capabilities as part of a verified digital infrastructure, while also signaling the company’s growing presence in the Federal sector.
The Microsoft Partner of the Year Awards honor companies that demonstrate excellence in innovation and implementation of customer solutions based on Microsoft technology. This is an especially meaningful award for us because it recognizes F5’s marketplace sales and marketing expertise, as well as consistent, high-quality, predictable delivery to marketplace customers.
The Dark Night. Lord of the Rings: The Two Towers. Thor: Ragnarök. The Empire Strikes Back—sequels are frequently better than the originals. Sometimes writers need an additional opportunity to build out a fictional world or refine plots and characters. Similarly, in technology it seems the story is never quite over, with solutions like F5’s SSL Orchestrator well positioned to take advantage of industry narrative developments.
ほとんどの企業は、Infrastructure as Codeによる自動化を採用していますが、導入のコントロールは維持しています。今後は、イベントに基づいてトリガー自体を自動化するイベント駆動型のアプローチが主流になると思われます。これは、将来のアプリケーションの適応性を高める重要な要素であり、これによってイベントに自動的に対応し、サービスレベルの目標を達成するためにロケーション、セキュリティ、キャパシティを調整することができます。
非営利団体が社会的影響力を高めるためには、テクノロジーの活用が有効ですが、社会福祉分野では、営利企業に比べてデジタル ツールへの投資がはるかに少ないのが現状です。このギャップを埋めるために、F5は先日、デジタル トランスフォーメーションの促進に取り組む20の非営利団体にTech for Good助成金を授与しました。
AppDev teams, like their NetOps and SecOps counterparts, start and end their day with a primary goal: ensuring that applications remain healthy, secure, available, and performing well. It’s not so easy, though, to always have visibility into app service performance.
F5 is a proud supporter of Molo Mhlaba Schools, which has been an F5 STEM Education Grant Partner since 2019 via our Global Good Program. To coincide with Youth Month in South Africa and International Women in Engineering Day, we caught up with Co-founder and Director, Dr. Rethabile Mashale Sonibare, to learn more about her career, the impact of Molo Mhlaba schools, and her plans for the future.
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
It should be no surprise that just as the emergence of cloud gave us cloud-native applications, edge is driving a set of edge-native applications. These applications, however, will not reside solely at the edge. Simultaneously, new architectural patterns are emerging that take advantage of applications residing in the cloud and data center.
The path that application delivery has taken over the last 20 years is a story of convergent evolution. More specifically, this era has seen the development of multiple delivery technologies that—when looked upon in hindsight—have revealed themselves to be the initial, nascent evolutionary steps towards what is becoming the application edge.
Let’s say your cat has wandered off. You can’t find them anywhere and tasty treats are not working their magic today. Then imagine that you could leverage the video doorbells in your neighborhood—i.e., idle compute and processing power from endpoints and nodes at the edge—to find them.
Stemming from recent attacks, the May 12 Executive Order on Improving the Nation’s Cybersecurity takes a multi-pronged approach to mitigation. With modern threats, any gap in detecting, reporting, employing timely protections, and ultimately defending an attack can cause a cascading effect of failure. In other words: Attackers only need to be right once. Cybersecurity professionals need to be right all the time.
As 5G becomes more widespread, an underlying question remains: How will you be able to monetize your investments? Service providers will need modern edge strategies not only to attract different enterprise verticals, but also to deliver on the promise of 5G—increased bandwidth and lower latency close to end users.
BIG-IP APM and Azure AD combine to enable seamless, secure access to all applications, regardless of where they’re hosted—in the public cloud, as native cloud or SaaS applications, on-premises, in a data center, or in a private cloud. The integrated solution allows employees to securely access all authorized applications, whether those applications support modern authentication standards and protocols or classic authentication methods, such as Kerberos or header-based methods.
Cloud computing has long sought to remove the need to deal with infrastructure, with APIs and drag-and-drop configuration tools to help keep those adverse to the network and infrastructure from getting their hands dirty. But we can't just ignore it either, or its profile as a key attack target.
F5ネットワークスは、Interop Tokyo 2021 ShowNetにおいてEdge as a Serviceプラットフォームを実現するVolterraを提供し、マルチクラウド間にセキュアなネットワークを迅速 に構築し、「BEST OF SHOW AWARD 審査員特別賞」を受賞しました。
In the increasingly API-driven world of banking, Red Hat OpenShift and F5 are changing the conversation about scalable and secure open banking cloud infrastructure.
It's an all too common scenario where you're not able to login to an e-commerce site without jumping through hoops (forgotten password, reauthentication, email verification—but which email?). This post explores strategies organizations are implementing to spare authentic human users from all this friction, and avoid the associated lost revenue.
Cybercriminals targeting the financial services sector are focusing more of their attacks on application programming interfaces (APIs). At the same time, different development teams working on multiple applications often use disparate tool sets, pointing to the increasing importance of industry standards. F5 works closely with financial services customers worldwide to implement and secure the APIs driving open banking.
Encryption, while helpful in protecting users’ data privacy, can create serious risks for enterprises if not properly decrypted and inspected for malicious payloads. While no-cost and readily available TLS certificates allow application hosts to cheaply protect their users’ data privacy, bad actors can also hide malware behind a certificate. And it’s becoming increasingly easier for them to do so.
You suspect that you have a bot problem, and—after preliminary investigation—you’ve decided to call in professionals to help reclaim some of your time. You’ve narrowed it down to a few vendors, but how do you decide? Here are some good questions that can give you an idea if a bot mitigation vendor’s solution is the right fit for your environment.
F5 celebrates the contributions that generations of Asian Americans and Pacific Islanders have made to American history, society, and culture.
User, within the context of the application domain, has always referred to the entity that interacts with an application. Just as shifts in application architectures drive changes in the technologies that deliver and secure them, shifts in the definition of user have driven changes in where apps are deployed.
You might have noticed a few changes at F5 over the past year. First, we’re just F5 now. Not F5 Networks. Just F5. Because honestly, we’ve never been centered on the network.
As enterprises pursue DNS solutions capable of supporting adaptive applications, they look for solutions that match their need for automation, speed, and ability to respond to infrastructure changes in seconds rather than hours. F5 Cloud DNS promotes modern DevOps practices, helping to speed new application rollouts by adding DNS updates seamlessly into surrounding process elements.
Maintaining a healthy application portfolio is a like maintaining a healthy body. Both are subject to endless stresses and unanticipated conditions. Both require specific care, proactive maintenance, and targeted interventions. Over time, eating right and exercising regularly go a long way toward keeping your day-to-day running smoothly, and the same is true metaphorically for your apps.
Every organization wants the same thing from their applications: the best performance for their users and exceptional security to prevent losses and harm. It's a simple concept, but delivering comprehensive security that doesn't slow the speed of innovation isn't easy given the complexities of the modern digital business.
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
On any journey, knowing where you are is just as important as knowing where you’re going. But for many companies on their digital transformation journeys, the past year was so full of on-ramps, express lanes, forks, and detours that they can no longer locate where they are on the carefully planned roadmap they started out with. In addition, their destination may well be different today from what it was 12 months ago.
Digital transformation and the associated data generation are threatening to overwhelm the systems and companies that rely on data to create value. Accordingly, organizations are looking for more efficient, modern computing architectures that can support multi-tenancy and deliver applications at data center scale with all the necessary levels of performance and security.
Vincent Lavergne recently caught up with the founders of NuCorder for a live jam session and to learn more about their pioneering artist collaboration platform (including how NGINX is playing a supporting role in bringing it all to life).
In an exciting proof-of-concept (POC) project, F5 partnered with SoftBank Corp. to demonstrate the viability of Multi-access Edge Computing (MEC) in a satellite communications environment, utilizing F5 caching technology to implement MEC and broadcast content in bandwidth-limited communications conditions.
At its annual identity conference, Oktane21, technology leader Okta highlights exciting news about its partnership with F5: new features and capabilities that enable Distributed Cloud Services and NGINX solutions to be more powerful—and more efficient—than ever.
This specific blog describes a key challenge of configuration drift faced by an operations team when making configuration changes across a large number of clusters or sites. I call this challenge, “Time to Effect.”
Like Greek and Roman gods, multiple manifestations of the same persona are evident throughout many mythologies. At the core, each incarnation is a new face to an existing persona. A similar reality is true in the digital world; what we call “applications” can often be considered as incarnations of existing functionality.
モバイル ネットワークは複雑さを増し、複数の世代のネットワークが共存し、さらにこれまでの実装から受け継いだセキュリティ リスクも存在しています。5Gネットワークを構築する際は、有害でコストの大きいセキュリティ上の失策を回避するために、計画の段階でセキュリティを組み込む必要があります。
We are living in an unprecedented time. Technology innovations routinely disrupt existing business models, and in some cases, completely replace existing industries—continuously and fundamentally changing the way we live and interact with each other. This post identifies three areas where AI is currently having a major impact on the enterprise.
The first in a series of blogs that looks at application-related technologies whose tide will be coming in during the next few years, especially as we evolve toward a more fully dispersed application delivery fabric and the emergent role of the edge. We’ll begin by examining where we are today (and the paths taken so far).
The American Rescue Plan provides agencies with a once-in-a-generation opportunity to leverage government support to improve IT services that will last for years. F5 can help you identify areas in need and prioritize your funds so you get the most value out of your allocation.
The fight for anti-racism in support of our friends, family, and coworkers of Asian and Pacific Islander ancestry is part of a much bigger battle. We are fighting for a world that is radically inclusive—where we, as a global community, don’t just tolerate differences, we celebrate them.
This framework maps the technology evolution that accompanies the business journey from physical to digital models. Each phase is marked by a business initiative that is enabled by technology.
Keiichiro Nozaki takes a closer look at regional results and variations among the responses received for F5's 2021 State of Application Strategy report.
Beginning April 5, 2021, healthcare providers and payers must give patients easier access to their health data—and lock security standards in place to guard that data. F5 Silverline’s Managed Security Services (DDoS, WAF, and Bot Protection) can help organizations roll out a comprehensive, HIPAA-compliant solution on a short timeline with minimal effort.
Education is the key to changing a life trajectory—and F5 is thrilled to support Rainier Scholars as it prepares students of color for long-term academic success and lives of leadership.
While there’s a tendency to focus on applications that directly implement a customer experience, every business domain will see the rise of applications that ultimately become critical to their digital presence. These applications, then, become the modern equivalent of a monolith.
IBM Cloud Satelliteは、クライアントのデータが既にある場所にクラウド サービスを導入し、クライアントが望む場所に橋渡しすることを目的として設計されています。このテクノロジは、Edge 2.0に対するF5の志と、データ センタ、パブリック クラウド、エッジにアプリケーションを分散させてシームレスで一貫した安全なユーザー エクスペリエンスを実現するというF5のビジョンに合致しています。
Join Dan Woods (VP for the Shape Security Intelligence Center at F5) and Sander Vinberg (F5 Labs Threat Evangelist), as they delve into F5 Labs' new Credential Stuffing Report with DevCentral’s John Wagnon and Jason Rahm.
BIG-IQ 8.0 enables better management and visibility of F5 security solutions, improving overall security posture and threat protection. The latest version introduces several security administration and visibility enhancements that help security pros not only lower the risk of a new breach but also simplify and streamline day-to-day management tasks.
Like many proverbs, the origins of "necessity is the mother of invention" is muddled. Often attributed to Plato, it is also ascribed to a variety of other well-known writers. Lacking an authoritative source, however, makes the proverb no less true.
EVP Kara Sprague：パンデミックは、私たちの働き方、学び方、人とのつながり方など、生活のあらゆる面に影響を与えています。そのため、第7回『アプリケーション戦略』年次レポートの結果で、COVID-19が世界中を席巻する前にすでに動き出していたデジタル変革の取り組みの劇的な加速と比べると、それほど大きく変化していないことに私は驚いています。
Every organization is now in the digital experiences business—meaning that good UX, high performance, zero downtime, secure transactions, and a high degree of personalization are no longer differentiators; they're expected.
In today’s fast-paced, what-have-you-done-for-me-lately world, changes in business must happen in the blink of an eye or have significant negative impact. For security solutions in particular, rapidly increasing capacity or quickly changing configurations can be driven by the need to add new applications or adapt existing ones, or by an immediate and massive influx of remote workers.
As Black History Month comes to a close, F5's Scot Rogers pays tribute to 7 groundbreaking LGBTQ+ Black American activists, artists, and writers.
QUIC has broad industry support and the potential to be the basis of most applications that deliver business value over the internet. Anyone delivering applications over the internet should start thinking about how their operations should change to reflect the new threats and opportunities that these protocols bring.
Providing a great digital customer experience is a business imperative in the COVID era. Today's customers are used to fast, easy, and, in many cases, contactless experiences, and they expect the same from every brand they interact with.
According to the Chinese zodiac cycle, the year of the (Metal) Ox has arrived. As the second animal in the zodiac, the stabilizing influence of the Ox points to a calmer atmosphere. Peter Silva gives his thoughts on the months to come and what they might hold for the industry.
There are many tropes in film and television. We're aware of them, even if we don't implicitly recognize them. A common set of tropes revolves around the hero of a story.
How operators can take full advantage of Kubernetes for deploying and managing IT and Telco workloads.
It's no surprise that we all have at least a few devices in our homes that can and do connect to the Internet. What's surprising is that most of us—and most businesses, too—don't include the "IoT" as part of digital transformation. They should because digitizing products is absolutely a part of the business journey.
F5’s completion of its acquisition of Volterra marks the beginning of the next phase of edge computing, ushering in the Edge 2.0 era. We envision that in the Edge 2.0 era, digital business in every industry sector will adopt edge computing platforms to deliver applications and to process and analyze data. The edge platform will be an essential component of the user experience for all digital services.
In partnership with the 5G Open Innovation Lab and other leading vendors, F5 is providing technology support for The Food Resiliency Project in Snohomish County, Washington, with ties to the Coronavirus Aid, Relief, and Economic Security (CARES) Act.
From a business perspective, a horizontal telco cloud architecture has several advantages over more traditional approaches. In addition to overall flexibility, it enables the telco to bring its telecoms and IT systems into a common infrastructure. That means that CapEx and OpEx investments are spread over telecoms and IT workloads, reducing costs.
With the level of encrypted traffic today, the need to ensure user and consumer data privacy, and the computationally intensive task of decryption and re-encryption, leveraging a traditional security solution to pull double-duty to deliver security by simply decrypting and re-encrypting traffic can be a very bad idea.
A perfect storm of fraud has been created in the economic fallout resulting from the COVID-19 pandemic, the pressure on state and government agencies to provide unemployment benefits, and the lack of anti-fraud infrastructure within those agencies. While the present situation isn’t good, there are, thankfully, clear paths forward for combatting unemployment fraud.
The payoffs of a well-constructed data architecture go beyond operational process. The benefits extend into strategic operational efficiencies, deeper business insights, and the ability to reach adjacent business opportunities, all executed in a more agile manner. || I've also made a few minor edits to the content in AEM. I'll plan to take another look at it next week as well, once the overall content has received the thumbs-up.
The payoffs of a well-constructed data architecture go beyond operational process. The benefits extend into strategic operational efficiencies, deeper business insights, and the ability to reach adjacent business opportunities, all executed in a more agile manner. || I've also made a few minor edits to the content in AEM. I'll plan to take another look at it next week as well, once the overall content has received the thumbs-up.
During the last year and half, we have been working with a few major global banks to test and evaluate our solutions. To be honest, we were approached by these banks as they started to see the need to create an edge strategy and also start to think about consuming multiple clouds (buzz word – ‘Multi-cloud’), mostly in a private way.
Phishing and spearphishing attacks drastically increased in 2020, driven by the threat of a worldwide pandemic, nations under quarantine or lockdown, work from home mandates, and contemporary political events. Jay Kelley examines modern threats in the context of F5 Labs' recent Phishing and Fraud Report, as well as how organizations can better protect users, applications, and data.
In order to further this dream, I’m excited to announce an important step in our journey. F5 has announced today that they will be acquiring Volterra and our ability to deliver the world’s most advanced edge-as-a-service platform and accelerating the creation of Edge 2.0.
In 2018, Epic Games landed a $15B USD valuation. Many attributed this incredible event to its viral video game, Fortnite. With over 200 million users across the world, the game pulls in billions of dollars a year through microtransactions.
Whether we’re talking digital transformation, application architectures, or the importance of telemetry in maintaining a digital business, the soon-to-be-released results of our annual survey help shape F5's understanding of the market and strategic decisions. This year, we gave respondents a bit more latitude in providing freeform answers. They did not disappoint.
Multi-cloud computing, wherein data and applications are distributed across multiple cloud services, is becoming an increasingly popular strategy in the world of software development.
As each year comes to a close, tech pundits blow the dust off their crystal balls and share their predictions for the coming year. For Peter Silva's annual list, he's compiled a collection of what the industry is saying (and expecting) for 2021.
Kubernetes may be free to download and run, but it’s hardly free of cost to own. Like other major open source platforms that are “free” only in a simplistic sense, Kubernetes will almost certainly cost you money to deploy and operate.
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
This is the reality of cloud properties. They all use the same mechanisms – APIs, consoles, processes – to perform common operational tasks. This is one of the benefits of cloud. And in terms of onboarding new technology professionals, it can dramatically reduce time required for onboarding.
Given DNS is a foundational networking service, it’s not a stretch to claim that digital transformation begins with DNS. Unfortunately, DNS is the last frontier of networking technology modernization. F5 Cloud DNS Service empowers network operations teams and DevOps teams to take advantage of these tectonic shifts in culture (DevOps) and technology (elastic consumption of computing and networking infrastructure).
Amazon Web Services (AWS) customers can now find and purchase consulting and training services from F5 in AWS Marketplace, a curated digital catalog of software, data, and services that makes it easy to find, test, buy, and deploy software and data products that run on AWS. As a participant in the launch, F5 is one of the first AWS Partners to quote and contract services in AWS Marketplace to help customers implement, support, and manage their software on AWS.
We recently crested the third wave of cloud. Concurrently, the pandemic has shifted a lot of enterprise attitudes. One has been the approach to remote work. Another is that toward public cloud. In fact, just about every survey out there now says the market is full steam ahead on cloud migrations—but, while certainly related, an important distinction exists between cloud migration and cloud adoption.
Kubernetes is an open source platform. You might think, then, that it's a vendor-agnostic platform, meaning that you can easily move from one Kubernetes implementation to another.
You can barely read a tech blog these days without finding an article that sings the praises of multi-cloud architectures. There are good reasons for that: multi-cloud provides a range of benefits, from cost-savings to increased reliability and beyond.
Video games are more influential than ever. We caught up with Sacha Coward, a prominent museum and heritage professional, historian and escape room designer, to explore the importance of identity and representation in the gaming world.
Public cloud solutions offer a lot of well-known benefits, but they also pose the occasional challenge. For example, organizations are used to having precise control over all the network traffic in their data centers, and they count on that level of control to perform critical security checks. As corporate workloads move to the public cloud, IT operators are challenged to ensure that their security measures come along as well.
When it comes to 5G and innovation, one's imagination is the only limit. We all know that 5G is largely meant to satisfy the insatiable appetite for lightning-fast speeds and real-time (sub-millisecond) latencies. But it’s also the fundamental basis for enterprise vertical industries and academia enabling the development of some really remarkable technological advances.
BIG-IP excels at inspecting, analyzing, filtering, and reporting on network traffic, it creates a lot of very useful data. However, parsing and extracting insight from this stream of information can be no small feat. This was one of the primary drivers for the development of the Splunk Add-on for F5 BIG-IP.
Nathan Kurtz, VP of Performance & Strategy at F5 and Executive Sponsor for the company’s Military Veterans Employee Inclusion Group, reflects on the significance of Veterans Day in the U.S., expands on what it means as an F5 employee, and identifies related resources.
Gaming accounts and microtransactions are valuable enough to have become substantial targets for hackers. Given that these accounts—like those in other industries—can be used across platforms (website, console, mobile phone), they can pose lucrative opportunities with multiple attack vectors for those savvy enough to go after them.
Kara Sprague: While I enjoyed many advantages and privileges growing up, the fact remains just as it does today—girls are chronically under-represented in STEM. And the situation, I am sorry to say, is getting even worse, and most especially when it comes to girls and women of color.
Whether through a mobile app using APIs to interface with an existing monolithic mainframe app or via message queues that connect Slack to a traditional client-server based customer service application, the task facing enterprise IT today is not merely to transform monoliths to microservices, but to make microservices talk to monoliths.
The world of banking is waking up to the potential of open innovation to help solve some of its biggest challenges—making services available to unbanked users or underserved small and medium-sized enterprise (SME) customers. By the end of the decade, it is foreseeable that we may have as many services enabled by our banks as we have apps on our mobile phone.
The advantages just aren’t about defense; careful control over entry points also results in a multiplicative increase in the efficacy of defenders. It’s no surprise, then, that these principles are often applied in the world of digital security.
Today we are very happy to announce that Volterra is able to serve its customers with PCI DSS Level 1 compliant services. Our entire team has achieved a tremendous amount of work over the past few months to deliver this capability.
COVID-19 has profoundly changed the way partners go to market and engage with customers. We caught up with IDC to learn more.
As organizations ramp up their generation of data and seek to extract business value from it, analytics and automation powered by AI and ML will certainly be on the table as technologies put to the task. These are exactly the type of workloads that will benefit from optimized infrastructure, and yet they are the ones least likely to be able to take advantage of it today.
CMMC, as it’s rolled out over the course of five years, is meant to reduce, if not eliminate, vulnerabilities and address a critical national security challenge. The defense industrial base (DIB) includes more than 300,000 companies, over which there has been a glaring lack of previous oversight. These companies access and store sensitive defense information on their own systems. CMMC represents an important step toward protecting this information.
It’s hard to find an enterprise company who hasn’t considered cloud native technologies to help meet user demands or to be more agile. So, what's holding organizations back? Some are wary of the critical parts of the cloud native stack that are open source. Others hesitate upon finding the cloud native market saturated. The choices can be overwhelming—and the downside of making the wrong bet on a soon-to-be-obsolete technology can outweigh the potential upside.
Many companies have seen years of transformation take place in just the past several months. While adapting to a global crisis has been a catalyst, the long-term requirements have remained the same while the urgency has increased. Organizations want to deliver a superior customer experience. They want business agility, the ability to respond rapidly to changing market conditions. And, ultimately, they want return on their investments.
A thoughtful and deliberate data strategy is fundamental to enabling the quality and cost-effectiveness of the most important business workflows. Further, when the workflows are instrumented to transmit their observed data exhaust to a collection and analysis infrastructure, the workflows themselves can be continuously analyzed and improved, resulting in constantly adaptive and optimized business workflows.
This blog concludes a two-part series celebrating National Hispanic Heritage Month through the voices of our employees and members of F5’s Latinx e Hispanos Unidos Employee Inclusion Group (EIG). Alejandro (Alex) Figueroa, a manager at our Security Operation Center based in Guadalajara, shares his story and thoughts on the importance of this celebration.
While it's true that 2020 has seen different DDoS attack patterns emerge, what is also true is that DDoS attacks at the infrastructure layer are still DDoS attacks. They are what we might call "traditional" attacks. What is changing are targets and opportunities that come with a distributed workforce, along with considerations around 5G and Edge computing.
If you removed the case of your desktop computer back in the 1990s, one of the first things you’d see is a network interface card (NIC). Unlikely as it may sound, the humble NIC is now set to help the telecoms industry, and its customers, combat a huge global surge in distributed denial of service (DDoS) attacks.
By its industry definition, SOAR comprises “technologies that enable organizations to collect inputs monitored by the security operations team…SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.” But it is far more than just a set of tools.
In this era of proliferating fintech apps, open banking has emerged as the preferred way for financial institutions to share data with third-party providers. The latest open banking protocols favor the use of application programming interfaces (APIs) to boost performance and reduce latency, but as with any digital data-sharing process, security is of paramount concern.
National Cybersecurity Awareness Month is happening now. For nearly 20 years, the Cybersecurity and Infrastructure Security Agency (CISA) has devoted every October to telling Americans how to be safer and more secure online. In all that time, has anything changed?
Each year, Gartner recognizes innovative technology companies as Cool Vendors across various market segments. Volterra is both humbled and thrilled to be named a 2020 Cool Vendor in Cloud Computing.
COVID-19 has forced many to tear up the rulebook and (virtually) start again, as the lines between field sales and digital operations continue to blur beyond recognition. The pandemic has put a rocket behind sales’ natural evolutionary trajectory, just as previous societal and technological shifts moved organizations away from Rolodexes to Salesforce, or from landlines to mobile phones and videoconferencing.
Back in 2018 the Office of Management and Budget introduced a new strategy designed to provide organizations with a roadmap to migrate their applications to the cloud, dubbed Cloud Smart. The message is clear: the traditional definition of a network perimeter has eroded; applications are the new network edge. We have entered into a new phase of digital transformation that is dominated by cloud services and multi-cloud applications.
Operators are starting to embrace a ‘best of suite’ approach in which they deploy a consolidated set of virtual functions/solutions, rather than trying to stitch together a diversity of products.
業界では、2019年に約25万件のクレジット カード詐欺行為が発覚しました。これは、約2分に1回行われている計算になります。今日の不正行為を検知するには、デジタル ワークフローのできるだけ多くのポイントから収集したデータの相関関係と、手作業によるデータ処理をはるかに上回るスピードでの分析能力が必要です。
Early this year, our team was asked to augment our existing security tools and software dev+test practices for PCI-DSS and SOC-2 compliance. One of the key areas we had to augment was vulnerability scanning for our K8s-based microservices and a couple of monolithic services.
Lupita Vallejo: Mexico is a country rich in culture, language, music, artifacts, and far more. We are more than our world-renowned food, historic landmarks, and perfect weather. What really defines my Mexico is something far more important: the people.
The central problem with measuring site performance today can be summed up as: "We don't measure the cost of slow. We measure the cost of downtime." Humans tend to work toward what they're measured on. This is not a new concept and, in fact, it's one of the tenets of DevOps and the reason the methodology includes a shift in measurements toward what matters most. Today, that means more than just available—it means fast and reliable too.
Kara Sprague discusses the power of coding – and why everyone should have an opportunity to participate.
While there are a multitude of fancy new cyber-attacks that can disrupt and harm, it is a distinctly “old school” threat that remains among the most prominent (and disruptive).
When the Modernizing Government Technology Act (MGT Act) was signed into law in 2017, its purpose was to provide agencies with funds they can apply to their IT modernization efforts, including those around cybersecurity. Agencies could apply for funding from the Technology Modernization Fund, which was designed to help them move on from legacy systems and invest in agile, transformative technologies. As it turns out, the establishment of the MGT Act has proven even more visionary than anyone could have imagined.
The solutions team at Volterra designs and maintains many potential use cases of the Volterra platform to demonstrate its potential value. These use cases are often made into instructional guides that customers use to get first hands-on experience with Volterra.
The Trusted Internet Connections (TIC) initiative’s 3.0 guidance marks an excellent opportunity to review your security approach. Because of evolving threats, federal government security experts know it’s important to stay vigilant. While technology changes, the ultimate goal remains the same—to protect your agency, partners, and customers.
The issue of remote access has become a priority as our response to the pandemic continues to encourage, if not require, working from "anywhere but the office." The first wave of remote access concerns was focused on users. How do they access ...
You’ve read how modern companies are disrupting their legacy peers by pursuing a data-driven culture… There are a myriad of examples, but the common thread is this: these are software-first companies in their categories. And why are they software first? They are data-driven.
Over the past decade, the quest for faster development cycles, high availability, selective on-demand scaling, and decoupling in general has steered technology-driven organizations to the microservices architecture.
While SaaS is not really all that new, what is new is the range of activities being commoditized and packaged as SaaS. All manner of business functions are joining CRM, SFA, productivity, and communications as SaaS offerings. And we anticipate that organizations will quickly jump at the chance to offload the operation of such software to a provider.
Despite changes in architectures and location, security problems do not change. Customers still need to protect applications, ensure availability, and defend against DDoS attacks. Application security is just a bigger challenge now due to the expanding attack surfaces and vulnerabilities.
Entrepreneur, author and TED alumna, Valerie Alexander shares her journey and insights on unconscious bias with the wider community in this interview.
Agile processes enable rapid releases to deliver customer value quickly and seamlessly; and new technologies make it viable to deliver daily releases, particularly for customers operating on a massive, global scale. Open source provides a model that offers the flexibility, agility, and stability companies need to efficiently deliver applications to their end-users—without the restrictions of vendor lock-in.
There are two walls in the delivery path for applications. The first (which has been the cause of much friction) is between development and production. And while DevOps methodologies have begun to break down this wall, the other—the one between production and delivery to consumers—is not so easily breached.
Over the years we've seen a lot of industry trends come and go. Two—cloud and mobility—fall into what we might call "mega trends." These are movements within the industry that have...
This blog is the start of a new blog series on real example problems faced by enterprises and describes how Volterra’s App Delivery Network (ADN) addresses the problems outlined.
Most organizations are operating in multiple cloud properties in addition to their own on-premises private cloud. For the past three years we've asked about the challenges and frustrations professionals in every role within IT experience while operating in this mode.
In the three phases of digital transformation, the first phase is all about automation. The focus on digitizing of workflows in phase two will ultimately offer business a path forward to the third phase, where data-driven services will generate actionable insights that improve efficiency, reduce process friction, and increase both productivity and profits.
Online privacy is no longer about simply staying away from prying eyes. Encryption on the web plays a key role in affording us our privacy, and it is constantly changing.
7月1日に公表されましたBIG-IPの"Critical"レベルの脆弱性に関しまして、その概要をご報告いたします。本脆弱性は、BIG-IPのSelf IPやManagement Portに外部から接続可能で、且つtcp 443 (クラウドの1NIC構成では8443、またはユーザ様設定による)のWebUI画面へアクセスが可能な場合に、ユーザ認証無しでRemote Code Executionが実行可能であるという問題です。
With this new offering, companies get the visibility, detection, and mitigation outcomes they need to slash fraud; reduce cloud hosting, bandwidth, and compute costs; improve user experiences; and optimize their business based on real human traffic.
First confined to the data center, Application Performance Monitoring (APM) has become increasingly context-driven around web-based user experiences. Today, it isn't enough to identify what went wrong after the fact. Businesses need to identify where trouble might occur before it happens.
If you’re a Fastly CDN user, Shape’s industry-leading log analysis capabilities are just a flip of the switch away. There is zero impact on production traffic, so there is no risk of negative consequences—just straight up information gathering.
There is an ebb and flow to technology cycles. Its inevitability is extant in many theories, such as the S-curve of innovation and a certain well-known analyst firm's hype cycle. Cloud is subject to these same waves. We've seen two very strong cycles over the past ten years, and it appears that a third wave is beginning to crest.
Based on our research, you are almost certainly in the 87% of organizations that operate applications across multiple cloud providers. Of that majority, you're also most likely to employ between two and six different public cloud providers. More than half (51%) of organizations do.
For service providers and enterprises transitioning to 5G network infrastructure and modern cloud architectures, virtual environments can now be hosted on low-cost, standards-based servers while moving specific functions to a Smart Network Interface Card, thereby boosting performance and lowering latency in the core and at the network edge.
For service providers and enterprises transitioning to 5G network infrastructure and modern cloud architectures, virtual environments can now be hosted on low-cost, standards-based servers while moving specific functions to a Smart Network Interface Card, thereby boosting performance and lowering latency in the core and at the network edge.
EVP Kara Sprague: The pandemic has raised the stakes overnight on digital experiences. The playbook for thriving has four distinct phases, which I’ve heard consistently from both customers and industry observers. Several organizations are applying this approach to enhance their operations with new digital processes that will drive ongoing differentiation.
To mark this year’s Women in Engineering Day, we connected with Sara Boddy, Senior Director of F5 Communities (F5 Labs and DevCentral), to discuss her career to date and why we need to continually strive for more diversity in tech.
The term 'cloud-scale' is often tossed around blithely. It's used in marketing a lot to imply REALLY BIG scale as opposed to, I suppose, traditional not-as-big-but-still-significant scale.
I’ve been the Executive sponsor of the F5 Pride employee inclusion group since its inception in 2016. When people ask me why I feel so strongly about advocating for LGBTQ+ F5ers, I tell them, “Because I loved and was loved by someone who taught me—through his life-long example—the importance of embracing all people for who they are, as they are, and wherever they are on their life’s journey.”
At F5, our commitment to the fight against racism is a foundational part of our culture as a company. We consider diversity and inclusion part of being an F5er. Today, our F5 Appreciates Blackness (FAB) employee inclusion group, the Diversity & Inclusion team, alongside our Exec Team, shared the steps we are taking as a company, and the pledge we are taking as individuals.
While it is true that adoption rates have fallen short of initial predictions, there is plenty of evidence to suggest that NFV is as relevant as it’s ever been. Perhaps even more so.
We live in testing times. For telecoms operators, the COVID-19 pandemic is throwing up challenge after challenge.
Data comes from a variety of sources across the code-to-customer path. Applications. Platforms. Application services. Infrastructure. Devices. All are capable of emitting data that can be turned into business value by the right solution. The elephant in the room during any discussion on the use of data is, of course, privacy.
AI use cases are found in every aspect of business, from IT to security to finance to marketing. The ability to analyze large data sets and discover patterns and relationships in them uncovers insights that can lead to...
We live in testing times. For telecoms operators, the COVID-19 pandemic is throwing up challenge after challenge. These range from a major mismatch between network configuration and the new traffic patterns, to physical attacks on 5G infrastructure and elaborate forms of fraud devised by a new breed of bad actors. At the same time, under-employed customers are querying bills and questioning their tariff plans.
The first step in a discussion about data architecture is to define what the concept of “data architecture” encompasses. Unsurprisingly, the answer turns out to be nuanced—it is layered and multifaceted. To help ground the discussion, it is useful to start by thinking about it in terms of the journey of collected telemetry data.
We want to share this powerful message to F5ers from our FAB employee inclusion group leaders as a blog post to help channel our collective energy into concrete action. F5 stands in solidarity with the Black community and those who protest in support of social justice around the world.
Digital payments have become as common as cash used to be. Shutdowns due to the COVID-19 pandemic have only accelerated the rate consumers rely on such services. But it has also accelerated digital payments on the corporate side. After all, businesses still have accounts payable and receivable whether they're open to the public or not.
Today, F5 offers the most comprehensive application services along the code to customer path. For the future, we are doubling down on application telemetries and analytics to help our customers discover insights about their applications, business flows, and user experiences. As we build out our cloud analytics capabilities, we'll further leverage ML/AI to help our customers to improve their business services.
Perhaps the biggest impact on operations due to the abrupt migration of consumer and employee to digital experiences is availability. Certainly, a significant percentage of organizations struggled with remote access as workers moved from the office to the home. But only some workers wound up working from home while entire populations were suddenly reliant on digital equivalents of day to day life.
With the development of container orchestration technologies, working with containers is easier and more programmatic than ever. But orchestration is only half the battle. Effective container strategies also require solutions for the different elements tied to applications, such as networks, storage, security, traffic management, and DNS.
In a get-it-done-now kind of environment, you need a fast and easy way to make sure your web apps are covered by fundamental protections. F5 recognizes the pressures those on the frontlines of the COVID-19 crisis are under, and we don’t want new technology to be another one.
Zero Trust is a powerful strategy that can help a business go faster and be more secure. While not a new concept, it is one that has taken on particular relevance for today's application-driven businesses and multi-cloud environments.
It may seem like a million years ago since we hosted our first EMEA LGBT+ @ Work Symposium in London (which included the official launch of the UK & Ireland branch of F5 Pride), but our work behind the scenes has continued apace. In many ways, our mission is only just getting started.
As part of our SaaS-based Control-plane, we have built and run our own global backbone (AS35280), using multiple 100G and 400G links between our PoPs.
It should be no surprise that as there evolves a new generation of application architectures that a new generation of load balancing accompanies it. Since the birth of load balancing, just before the turn of the century, the technology has moved in a predictable pace, which means it is time for innovation.
As we begin to grapple with the fact that our rebound will not happen as quickly as we’d all like, we are coming up with innovative ways to keep businesses moving forward. We are offering new tools and resources for our partner community to help solve customer challenges with remote access and security.
Jay Kelley looks at how organizations are beginning to shift their technology concerns from application access and maintaining user productivity toward application security. The article also notes how cybercriminals are adapting and what you can do about it.
How many times have you found yourself emailing a sensitive file to your accountant, lawyer, friend, relative, or co-worker and immediately feeling remorseful? Or perhaps you uploaded the file to some cloud storage provider and emailed or Slacked the link.
Together, Azure Active Directory and BIG-IP APM offer unified security and user experience between modern and classic applications, providing a single identity control plane and delivering SSO from any device to all applications, whether they are hosted on-premises or in the cloud, and whether or not they support modern authentication and authorization.
With F5’s portfolio of visibility solutions, customers can collect and analyze application metrics no matter where the application or app services are deployed. They can connect to applications wherever they live, scale analytics natively, and close unknown gaps in application visibility to expand and strengthen security and reliability.
Recently, I was reminded of the importance of calibrating measurements when I re-entered the realm of reef keeping. Like rapid changes in the application landscape, reef keeping has dramatically changed in the past five years.
Take security a step further by never reusing the same username. Learn how this augments the security from not reusing passwords.
With the impacts of COVID-19, organizations need to ensure that their now home-based and remote employees are able to securely and seamlessly access the applications they need to be productive—especially with all the new challenges they’re facing every day. F5 BIG-IP APM and Azure Active Directory simplify the user experience for application access by enabling users to log in once and access all applications they have the right to access in any location.
Mika Yamamoto, Chief Marketing and Customer Experience Officer, previews F5's virtual Agility conference, the industry-leading event for architects, engineers, and developers to learn how building, managing, and securing applications in multi-cloud environments can accelerate digital transformation and deliver better customer experiences.
This new partnership area is significant as it casts a global spotlight on the shared values of both F5 and IBM to enable Service Providers with broader choices of modern architectures and infrastructures—with both hardware and software options to enable open source hybrid cloud containers and innovate toward rapid network transformation.
Amid this pandemic, the systems processing unemployment claims in many U.S. states found themselves in peril. Developed using COBOL, the systems faced overwhelming demand, prompting urgent calls for those proficient in a programming language dating back to 1959. In parallel, many applications driving contemporary digital transformation efforts are microservices-based. These apps, like their COBOL forebears, are likely to be so critical that they, too, may still be running in 50 or 60 years.
Culture is not something that can be switched on in response to a crisis. Digital transformation, first and foremost, is a response to a business need. So, the initiatives that support it need to be designed with business outcomes in mind. And those business outcomes are informed by organizational culture.
The expansion of applications tied to organizations’ digital transformation efforts also increases the number of attack surfaces for bad actors to target, with the effects of the current pandemic further accelerating this growth. Coupled with users’ tendency to reuse passwords, you’ve got an unfortunately prime environment for credential stuffing attacks. This article highlights established best practices that can help both businesses and consumers protect themselves.
In days gone by, the app services (the data path) delivering apps was straight and narrow. All apps basically traversed the same set of services over the same network.
In light of digital transformation initiatives quickly becoming a “checkbox” for modern enterprises, effective management of app services—and the devices that power them—is paramount. It’s also not easy, simple, or straightforward, especially in the multi-cloud world. That's why F5 is so dedicated to delivering end-to-end app visibility and control from code to customer with BIG-IQ 7.1.
In prioritizing health and well-being, organizations all over the world are finding out how they can work effectively together even when their employees are separated by physical distance. Ian Jones, head of F5’s global Professional Services and Training Services teams, highlights the ways organizations are meeting today’s demands, and surfacing lessons that will apply long after the pandemic ends.
The modern-day network is often made up of an on-premises data center as well as SDNs and public clouds. In such heterogeneous environments, it’s all too easy for the rules and objects associated with the devices that make up the network to proliferate, adding complexity and risk. To help address this, AlgoSec has worked closely with F5 to extend rich visibility and orchestration capabilities across the entire multi-vendor network security fabric.
Extraordinary times call for extraordinary measures. Many people have uttered this phrase since COVID-19 forced us from our offices into our homes to work remotely. One of those extraordinary measures has been ...
An insertion point is an architecturally distinct location in the code to customer data path at which it makes sense to add functionality that is often outside the purview of development or operationally more efficient. Insertion points include the client, infrastructure, and the app itself. So, what we're looking for are app services that are both operationally and cost efficient at the point of insertion; in this case, we're focused on the app server (platform) itself.
This blog will deal with techniques we use to secure the platform against targeted attacks from the network — from the Internet as well as from inside. Since apps are no longer constrained to any physical location, traditional perimeter-based firewalls and signature-based security solutions are no longer effective.
Kunaciilan Nallappan, RVP of Marketing for Asia Pacific, shares his thoughts on F5’s initial response to the COVID-19 pandemic and the continuing importance of putting employees, customers, and communities first as we navigate these times together.
For mobile service providers, COVID-19 has been the catalyst recently for dramatic traffic growth as enterprises and consumers follow mandatory stay-at-home guidelines. Fortunately, many OTT providers have throttled their video streams to reduce the strain on the network, but this has highlighted to service providers the importance of being prepared in the future with intelligent traffic management and video optimization solutions.
Perennially important, virtual private network (VPN) security is now imperative given the current COVID-19 pandemic. Remote working has fast become the new normal and, correspondingly, the demand for VPN capabilities has skyrocketed. Unfortunately—if unsurprisingly—attacks on VPNs have risen sharply alongside.
As organizations rapidly mobilize a global workforce to work from home, they are considering the performance, availability, and security of their corporate applications. In our conversations with customers and partners around the world over the past month, we interestingly see a renewed focus on some of the same application services that topped the list in 2015—load balancing, network firewall, anti-virus, and most importantly, identity and access.
This componentization of IT is like the componentization of the applications it is tasked with securing and delivering. Estimates range from 80 to 90% of modern applications are composed of third-party components; most of which are open source.
The COVID-19 pandemic has created a new work reality almost overnight. Globally, companies like F5 are finding new ways to reinforce flexibility and innovative collaboration as key elements of employee culture. In this article, Jay Kelley takes a closer look at the activities of the Technology Services team at F5 during the course of March 2020 to meet the changing needs of the company and its customers.
F5 EVP Kara Sprague: One of the reasons why application-level visibility remains so elusive is because application data paths are complex. There are generally several operational silos along the data path for a single application, and even more operational silos for each of the application architectures and infrastructure environments used within any multi-cloud architecture. And where there are silos, there is limited visibility.
As COVID-19 continues to make its impact felt on a worldwide scale, F5’s Chief Human Resources Officer Ana White and Chief Marketing & Customer Experience Officer Mika Yamamoto reflect on implementing response and readiness efforts reaching employees and communities worldwide.
リモート アクセス サービスが逼迫している理由の1つとして、今日のネットワーク トラフィックの大半をビデオとSaaSの通信が占めていることが挙げられます。同時に、このパンデミック下で遠隔医療が進み、それに伴ってライブ ビデオ トラフィックが増加しています。リモート ユーザーに配慮してキャパシティとパフォーマンスを向上させる方法の1つは、現在のアプリケーション トラフィックの構成を反映できるように、リモート アクセスの設定を更新することです。
Essential App Protect takes the complexity and guesswork out of safeguarding applications delivering simple, fast, and scalable cloud-based security for web apps—wherever they’re deployed. The service can be activated within minutes, giving apps out-of-the-box protection against common web exploits, malicious IPs, and coordinated attacks.
A new reality brings new vulnerabilities. With nearly 100% of staff telecommuting, what becomes the most important link in the connectivity chain? When exponentially more customers rely on the Internet to order products, what part of an organization’s operations suddenly becomes the most critical? Of course, it’s the network.
"Data is the new oil" or "Data is the grease of the digital economy." If you're like me, you've probably heard these phrases, or perhaps even the more business school-esque phrase "data exhaust monetization," to the point of being clichés. But like all good clichés, they are grounded in a fundamental truth, or in this case, in a complementary pair of truths.
コロナウイルスによって加速するテレワークへの大規模なシフトは、F5をはじめとする企業にとって、お客様が事業を間断なく続けられるようにするための代表的な取り組みの1つです。しかし、業界全体でこのシフトが定着するにつれ、他の分野にも複雑な影響が現れ始めました。F5 Cloud Services GMのCalvin Rowlandが、現在の情勢下でのDNSの影響、および関連するお客様の取り組みについて考察します。
The inescapable truth of this survey is that the life of a network operations professional is increasingly automated. From configuration changes to ...
Before you dive in, we wanted to reiterate that DevOps is unique. If you think they're just developers who write scripts and manage CI/CD pipelines, you'd be wrong. If you thought they were just operations ...
F5 EVP Kara Sprague: Today's organizations are trying to reconcile an extreme pace of change with rising demands—serving users who don’t always know what they want, while facing constant pressure to innovate, compete, and respond to market developments. For many of our customers, these rapidly changing dynamics have become a catalyst to embark on large-scale transformations.
When organizations adopt new architectures and develop new apps, they don't throw away ones that already exist. While there's always some culling of the portfolio that's taking place over time, it’s generally true that apps put into service years ago using traditional architectures are still ...
In advance of International Women's Day, Lori MacVittie takes a moment to discuss her career to date, tips for women looking to get into tech, and reasons for additional optimism on the horizon (particularly in the cloud computing space) in this Q&A with EMEA's Neil Jaques.
The benefits of migrating away from hardware-dominated environments to cloud and software-defined architectures are well known—increased scalability, operational agility and economic flexibility, to name just a few. But there is also the common misconception that in order to realize these gains, organizations are forced to make a sacrifice regarding the performance of their apps.
When we dig into the state of application services each year, we don't just focus on app services. While that's certainly our primary interest, there are a plethora of trends and technologies that impact app services in general.
F5 announced the launch of the UK and Ireland (UKI) branch of its F5 Pride Employee Inclusion Group (EIG) this week. It also hosted the company’s first pan-EMEA F5 Pride: LGBTQ+ @ Work Symposium, highlighting best practices for diversity and inclusion, as well as mapping out plans to further bolster company-wide support for LGBTQ+ staff.
Cloud-native, while still a term with many definitions, can be thought of as a methodology and approach, not a specific technology. And the importance of firmly instilling that into your organization can’t be overstated. The priority for teams and individuals involved in digital transformation is to ensure they agree on and understand the business outcome, using it to inform technical designs/solutions.
Are we just using telemetry because it sounds sexier than data? Ultimately both data and telemetry are organized bits of information. To use them interchangeably is not a crime. But the reality is that, if you want to be accurate, there is a difference. And that difference will become increasingly important as organizations march into the data economy.
F5 kicked off the RSA week in brilliance and style at Microsoft Security 20/20. This gala event celebrated and honored their top partners within the Microsoft Security ecosystem. It’s extremely gratifying to be recognized for the customer obsession we have at F5 with the Customer Impact Award, given security is a critical initiative and core competency for both F5 and Microsoft.
While we largely have Hollywood and science fiction to thank for our popular understanding of the complex topic, put simply, one can define artificial intelligence as “teaching a computer how to mimic aspects of human intelligence.” To understand how AI and application services will work together in the future, it’s first necessary to examine three distinct types of AI: Strong, Weak, and Assistive.
A growing number of app services are an integral component of a cloud-native architecture. This is, in part, why we see a shift in responsibility for app services away from IT operations toward DevOps.
Distributed denial-of-service (DDoS) attacks against service providers are significantly on the rise, according to new research from F5 Labs. An analysis of global customer security incident data from the past three years—both mobile and landline—also found that brute force attacks, though still prevalent, are on the wane.
Learn how card not present fraud has increased with the prevelence of in-store payments via mobile apps and how to mitigate the risks.
Shape’s App Security & Fraud Summit — Virtual Event — is tomorrow, February 12, 2020 / 9:00 am PT. Join us as top cybersecurity and fraud leaders dive deep into the latest attacks, tools, and trends you need to know to protect your web and mobile applications in 2020.
アプリケーション サービスの状況調査に対して2600件を超える回答を数か月かけて分析した結果、デジタル トランスフォーメーションが世界中の組織に与えている影響について興味深い考察を得ることができました。企業は技術変革への取り組みを継続しているのです。5人中4人のエグゼクティブが、デジタル トランスフォーメーションに取り組んでおり、こうした取り組みの結果、自動化とセキュリティを最優先とするクラウドネイティブ アーキテクチャとアプリケーション サービスの採用が進んでいると回答しています。
In the service provider realm’s not-too-distant past, there was a distinct line in the sand. On the one side, networking and security teams spearheaded the evolution to an NFV architecture, with a strong focus on virtualising network and security functions. On the other side, developers enthusiastically embraced cloud platforms, DevOps methodologies, and automation via CI/CD pipelines. The edge is where they come together.
As organizations march steadily on their journey through digital transformation, the issue of integration becomes critical. In addition to the obvious ...
F5’s Tim Wagner draws parallels between Secure Cloud Architecture and urban planning in his latest blog, pointing out key considerations, items to account for, and—crucially—questions to ask at the outset that can help bring about desired results.
The inability to verify the integrity or correctness of data should be of significant concern to those organizations pursuing digital transformation efforts (which rely heavily on data). That data will be used not only to conduct business but it also forms the basis for pattern and behavior recognition. Accordingly, it will power advanced analytics that automatically make operational and business decisions without human intervention.
The new NGINX Controller 3.0 brings enhanced enterprise features that go beyond what both traditional and cloud-native solutions can offer. By giving customers (that span DevOps to NetOps) the ability to automate functions across deployment models and locations, we are opening up a new set of self-service capabilities that will increase agility, mitigate risk and enhance the experiences organizations are able to deliver to their customers.
What sets Shape and F5 apart is F5’s ability to capture high fidelity data from our position in front of millions of mission-critical customer applications combined with the sophisticated AI-assisted analytics platform from Shape. By integrating Shape and F5, we are executing on our vision to create an advanced set of security capabilities that can handle today’s most sophisticated attacks.
F5 and Shape are joining forces to transform how we defend every app from attack, fraud and abuse, and to delight our customers.
This specific blog describes how Volterra helps users operate their applications and infrastructure like a fleet. We will explain how our control-plane based approach eases operations of a large fleet of app clusters and compare it with other multi-cluster management-plane approaches like Google Anthos, Azure Arc, Rancher, etc.
At present, it’s not unusual for DevOps engineers to use cloud-native tools, open source solutions, or other types of inexpensive (or free) resources that don’t require significant investment or interaction with the procurement team. But what if you need to advocate for a richer IT investment to drive needed efficiencies as well as to ensure better security and performance for your apps?
API stands for Application Programming Interface. Over the years, it has evolved from a tightly coupled imperative specification to a loosely coupled declarative model. Regardless of implementation and the mode of invocation, APIs tend to be associated with app development. But another API economy has been steadily expanding. It lies within operations. And in that domain, the "A" in API stands for automation.
Agility is the way of IT these days. We all strive for developers and operations to go faster, to unleash creativity, unhindered by the burdens of provisioning app infrastructure and resources. The trick is balancing our need for app delivery speed with the need to stay secure and compliant.
The use of APIs have the potential to be transformative by enabling new business models and revenue streams. Implemented without adequate guardrails, however, APIs also have the potential to disrupt and put businesses at risk. Concluding his two-part blog series, Mark Campbell outlines steps that organizations can take to help address the industry’s present API security gaps.
Application architectures have evolved several times since the early days of computing, and it is no longer optimal to rely solely on a single, known data path to insert application services. Furthermore, because many of the emerging data paths are not as suitable for a proxy-based platform, we must look to the other potential points of insertion possible to scale and secure modern applications.
The value of accurate, insightful data is realized by detecting and acting upon a threat before the attack occurs, not a month after the breach. The F5 Threat Campaigns subscription offering provides a glance into a hacker’s preliminary approach to block attacks proactively.
F5がShape Securityを買収することに合意したことを伝えるF5社員宛ての電子メールを、François Locoh-Donouが紹介します。
The transformation from monolithic applications to ecosystems of microservices has made APIs a strategic and critical element of business success. APIs are typically designed to be externally exposed and accessed by business partners, customers, and microservices. Just like web applications, though, APIs can be a doorway for unauthorized access to sensitive data. And as with many technology advances, security considerations often trail behind.
At Volterra, the SRE team’s job is to operate a global SaaS-based edge platform. We have to solve various challenges in managing a large number of application clusters in various states (i.e. online, offline, admin-down, etc.) and we do this by leveraging the Kubernetes ecosystem and tooling with a declarative pull-based model using GitOps.
Consider this: 54% of containers live fewer than five minutes. Predictably, this leads to security topics. If you’re trying to secure access (and you should be) and trying to protect the app or API running in that container, you've got to make sure your security services are constantly adjusting policies to match the current state of the cluster. That's a lot of change going on, which means a lot of operational overhead.
For app developers, working alongside a large infrastructure-platform team can be a blessing or a curse. When that team provides infrastructure, networking, and security services in a managed, self-service model—thereby relieving developers of the toil of managing infrastructure—it's truly a blessing. But if the infrastructure team’s primary delivery is a week(s)-long backlog and a revolving door of handoffs, developers can feel cursed.
A good way to think about how digital transformation and DevOps practices are influencing app deployment is to picture an application factory. Instead of handcrafted policies and manual review processes, network and security experts need to define reusable policies for developers to deploy with their applications as part of an automated deployment pipeline.
Since many of these applications are mission-critical, our customers expect that we not only deliver multi-layer security but also have the ability to make continuous improvements to keep their distributed clusters secure.
F5's Peter Silva: As each year comes to a close, tech pundits blow the dust off their crystal balls and share their predictions for the coming year. As someone who has (let's generously say) repurposed others' since 2012 rather than thinking up my own, here's what some of the smart folks I read expect to happen...
Digital transformation is about moving technology from business interactions to processes to new models. At first, it's about apps. But as app portfolios expand, it turns to focus on automation and orchestration. With the increase in data generation, transformation becomes the pivot point for new business opportunities.
“With great power comes great responsibility.” Acknowledging Voltaire and Churchill, the quote is best known from the Spider-Man comics, attributed to Uncle Ben. Of course, part of the line’s cultural prevalence is that it can be applied to any number of situations and topics, including TLS inspection.
The future of security rests on telemetry that is more than technical data points picked out of packets. It requires a holistic view of interactions from client to application to behavior. Machine learning requires enormous amounts of data to establish and recognize patterns. This is why programmable proxies are such a critical part of an advanced security approach.
For many enterprises, new working patterns need to coexist alongside applications, teams, and technologies that have taken root over time and are now firmly embedded into the fabric of IT delivery. Zach Westall takes a closer look at how F5 and BIG-IP help DevOps teams (and the groups they work with) deploy services throughout the application delivery stack in support of CI/CD practices.
Principal Cloud Evangelist Tim Wagner describes a typical progression of cloud migration efforts (referencing holiday shopping and this week's AWS re:Invent conference along the way), as well as some of the all too common pitfalls that can trip up even the most well-meaning of IT and development teams.
A Dimensional Research survey of more than 3000 mobile app users confirmed what many of us believe about customer expectations today.
This blog is the second in a series of blogs that cover various aspects of what it took for us to build and operate our SaaS service.
F5 believes that there doesn’t need to be a conflict between community and commercial solutions. A balance can be achieved, but it requires a commitment to work together and constantly refine that balance as new challenges and innovations arrive.
Did you know that when Sysdig looked at its customers this year it found more than two million container instances running on-premises and in the public cloud? More exciting (for us, at least) was the data point that NGINX was running in 60% of those containers. That’s a lot of NGINX.
Robert Haynes highlights the "2019 State of DevOps Report" from Puppet, drawing on its contents and his professional experience to note: The advantages of shifting security left into the software lifecycle rely on shifting those DevOps behavior principles into the security teams as much as, if not more than, moving security tools into the pipelines.
Our customers are building complex and diverse sets of business solutions — like smart manufacturing, video forensics for public safety, algorithmic trading, telco 5G networks — and thus we need to deliver an always-on, connected, and reliable experience for these applications and their end-users.
We provide a broad portfolio of distributed cloud services that gives our customers the ability to build, deploy, secure, and operate distributed applications and data.
At NGINX Conf 2019, we conducted more than 50 recorded sessions covering various subjects. This blog shares takeaways from one of the hottest topics in the industry: Site Reliability Engineering (and also the related topic of Chaos Engineering).
Business Needs a Smarter Mousetrap to Catch Next-Generation Attacks.
Cloud-native applications are being built at a good clip. While they're not quite dominating app portfolios just yet, they are increasing in number.
Soon, every organization dealing with multiple interconnected devices and rapid data processing demands will need an edge computing strategy, not to mention the technology to make it all work.
The pressure to transform digitally has become universal. Whatever your strategy is, the trick is to figure out how to deploy and manage applications in a consistent way across all your different infrastructure silos. The best way to do this—and to get visibility into your code-to-customer pathways for all of your applications—is to leverage a consistent set of multi-cloud application services.
APIs create value through their ability to abstract at the application layer. For example, the use of an API to abstract access to internal systems and data provides a way to simplify and automate access to legacy IT systems.
After more than two years of working with customers around the globe, heads-down development of a major platform, and yes, many long nights, we have hit a key milestone for our company -- launching.
Software as a Service (SaaS) offerings are becoming increasingly prevalent across all industries as organizations look for ever more dynamic and flexible ways to leverage software while ensuring operational stability, cost transparency, dynamic scale and agility.
All cloud journeys are unique and can be complicated, with very different objectives, strategies, and hurdles. So let’s take a look at how F5 can help you and your applications wherever you are in your cloud journey.
In recent years, enterprises in every industry sector have been embarked on a digital transformation journey in one way or another. Business enterprises are taking advantage of the proliferation of digital technologies to define new business models or to improve business productivity with existing models.
It doesn’t matter how fast you can deliver if deployment delays release. While NetOps are warming up to automation and orchestration, there are significant challenges facing their efforts to speed up deployment.
Visibility is an often-cited challenge typically referring to the ability to inspect traffic, transactions, and errors that occur during an application's execution.
F5’s Maggie Miller chats with an industry analyst on the trends driving optimism in the channel, how today’s buyers are different, and advice for F5 partners in this ever-changing market.
We are thrilled that Intel has named F5 as a 2019 Leaders Board partner in the Intel® Network Builders program. Our strategic partnership with Intel has, for more than 15 years, enabled F5 to use Intel technology to deliver optimized, highly performant application services for both enterprises and service providers.
Digging through Sumo Logic's latest data - compiled from actual usage of more than 2000 customers - we see an increase in Kubernetes usage specifically in AWS.
For seven weeks in July and August, F5 partnered with Girls Who Code to host 20 high school junior and senior girls in our new downtown Seattle headquarters with two goals: teach them coding skills and prepare them for a potential career in technology. In saluting their accomplishments on the International Day of the Girl, Kara Sprague provides a retrospective blog detailing this effort tied to F5's Global Good Program.
Today, "machine" also includes code running independently on devices, APIs, containers, serverless architectures, and of course VMs. Because they are software-defined, these machine types are easily created, changed, and destroyed throughout the day, every day, making software-defined machines an important part of the app development workflow.
Breaches abound. Vulnerabilities are discovered on a daily basis, and the patch gap doesn't seem to be getting any smaller.
F5 has a cloud-based solution available called the F5 DNS Load Balancer Cloud Service that leverages the AWS SaaS Enablement Framework and is now available in AWS Marketplace. While load balancing has traditionally been handled on-prem quite successfully, Roger Barlow outlines the many advantages of a SaaS-based approach.
Peter Silva provides a quick introduction to NCSAM 2019, highlighting the theme of “Own IT. Secure IT. Protect IT.”, and also touching on resources F5 provides to help customers better secure applications.
The open source movement has always focused on freedom. The freedom to choose the solution that works best for you given skills, budgets, architecture, and goals.
Our understanding of the role of application services in an increasingly application-centric business world has grown considerably thanks to the thousands of respondents who take time to respond every year.
[Guest blog post] To promote app delivery automation, HashiCorp Terraform enables network operation teams to treat the F5 BIG-IP platform ‘as code,’ so the network infrastructure can be provisioned automatically when new services are deployed. Consul’s central service registry and service discovery capabilities track the real-time network location and health status of all backend services.
The average person now has more than 80 apps installed on their phone. That same person interacts with an average of nine of those apps every day, and thirty over the course of a month.
Researchers from the University of Kansas and the Stevens Institute of Technology are focused on developing a new metrics framework for security operation centers (SOCs) that measures and validates SOC performance against enterprise network security. Peter Silva provides more detail on this project and its connection to F5.
Through Unity+, F5 is collaborating with our partners to better meet their business needs and serve our mutual customers with flexible licensing models, greater deal registration differentiation and easy-to-consume sales and pre-sales technical learning paths.
Who reading this is running OpenStack in their production environment? Prometheus? Perhaps you're generating Grafana dashboards? GitHub. GitLab. Nagios. Jenkins. Ansible. Puppet Enterprise?
Along with the larger container ecosystem, service meshes continue to plow forward toward maturity. We're still in early days, though, and there are a variety of approaches being applied to solving the problem of intra-container traffic management with service meshes.
F5 and NGINX are not just integrating to go to market in the same old way together. The fundamental inspiration behind the acquisition was the fact that there’s a ton of value we can deliver together as a combined portfolio. Jointly, we deliver solutions that span the entire application lifecycle for monolithic, three-tier, and microservices-based apps alike.
Predictions that the data center is dead - or at least on its death bed have been made many times since the ascendancy of cloud to the majority industry mindshare. And it continues to be wrong.
Peter Silva notes some of the ways that the capabilities of our five primary senses are being recreated using sensors. Today, gadgets (and IoT technologies) are being built that work in conjunction with, or completely replace, capabilities of the eyes, ears, nose, tongue, and hands.
Businesses want speed. One of the impacts of digital transformation - and the associated pressure to succeed in an app economy - is the desire to move at speed.
At VMworld 2019 in San Francisco, F5 polled attendees at its booth to find out what their most formidable challenges were in their jobs. Focused around the functions of NetOps, DevOps, SecOps, and AppDev, this in-the-moment research reveals how various IT teams are thinking about automation, security, digital transformation, and collaboration between the separate groups.
The first thing to note is that cloud-native, despite its name, does not require cloud.
Deploying applications at the speed of users can paradoxically be something of a slog. IT, DevOps, and SecOps organizations may spend hours/days/months trying to figure out ways to simplify the delivery of applications while providing the safety and security required by today's users. This blog gets into one way that F5 and technology partners are addressing the associated challenges.
This September, in Seattle, NGINX will be hosting its annual conference. I'm already booked to go and you should (very seriously) consider attending, too.
While application overload can feel like a puzzle without a solution, there is a remedy: Simplifying and centralizing the management of F5 BIG-IP devices and application services using BIG-IQ. The latest release of BIG-IQ—7.0—is a significant leap forward and can help NetOps, SecOps, DevOps, and application owners build, deploy, and manage apps, devices, and services more intelligently.
At this point, you’ve probably noticed some common security themes across this topic. While there are a number of security issues that are specific to containers – like those dealing with configuration and images – most of the basics for container security are techniques you’ve used elsewhere to secure traditional apps and infrastructure.
One of the interesting – and more frustrating - things I've noted over the years is the differences between how network engineers and application developers see apps. We've seen this in the way applications are depicted on network diagrams and, conversely, the way networks are shown on application architecture diagrams.
The key to simplifying multi-cloud architectures is to standardize elements wherever possible. By employing tools that can be used across environments, much of this complexity is abstracted away as you move from a cloud-specific to a cloud-agnostic service portfolio.
Workload is a fairly recent term that is often used to describe applications but can also refer to infrastructure services. That’s important, because there can be a variety of ‘workloads’ running in your container clusters that aren’t necessarily coming from your developers.
In the days of yore, transmissions in cars were manual. Some might have referred to them as a "stick" thanks to the mechanism by which you shifted gears. In those days, an automatic transmission was something special that you often had to order.
The orchestration layer of container security focuses on the environment responsible for the day to day operation of containers. By the data available today, if you’re using containers, you’re almost certainly taking advantage of Kubernetes as the orchestrator.
To manage application capital effectively, companies need to start by establishing a companywide application strategy that sets policy and establishes a basis for compliance. The application strategy should address how applications in the enterprise portfolio are built, acquired, deployed, managed, secured, and retired.
In traditional network infrastructure there are generally three architectural planes associated with network infrastructure: data, control, and management.
In an era of application capital, the CI/CD pipeline is a critical component upon which rests the speed and security of the applications it builds and delivers.
Have you ever tried to drive somewhere as fast as you can, but you hit every red light along the way? Murphy’s Law, right? Well, the same thing can happen when you’re deploying your applications—either in your private data center or in a public cloud.
When it comes to breaches involving apps and data exposure, fingers are almost always pointed at developers. Many times, this is the right direction. Injection attacks and stack-based exploits are almost always the result of insecure code.
With 2019 crossing the halfway point, let's look at some technology trends thus far…
Container adoption continues to accelerate across (almost) all areas of IT. But what does container security really mean?
Lori MacVittie continues our blog series surrounding F5’s acquisition of NGINX, discussing the concept of operational simplicity.
Let's stop spending so many cycles on what to call each other that we miss the opportunity to create a collaborative environment in which to deliver and deploy apps faster, more frequently, and most of all, securely.
F5's Tom Atkins provides a quick snapshot of relevant cloud security topics leading into this week's inaugural AWS security, compliance, and identity conference in Boston.
When it comes to multi-cloud consistency, Lori MacVittie discusses why a failure to recognize the two different types of consistency - functional and operational - and their importance is at the root of the problem with implementation.
The path to production is not a product. It's a process. And it's a process that needs to be collaborative and delivered in parallel whenever possible to improve time to value and enable successful application deployments.
It seems like the whole world is encrypted. That can be a very good thing, as encryption keeps our personal info safe. But, encryption also creates security challenges, such as blind spots where hidden threats like malware and malicious payloads can lurk. Fortunately, F5 and Cisco have a solution.
Now in preview, the F5 DNS Load Balancer Cloud Service features DNS-targeted DDoS protection and highly available and responsive global server load balancing (GSLB).
It is the use of cloud-provider security services that can dramatically impact the operational costs of doing business in the cloud - especially when it comes to managing application services infrastructure. Lori MacVittie discusses how augmentation and strong password practices will help constrain the cost of doing business in the cloud.
F5 SVP Calvin Rowland explains how F5 and Cisco are bringing ACI and BIG-IP closer together.
Because such transitions take time - we're still almost all operating in a multi-cloud model today, after all - it's important to find and take advantage of architectural options that maximize benefits without compromising on core customer needs like availability and security. Using a two-tier architectural approach provides both without constraining containerization efforts.
Peter Silva summarizes a recent report on how organizations are moving quickly to adopt the new standard of Transport Layer Security (TLS) 1.3, while addressing both operational and security concerns as a result of the transition.
With a staggering 60% of users experiencing a container security incident in the past 12 months, if you aren’t already practicing safe containerization, Lori MacVittie shares five steps to consider putting into practice.
There’s nothing like a large conference or event to really show you how new technologies and solutions are impacting the real world. And often, the most meaningful interactions are not with vendors or sponsors, but with the attendees—the people responsible for implementing all the exciting new tools that the rest of us work so hard to develop.
We look at the trends and changes in application services usage – across security, performance, and identity/access – from the first quarter of 2019.
Right now, DevOps is the topic for developers and network experts. The next step in understanding the state of the market was our recent webinar series, Why Application Modernization Matters to Digitalization, in collaboration with experts in this topic. What did they have to say?
F5 SVP Calvin Rowland recaps last week’s Red Hat Summit in Boston, highlighting the continued partnership between the two companies that resulted in F5 being honored with a Partner Technology Innovation Award by Red Hat.
The majority of organizations across the globe and in every industry are currently in process of digital transformation. Lori MacVittie looks at the latest trends surrounding the digital economy and supply chains to better understand how enterprises are changing how they develop apps, when they deploy apps, and with what architectures.
Employees are often frustrated with corporate security policies and in general, most people’s primary jobs are not security related. F5 Security's Peter Silva discusses why it's important to devise security policies that work for, rather than against employees.
Operations needs integration. Without it, we can't automate processes (which is what orchestration is) because processes necessarily span multiple systems, services, and devices—each of which likely has its own operational domain and toolset.
Our Bridging the Divide series continues with Robert Haynes addressing the long-standing myth within the networking and security communities; that secure software architectures are inflexible, and agile-delivered software is less secure.
We are nearly numb to breaches today because they happen with such alarming frequency. At the same time, we are so enthralled by our own brilliance in cryptography that we forget that most data at rest—tucked away inside databases—is unencrypted.
Bringing together F5 and NGINX, we will be able to satisfy the requirements for “reliability” no matter the definition. Whether that applies to the reliability of small, developer-driven deployments scaling modern applications or large deployments scaling application services and traditional apps alike, a combined portfolio will offer customers the ability to use the right tool for the right app.
There is a growing demand for APIs. Whether helping to fuel the digital economy by enabling mobile apps or internally pumping up productivity through automation and orchestration initiatives, APIs are everywhere.
As the world of container technology matures, so does the integration of the enterprise-class technology required to support it, encouraging traditional offerings to move in the direction of container orchestration environments like Kubernetes.
Today, both traditional and modern architectures are valid and necessary for business to succeed in delivering digital capabilities faster and more frequently and, most importantly, in the most efficient way possible to support its most valuable asset: a multi-generational portfolio of applications.
Digital transformation is driving growth of application portfolios and changing the way in which they are developed, delivered, integrated, and ultimately even consumed.
If you have already started automating F5 application services, you are likely familiar with using automation tools such as Ansible. To support more use cases and make application service deployment easier, F5 is releasing Application Services 3 (AS3) as part of the F5 Automation Toolchain.
The challenge of consistent security across applications remains. One of the culprits appears to be that application services aren't always moving with the applications they protect.
Not every customer is at the same place in the journey to automation, so we’ve built F5's Automation Toolchain as a set of components that can be broken apart and used independently, then brought together as a unit when the time is right.
We've seen too many articles that pit DevOps teams and NetOps teams in opposition to each other, almost at the personal level. That’s not helpful, and this isn't one of them.
With consistent services and policies in the Alibaba Cloud, and across other supported cloud environments, operations teams can comfortably secure and optimize any app while providing developers the architectural flexibility to pick and choose their cloud of choice.
In recent years, there’s been a volley of sorts about data replacing oil as the world’s most valuable resource. And, as you might imagine, there is far from uniform agreement on the topic.
F5’s Hitesh Patel: In this environment, the bar for success is no longer releasing a new product. It’s continually engaging and listening to all of the product constituents—customers, partners, F5 engineers, support staff—in a constant lifecycle of innovation and improvement.
With the general availability of GKE On-Prem (a core component of Google Cloud’s Anthos), F5 reveals its integration with this new solution, allowing its users to get one step closer to crafting a truly hybrid cloud architecture.
Componentization is great for development and certainly aids in speeding up time to value. But it can have a negative impact on performance - and security.
Looking forward, F5 and NGINX can enable enterprises to address one of IT’s most pressing needs: fast, frequent deployments across a varied set of application architectures residing in multiple cloud properties. We believe that doing that successfully depends on NGINX remaining open source and being driven in large part by the community that built it.
F5 CEO François Locoh-Donou introduces a blog series to explore the divide that has existed between modern, open source applications developed in (and for) the cloud and the traditional, mission-critical applications that are often the last to migrate out of the enterprise data center.
DNS remains one of the least appreciated application services in existence. Its role is so important, that its failure is considered catastrophic.
Venu Aravamudan, SVP & GM, F5 Cloud Services: F5 Cloud Services accelerate application delivery through a frictionless, intuitive multi-cloud platform. These SaaS solutions are optimized for cloud-native applications and microservices.
Building on the trio of managed rules for AWS’ native WAF delivered in the fall of 2018, we are excited to announce another ruleset which focuses solely on the protecting your APIs against existing and emerging threats, including XML external entity attacks and server-side request forgery.
We have to move from relying on Moore's Law to increase our capacity and speed to relying on a system of systems that scales itself to process more data, more frequently, and faster than ever before.
SVP of Business Development Calvin Rowland shares his excitement around F5’s acquisition of NGINX and looks ahead at the promise of combining technology partner ecosystems with open source efforts to benefit customers and deliver end-to-end application services.
Keiichiro Nozaki reflects on DevSecCon Singapore 2019 and the evolving roles of DevOps and Security teams, as well as the benefits of collaboration for both.
Given the slow but steady adoption of HTTP/2 and the security challenges posed by HTTP/3, the latter is likely to face a long, uphill road to adoption for the foreseeable future.
Fail fast is the mantra of speed today. Whether DevOps or business, the premise of operating in a digital economy demands uptime as close to perfect as you can get it.
F5 collaboration drives deeper integration for greater application services, development and security across Microsoft Azure Stack environments
Team structure matters. Not just because of the need to encourage a more collaborative culture, but because of the way it impacts decisions - including technology choices.
I am thrilled to announce we have signed an agreement to acquire the open source leader in application delivery, NGINX.
Microservices and Function as a Service (FaaS) often facilitate Agile development because a relatively small team can design, develop, and then refine a service much more quickly than they can a large, monolithic application. But there's another interesting benefit of microservices and FaaS that isn't being touted as much as it should: security.
No one wants to abandon the substantial investments made in 4G, but no one wants to fall behind in the race to deliver 5G either.
For five years we've asked thousands of respondents across every role in IT and around the world a simple question: What one thing would you never deploy an application without? In other words, what's the most important thing you can provide for your applications?
By layering an F5 Advanced WAF in front of a 3scale API gateway, you can benefit from additional security measures that include the use of IP intelligence to identify threats faster and more accurately, the ability to offer a secure API façade internally or externally, and protection against a variety of application layer attacks.
As the telecom network evolves to support a wide variety of use cases across different industry verticals, we note telecom respondents are raising their technology profile as leaders.
While most of the focus of programmability is on operations today, there remains a significant amount of data path programmability that's vital to enabling consumers to interact with applications.
If you don’t like change, IT is a bad place to be. There are those that might argue that, even if you readily embrace change, IT can still be pretty challenging. However, despite the continuous, incremental changes, there are key inflexion points worth calling out.
Function as a Service (FaaS) is quickly finding use in a variety of operational and development contexts. And while the rising star of cloud computing is often mentioned in conjunction with APIs and IoT and mobile apps, there is significant use outside development for the technology.
SVP Calvin Rowland digs into a joint solution with Equinix that enables high-speed key retrieval, allowing BIG-IP to decrypt and orchestrate SSL traffic for any application regardless of its location—on-premises, private or public cloud—thereby drastically simplifying multi-cloud key management…and giving you one less thing to worry about.
The Year of the Pig is upon us! Peter Silva offers his thoughts on the coming year and what it might represent for businesses, security, and the larger industry as 2019 unfolds.
We know that just about half of the traffic on the Internet today is generated by bots. Some good, mostly bad. Operational efficiencies from automation and machine learning—usually discussed in a more positive context—are also being weaponized to perform reconnaissance probes and attacks alike.
The strategic importance of data can only be realized through an application. And an application can only fulfil its purpose by interacting with data. This strategic codependency can be clearly seen in this year’s State of Application Services report.
BIG-IP Cloud Edition gives you role-based access to build and configure F5’s market leading application services for your apps.
Container adoption has been a steady course to consume budget for a couple years now. What may be a surprise is the reasons behind that adoption. Spoiler alert: it isn't really about microservices.
As DevOps has continued to press its case inside of IT, we've seen the adoption of automation and "as code" methodologies, including growing use of CI/CD tools like GitHub enterprise and Jenkins within the production pipeline. This post from Lori MacVittie and the Office of the CTO takes a closer look at Infrastructure as Code and what F5 is doing to enable and support it.
APIs are the new CLI. Increasingly, it is through an API that infrastructure and application services are provisioned, configured, and operated. Between automation and integration into deployment pipelines, the API is a critical component that every device—hardware, software, on-premises, or cloud—must have.
As a global solution architect at F5, I have the opportunity to look at a lot of access architectures and while many are aspiring, few have achieved their Zero Trust goals.
Five years ago, the industry was questioning the role of traditional IT – today IT organizations are embracing cloud and investing in the skills and toolsets required for automation. Cindy Borovick looks back at the industry’s progression in the context of the just released 2019 State of Application Services report.
Diving into application services alone is (almost) always interesting. But delving into the applications, environments, trends, and technology that drive organizations to use an average of 16 different applications services gives us a valuable glimpse of what IT and business will look like in the next year.
Lori MacVittie comments on the role of cloud and application services in the context of F5’s upcoming State of Application Services report. In all its forms—public, on-premises private, and SaaS—cloud has maintained its place of strategic importance, impacting the application services deployed, the tools and technologies used to automate and orchestrate IT, and even in the evolution of team structures inside organizations. Will this year continue the trend?
Lori MacVittie: For as long as I can remember—which is a long time—the siren call of a single pane of glass through which to view and operate infrastructure has lured IT. Like the Holy Grail, it has never been discovered and a good many IT professionals have become cynics as to its existence.
Previously available for AWS and VMware environments, BIG-IP Cloud Edition’s support for Azure gives customers another easy-to-buy, ready-to-use solution for delivering application availability, performance, visibility, and security.
Serverless is the rising darling of the cloud world, but it's often misunderstood and attributed with almost supernatural powers to reduce costs, speed time to value, and make you breakfast in bed. And if that wasn’t enough, it’s also frequently conflated with Function as a Service (FaaS).
Learn about the 3 payloads associated with flatmap-stream and how they can be exploited.
The growth of container app development incorporated into DevOps pipelines is nearing peak adoption across the app landscape, but some challenges persist. F5 declarative automation and orchestration solutions combined with ecosystem integrations are capable of delivering app services anywhere, including as Ingress into container environments.
As the worlds of DevOps and NetOps collide and container environments subsume definitions traditionally used in the network, let’s explore the use of the often-confusing term "ingress" in terms of the data path and container environments.
Regional VP of Channels Lisa Citron congratulates the winners of the 2018 North America Partners of the Year Awards, recognizing the exceptional performance of strategic resellers, service providers, and distributors in providing training, solutions, and support to further extend the value of F5 technologies for customers.
Ankita Bhalla revisits the importance of understanding the industry’s use of third-party hardware, highlighting F5’s iHealth and new Remote Attestation for TPM Chain of Custody feature as examples of how F5 helps keep you and your applications protected.
Cloud showed us a better way to onboard, provision, and operate network and application infrastructure—aspects that have been steadily pushing their way into the data centers of organizations worldwide. But the digital transformation that began with cloud is now seeping into on-premises systems to bring about something far more interesting: the breakup of the network.
Coupled with Cisco Firepower series’ threat mitigation and performance capabilities, SSL Orchestrator performs the computationally heavy workload of decrypting traffic before distributing it to other devices in a security stack, so those same security devices are now able to cost-effectively scale.
A KubeCon dispatch from F5’s Robert Haynes: One of the enabling technologies behind the adoption of platforms and working practices has been the systems that link intent to action in an automated, integrated way. Application services have to be part of this chain, and this represents a more fundamental shift than simply a change in runtimes.
It’s important to recognize that it’s not always NetOps teams that get in the way of deploying the latest thing/app/service. Impediments to speed are often due to a failure to adopt all the premises of DevOps as organizations seek to transform IT operations.
This week sees the release of BIG-IQ 6.1, the latest evolution of F5’s management platform. Dan Schrader walks through the benefits of this new version, focusing on declarative technology for automating the delivery of network services, as well as updated security reporting and dashboards.
It’s the time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Peter Silva collects his picks of notable prediction lists making the rounds as 2018 comes to a close, along with brief commentary on each.
With “machine identities,” we’re simply talking about how to ensure that an automated process can identify itself, and how other automated systems and processes grant the appropriate level of access to relevant resources. This concept is not new. What is relatively new is the scale at which it needs to be implemented.
Lori MacVittie: There remains a tendency to equate containers with microservices. And by equate, I mean “use interchangeably.” This is a bad assumption.
SVP Kara Sprague discusses the increasingly important role of containers amidst developer scarcity in the age of Application Capital, also noting F5’s just released open beta for Aspen Mesh, a fully-supported service mesh built on Istio.
Timed to coincide with next week’s KubeCon in Seattle – one of the biggest DevOps-focused conferences of 2018 – we’re highlighting a dozen of our favorite pieces of DevOps-related content from the past year.
As the dust from the recent re:Invent conference settles, Tom Atkins reflects and takes a closer look at the most notable advances from what has been another dynamic and productive year for F5 on AWS.
Shawn Wormke from Aspen Mesh explains how service mesh is a glue that helps unite Development and Operations teams, providing one place in the stack that you can manage microservices at runtime without changes to the application or cluster.
The stability and speed of today’s networks enable application services to act within a scalable system. Instead of a system deployed on a box, application delivery can embrace a modern, stack-based design. It can now be distributed to better take advantage of advances in technology and software, while continuing to benefit from expertise gained in previous years.
2018 brought us larger breaches, bigger DDoS attacks, and intensifying challenges for organizations to face when defending their infrastructure from criminals. Applications were notably a primary target, and as 2019 rounds the corner, we need to be prepared for the continuous evolution of both cybercrime and security.
Mainframes have a bad rap in IT. They are viewed as dinosaurs, when the reality is that they provide a significant source of computing power for many organizations—computing power that’s growing in use. They also have more to do with DevOps, Agile, and other modern methodologies than you might think.
Companies developing and deploying applications in the cloud can face inefficient IT operations, scarce developer resources, rising app experience expectations from users, increasing security risks, and cloud migration challenges—just to name a few. SVP Kara Sprague digs into the role chaos plays in spurring IT innovation and how F5 solutions enhance and protect organizations’ most valuable assets: applications.
Lori MacVittie highlights F5 Labs research on global attacks against IoT devices from January–June 2018, pointing out the sobering implications. Not only do IoT devices continue to be exploited, but they are being transformed into attack platforms, meaning attackers can better take advantage of what’s emerged as a guaranteed growth market.
Modern security is a multi-vendor proposition. F5’s industry-leading Web Application Firewall solutions (such as Advanced WAF) can now be integrated with AWS Security Hub, allowing predefined alert information from blocked traffic (such as attack type, source, etc.) to be escalated to this central console for further review, alongside inputs from other security products.
A particularly compelling advantage of applying machine learning to application security is that it focuses on constantly learning what is normal and identifying what is not. Lori MacVittie explains how layer 7 Behavioral Denial-of-Service (DoS) protection is like a flu vaccine that's capable of detecting the virus responsible based on its behavior rather than its actual composition.
Before the start of AWS re:Invent, we’re excited to share the new Quick Start integration between F5 and AWS. F5’s Tom Atkins discusses how the service launches, configures, and runs the AWS compute, network, storage, and other services required to deploy your workloads on AWS.
Cryptography is naturally a computationally expensive process, meaning it takes more CPU cycles to encrypt or decrypt a message than to execute business logic. For cloud deployments, these added CPU cycles have been an accepted cost because the point is to shift capital costs to operational expense. But decrypting and encrypting a message multiple times—at a non-zero cost each time—can really add up.
F5’s Robert Haynes looks forward to AWS re:Invent, sharing his perspectives and tips on how to avoid an ‘enthusiasm hangover’ after the conference when returning from a week’s worth of heady discussions around cloud innovation, enhanced features, and new opportunities.
In technology, simplification means abstraction, with declarative interfaces serving as a good example of that abstraction. By simplifying the interfaces used to provision, configure, manage, and integrate infrastructure today, declarative interfaces democratize infrastructure and open up opportunities for both NetOps and DevOps.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer. Of note this quarter again is a continuing rise in use of bot defense services, as well as growth around analytics-related services.
Generally speaking, “ignore vulnerabilities” is not something you expect to hear from a security company. And you certainly don't see “ignore vulnerabilities” paired with the notion of “improving security.” But now you have. F5’s Lori MacVittie is kind enough to elaborate.
When approaching your production pipeline “as code,” it’s a certain bet that multiple sets of operators and developers will be responsible for it. This lies at the heart of the push for standardization—especially as NetOps takes the plunge into developing and maintaining systems to automate and orchestrate elements of the network and application service infrastructure.
So how does one flesh out a detailed digital transformation plan? First, take a quick look at the relationship between applications and your ambitions around digitalization. Then, work with partners and vendors who have been guiding the application-focused evolution of business processes for years and have delivered tangible results.
Just as it’s true that the application platform—the web or app server or app engine—must be provisioned first, so too must the network and application service platforms be provisioned before they can be configured. Increasingly, and especially in cloud environments, that provisioning and configuration process is driven by systems like HashiCorp's Terraform.
Multi-cloud is one of the hottest buzzwords in IT today. 85% of organizations are committed to a multi-cloud architecture. The other 15% are probably doing it by accident.
The Open Web Application Security Project is a non-profit organization dedicated to providing unbiased, practical information about application security.
In this series of webinars, learn how F5 can help you navigate the sea change in network and application management.
Today, your applications are your business, and they are also the gateway to your data for cybercriminals. Protecting your data, and your business starts by thinking app security first.
Speculation continues around why businesses and industries formerly reluctant to officially encourage open source software use have suddenly embraced it. Most often, the legacy culprit is assumed to be a fear of legal liability. But another catalyst is the driving force of digital transformation.
Serverless means developers don’t need to worry about infrastructure. And the business, too, sees value in its speed and efficiency. Combined with the frictionless nature of deploying code with serverless, you can be out the door with functionality in hours rather than weeks or months.
F5 is one of an exclusive group of launch partners of AWS’ Consulting Partner Private Offers Program, giving partners extended capabilities in making F5 application services available to customers via the AWS Marketplace.
Chief Architect Dave Schmitt and the Office of the CTO reflect on the importance of hardware security expertise in the context of the recent Bloomberg piece on Super Micro. The article also includes questions to ask your vendors to help make sure your systems are protected.
Infrastructure, Configuration, Pipeline, Operations. Suddenly everything is “as code.” Lori MacVittie attempts to sort through the terminology and identify the different components within a continuous IT stack.
Lori MacVittie explores how the industry has found itself with a strange hybrid of Service-Oriented and Microservice architectures that leaves many wondering where one ends and the other begins.
When we recently polled IT ops practitioners on the ‘State of Network Automation,’ we found the market experiencing a number of challenges. Among those cited specifically by NetOps professionals was a lack of integrated tools with which to move forward with automation efforts.
While the adoption of cloud and containers have disrupted typical network architectures, applications remain tethered to the data for which they are the primary interface. CTO Ryan Kearny explains how a cause-and-effect relationship between apps and data is critical to the future of application delivery, particularly as we find ourselves on the verge of generating more data than we can move.
The goal of automation in almost any industry focuses on optimization and eliminating bottlenecks. In the world of IT, that typically means addressing the in-between steps of an operational process.
From day one of development through post-deployment, the choices we make regarding the security of the entire application stack play out with far-reaching consequences.
A closer look at recent enhancements to the F5 Labs site, and how the team is improving access to application security and threat analysis research.
For many IT groups, the pressure to migrate to public clouds is immense. An F5 collaboration simplifies applications running across Microsoft Azure Stack regions into a consolidated infrastructure for business operations.
F5 is highlighted in this year’s 2019 TAG Cyber Security Annual, designed to provide advisory guidance to security professionals.
The evolution of F5’s annual survey now emphasizes the application services you need rather than the platforms you use to deliver them. Learn more and participate in the survey today!
APIs are not integration. They are a means to implement integration. And judging by the challenges seen in the industry, they aren’t enough for IT to get continuous.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer.
Lori MacVittie comments on a recent report from Lacework highlighting the need to reiterate one of the common core security rules: Thou Shalt Not Leave Admin Consoles Open
Just as previous app architectures have driven responses in the network infrastructure, so are containers and microservices. Only this time the changes aren’t coming in the form of a new box. What’s happening now is the move to integrate the application services developers need into the container environment.
During F5’s recent Agility conference in Boston, a group of industry participants from the global service provider community met to discuss and debate topics such as the role of emerging SDN infrastructures, automation, and security.
For decades, application services have been deployed on shared platforms. But emerging application architectures such as microservices are forcing changes in the production pipeline that better map to modern deployment schedules and operational practices like infrastructure as code.
From F5’s Office of the CTO, Lori MacVittie draws connection points between DevOps practices and F5’s new declarative interface that decreases reliance on APIs and increases the ability to implement a fully automated, continuous deployment pipeline.
Lori MacVittie explores the potential of achieving an ‘MVD’ for an application by adopting a per-app architecture for its tightly coupled app services.
SVP Kara Sprague explores the emergence of Application Capital in the context of customer expectations, industry trends, and F5 innovations.
The association of a singular identity with an IP address is so tightly ingrained in our heads that we tend to apply it to other areas of technology. Even when it’s utterly ineffective.
The data shows that despite the challenges inherent in automation, NetOps aren't nearly as far behind as some posit.
Sometimes I love reading commentary from El Reg on IT and technology. Delivered with just the right amount of bite, their bark is often right on target. Other times, though, they miss the mark.
One of the interesting things about the cyber security industry is the degree to which vendors essentially wind up on the same side.
So says the data. It would be easy to dismiss the importance of network automation by claiming that the size of your organization
Or is that ‘tears’ of frustration? ¯\_(ツ)_/¯ Perhaps it’s both.
There is a relationship between network and application architectures. Usually we like to talk about how changes and shifts in application architectures impact the...
In a more balanced world, application users would have the same level of concern for the security of their data as they do for their access to it.
Oh yes. It’s happening. Consider making it a part of your overarching cloud strategy to make the process less painful. What do the following have in common? Salmon, Canadian Geese, Monarch butterflies, and applications. If you guessed all of...
Back in 2015, I noted that Software was Eating IT. That was based on data culled from a variety of industry sources included RightScale, HBR, PWC, and others. From development to deployment to delivery, software was taking over everywhere. But...
A full-proxy for both SSL/TLS and HTTP, SSL Orchestrator can make intelligent decisions to steer inbound and outbound traffic to service chains within the security stack. No other solution can do that.
Frank Strobel highlights the role of F5's partner ecosystem in strengthening security, increasing scale and availability, and reducing operational costs.
What do terms like Identity Perimeter and Zero Trust actually mean for you? Graham Alderson takes a look in the context of F5's new Access Manager.
Sure, a data breach may cost more (at least right now) and it certainly forces your failure into the limelight (you gotta notify) but security can’t be just about data exposure. These days you only hear about a breach if there’s been a data...
As a developer, my favorite editor for writing code is vim. I know, I know. But it’s fast, I can get around in it, and it isn’t emacs. (Yeah, I went there.)
Perfect for development and test purposes, these instances provide true cloud-native operational flexibility with no long-term commitments or contracts.
Brian McHenry looks at F5's diversity of WAF services and web application security capabilities in the context of a recent analyst report.
There’s an old business axiom we all know that goes like this: The customer is always right. In this digital economy, it turns out that axiom has to change to read: The customer’s data is always right. Let me illustrate with a little...
There are days when the jargon coming out of container land makes your head swim. With each new capability or feature offered by related solutions – service mesh, orchestrators, registries – seems to mandate a new term or phrase.
Website or apps under attack? See what F5's emergency incident response services can do for you (and the broader security community).
These virtual editions protect applications and data with complete feature parity across on-premises and multi-cloud deployments.
Back in 2013, we were introduced to the concept of an immutable server. An immutable server is, as the term immutable suggests, static. Its configuration is fixed and cannot (or at least should not) be changed. If changes are required, a new...
F5 rounds out its appliance portfolio with improved price/performance, along with enhanced security and compliance features.
The Hunt for IoT by our own F5 Labs threat researchers continues. Its latest report exposes not only an active search for vulnerable IoT devices, but the targeting of build infrastructure.
When I was a wee lass getting ready to deliver my company’s very first Internet-enabled application, I learned a valuable lesson. It wasn’t about technology. It wasn’t about the Internet. It was about processes and how frustrating they can be t...
With F5 BIG-IP virtual editions, IoT-focused organizations can seamlessly deploy in public or multi-cloud environments with maximum flexibility.
Confidence in the public cloud is on the rise as the market and platforms mature, thanks in part to certification and competency validations from major providers.
AWS has just announced enhanced F5 managed security capabilities on AWS WAF around Bot Protection, CVE Vulnerabilities, and Web Exploits.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer. Of note is a rise in use of bot defense services and the slow but steady inroads being made by HTTP/2. While not an application..
Changes to the EU’s roaming regulations and raised awareness of security risks are fueling dramatic increases in GPRS Tunneling Protocol (GTP) traffic.
Apps are under siege. Attacks occur with alarming frequency – every 39 seconds according to research conducted by the University of Maryland
Network slicing is one of the most important 5G innovations available to mobile operators, allowing them to subdivide one physical network into multiple logical networks.
F5 technology offers a cost-effective solution to the challenge of video by improving the way Transmission Control Protocol (TCP) works on the mobile network.
Introducing Per-App offerings of F5 BIG-IP Virtual Edition for local traffic management and web application firewall services.
DX for BFSI industry Summary blog from Analyst Communication in APCJ theater by Kei.
Discover the key findings of F5's fourth annual State of Application Delivery report.
With our 4th annual SOAD report published, we look back and share how the market has evolved, and what we have learned.
Lori MacVittie continues her series on “The Art of Scaling Containers”, after touching on discovery and distribution, this blog digs into retries.
Like multi-cloud, automation can be (and should be) strategic. In a perfect IT world, we would see the smooth road of (internal) digital transformation follow a predictable path to success. It would start with the selection of platforms and...
Apps are the strategy upon which business has staked its digital survival, and F5 Labs research shows they will remain under siege in 2018. This year, let’s resolve to be vigilant in their protection, no matter whether they lie over hill in the...
As December brings 2017 to a close, it also marks an opportunity to be retrospective and look back on the year that was. This past month, we’ve been highlighting some of our blog posts, security research, reports, F5 Labs threat intelligence, and...
Lori MacVittie decided to put down in digital ink what the data and technology cycle is showing will be pretty much a given in 2018.
Peter Silva looks into the crystal balls of IT industry pundits and compiles a list of annual predictions for the coming year.
F5's Chad Whalen reflects on the significant advancements F5 has made with AWS following an amazing week at AWS re:Invent.
The BIG-IP Virtual Edition showcased its ability to ensure performance, availability, and security for business-critical applications hosted within the AWS cloud.
Whether we like it or not, HTTP is the de facto application transport protocol of the modern age. We use it everywhere. It’s as ubiquitous as IP and TCP, and serves much the same purpose. Its only goal is to transport the digital gold of today’s...
This year we hosted a series of Cloud focused events in the region and were fortunate to be able to connect with a number of customers. In this blog, I would like to summarize where those customers are, in terms of their Cloud shift, and wrap up...
Back in 1983, a group of like-minded folks in the computer and telecom industries got together to create a detailed specification they called the Open Systems Interconnection (OSI).
When considering vulnerabilities, remember application security is a stack. You may have heard me say this before, but sometimes we need a reminder that modern applications are never deployed alone.
The data path contains multiple insertion points at which a WAF can be deployed. But that doesn’t mean every insertion point is a good idea.
Okay, NetOps. As you’re getting all automated up and scripting your hearts out, it’s time for a gentle reminder about security. I’m not talking about firewalls and WAF or other security services you may be responsible for.
For most enterprises, the concept of cloud is well in the process of crossing the “chasm” from early adoption to early majority.
Learning online is big. Especially for those who self-identify as a developer. If you take a peek at Stack Overflow’s annual developer survey...
We are, I think it’s safe to say, universally delighted by technology. The mundane is transformed into the magical by the mere introduction of technology. The novelty wears off after a time, of course, but by then there’s some other task that has...
It has been said – and not just by me – that encrypted malicious code is still malicious code. The encryption does nothing to change that...
Along with their just-opened San Jose data center, Equinix leverages F5 BIG-IP for application services to support multi-cloud interconnection.
content="The Ansible community requires everyone to be nice to each other, to be empathetic and to be kind. This is best evidenced by the Ansible Code of Conduct for events. One excerpt: “Ansible is dedicated to providing a harassment-free conference..."
Over the past year, F5 and Ansible have been working hard to bring network automation solutions to our customers.
In successive releases, Ansible has introduced more and more network automation functionality, including persistent connections,...
Don’t let anyone tell you hardware doesn’t matter. Hardware is everywhere. In every mobile phone. Every Fitbit and techno-gadget we own. In our cars. In our laptops and tablets. Increasingly, it’s in our appliances. In our watches. And apparently,...
To untangle the complexity inherent in IT automation today, we need to find a better way to construct the workflows that represent the processes used to deploy, manage, and configure IT infrastructure.
It’s no secret that security is the leading concern for the majority of public cloud users, but for some organizations and government agencies, it is even more paramount. For these groups, highly stringent regulatory and compliance requirements...
IT has to embrace standardization of the code that makes IT go or risk creating systems that syphon off the financial and efficacy benefits of IT automation. I spent nearly a decade developing software. Embedded software. Web software....
F5's David Holmes looks back at the recently concluded DC25 and ponders future attendance.
In January of 2017, the very popular MongoDB suffered what seems to be becoming a fairly predictable tactic for attackers: taking data hostage. Subsequent investigation noted that for the most part, attackers had exploited … nothing.
Much is made of the archetypical relationship between DevOps and NetOps. We are constantly barraged with a litany of “us versus them” rhetoric that pits the one against the other...
There are two sides to every coin, so the old adage goes. It goes without saying that both sides of the coin are the same color even if they bear different images. So we discovered when we dove into the middle of DevOps and NetOps. W...
F5's principal threat research evangelist puts on his reporter hat to bring you some insights from one of the oldest hacker conferences there is.
While apps represent opportunities to improve productivity and increase profits, poor performance and annoyed users bring these gains to a halt.
The slow but steady migration to cloud-based environments has had an impact on many aspects of IT. One we rarely make mention of is administration. But we should.
F5's APAC team explores a number of security-themed statistics around IT viewpoints, challenges, and opportunities.
SVP Calvin Rowland breaks down what it means for organizations to deploy multi-cloud solutions, touching on DevOps topics as well.
Developers are having a greater impact on how applications are architected, and in many cases, making unilateral choices that are in effect making business decisions for the company. While nearly two-thirds of enterprise IT managers believe they should be the deciding vote in selecting a public cloud service, moving apps to the cloud, or creating a private cloud, business units disagree about 40 percent of the time. CIOs need to manage this.
Organizations use CAPTCHA to prevent automated attacks like credential stuffing. Learn how cybercriminals bypass it and how to mitigate the risk.
Digital transformation is the application of new technologies to build new business models or processes by leveraging the convergence of people, business, and things.
F5's APAC team presents a stylized guide with tips on protecting yourself from cyber criminals and specific attacks.
Nearly one in five of report respondents have security titles. F5's David Holmes takes a closer look at what's important to them.
F5's Patricia Du discusses service provider topics, including how value-added services improve the customer experience by controlling traffic based on user profiles, network policies, and application characteristics.
App security is a lot of things, but sometimes we need to stop and consider what it isn’t, particularly as the volume and frequency of applications developed and deployed to meet the insatiable demand continues to rise. 1. Not a high priority A...
Guest post from customer Jennifer Cohen, Director of Operations at Line2, a San Francisco-based company that provides cloud phone service for small businesses
We hear a lot about the digital economy and the API economy, but the experience economy is what both are powering.
Continuous deployment doesn’t have to mean every change, every time, right away. But it does have to start somewhere. CI/CD (Continuous Integration/Continuous Delivery) is the domain of developers. It’s the overarching model for improving speed...
There is little doubt (in my mind, at least) that the new standard operating model for enterprise organizations is based largely on cloud. I use the term “cloud” as a broad umbrella for both private (on-premises) and public (off-premises) cloud...
There's potentially a gulf of pain between using cloud services and successfully using cloud services. How will you know if you're being successful? You need the metrics that match your priorities: agility, TCO, reach and productivity.
Applications are moving to public clouds. Maybe not as fast as the market predicted (hoped?), but they are moving.
F5 expands its application delivery services offerings for cloud and container environments.
Everyone’s got one (yes, even us) and all of them are enabled by the (other) API economy.
Lori MacVittie comments on the evolution of the network, and the next wave of architectures rolling in (that’s serverless).
Without the cultural change to a more open, collaborative cross-IT environment, many of the benefits of DevOps can’t be fully realized.
The integration of virtual (software) based network and application services into the CI/CD pipeline is a lot more real than some might think.
The main theme of this year’s Mobile World Congress (MWC) in Barcelona was the ongoing digital transformation toward a “connected society.” 5G will be instrumental in the adoption of Internet of Things (IoT) technologies such as smart...
Making sure you're prepared is often the lion's part of success, and the cloud is no exception. The priority is security.
This week, F5 introduced the first and only turnkey solution package that includes advanced application and security services that are engineered, tested, and certified to run with the Red Hat OpenStack Platform.
Throughout history, certain places have been anointed with the term “gateway to the _____.” These locations are famous for being strategically important for the defense of a kingdom or as a pathway to new opportunities.
While we’re likely all aware that credentials being out in the wild on the black market is a threat, many may not understand exactly why.
Guest post from F5 customer Dwain Powell, PCS Director, The Port Authority of Jamaica
A brief Q&A featuring the company's new CEO, with perspectives on leadership, F5, and other interests.
More than 1,000 APAC respondents participated in F5 annual survey, State of Application Delivery. This year, we unveil the survey findings of Asia Pacific's application services market trends.
Many folks eschew the “cultural” component associated with DevOps. But bound up in “culture” is “communication,” and communication is critical to success not just of DevOps, but for any automation and orchestration efforts in the enterprise.
The success of SaaS is largely due to companies being able to identify and encapsulate in software commoditized business processes. The same holds true for network and infrastructure teams inside the business.
Threat intelligence develops a picture before attacks happen, so you can be prepared if and when they do. Yet, only a quarter of security professionals thought that they were using threat data to effectively combat attackers.
For several years now, my cohort Cindy Borovick and I have conducted, compiled, and analyzed thousands of responses from IT professionals across the globe in response to our State of Application Delivery surveys. The primary focus of this survey...
The changing of the software model from shrink-wrap to cloud brought security from an afterthought to the forefront. Here we dive into on three specific areas: confidentiality, integrity and availability.
For all its benefits, digital transformation also brings risk. As breaches become inevitable and commonplace, the need to transfer risk to cyber insurance is increasing quickly.
Executives aren’t nearly as giddy over DevOps as those in the trenches, and the answer may be found in one of these three key concerns.
SDN, which started out with a roar, was last seen whimpering by the side of the technology highway watching containers and DevOps speed by on their way to an invite-only party in the enterprise without so much as glancing back at the recent...
F5 Senior Vice President Lizzie Cohen-Laloum explores how achieving balanced executive dynamics and a broader range of strategic perspectives contribute to a robust chain of command.
Amidst the rush of consumer-facing ads and releases during the 2016 holiday season, Amazon made quite a stir when it announced it was embracing hardware.
Whether it’s related to home automation or personal fitness, the consumer consumption rate for things shows no signs of stopping.
From State of Application Delivery 2017 – The transition from HTTP/1x to HTTP/2 is of great interest given its potentially disruptive impact.
Operators are looking for an open, multi-vendor NFV platform to evolve and scale their networks to lower costs, reduce time to market, and improve operational efficiencies.
As we all know, 4G and LTE are designed to improve capacity, user data-rates, spectrum usage, and latency. 5G represents more than just an evolution of mobile broadband.
Digital transformation cannot be focused solely on the outside, it must include the inside as well. This year’s buzzword bingo card includes the amorphous phrases “digital transformation” and “API economy.” They have real meanings, but they’re...
After many years of discussions and proof of concepts, network functions virtualization (NFV) is now moving away from the conceptual to the realization stage.
Cloudy insights from the State of Application Delivery 2017 – Control. We use that word a lot. Control yourself! Control your own destiny! Control your financial future. Find out how! Control is a simple word that connotes a very powerful concept...
Imagine your best-case scenario: You’ve conducted security awareness training for your users and have educated them on all the threats that apply to them. You’ve cultivated a culture of security where everyone knows the tactics of phishers...
The Internet of Things (IoT) represents a large new business opportunity for service providers to develop new streams of revenue. For end users, IoT has the potential to provide solutions that can dramatically enhance productivity.
Are you as good at presenting as you are at security? Here’s how to most effectively use the limited time you have with your board to explain the risk and the need, and what to do about both.
Here are four risks of working in the cloud and how to avoid them, and three benefits if you do.
The typical app loses more than three-quarters of its initial users within three days of downloading; in a month that figure climbs to 90 percent. Here are nine reasons why.
Because your company has probably moved to the cloud, there are some things you are going to worry about, but shouldn't: the cloud operator stealing your data at rest, bad actors intercepting and reading your data in flight, bad actors "hacking the cloud" and stealing everything. When you eliminate these things, then you get back to the things that really matter.
In foretelling the future of technology adoption and how it drives business transformation, this piece pays homage to astrology and envisions twelve key predictions to help define the new Asia digital economy.
We asked 2000+ IT pros about their plans for apps, cloud, app services and security--and what they really think about DevOps & SDN.
Thanksgiving and … turkey. Christmas and … trees. Containers and …. microservices. If the first word you thought of for each of those matches my expectations, then you’ve fallen prey to over-association in the technology market today.
With F5’s utility billing, customers can now implement an application delivery infrastructure with no upfront costs.
A cloud-ready application delivery controller is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
A cloud-ready application delivery controller (ADC) is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
The F5 Security Top 16 of 2016 | F5
2016 has been a year to remember when it comes to security (though perhaps also one that many would prefer to forget). Between data breaches, ransomware, hacktivism, zero day vulnerabilities, and DDoS attacks, no one’s information felt as safe as...
A cloud-ready application delivery controller (ADC) is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
It has been 10 years now since Amazon set the digital world on fire with the introduction of Amazon Web Services. Or as most of us today call it, public cloud. Since then, the landscape has grown increasingly cloudy, with a variety of new models...
A cloud-ready application delivery controller (ADC) is not your traditional ADC. Available for deployment on custom or COTS hardware, it’s a scalable software-solution supporting both the need for fast, secure, and available delivery and...
Cyber. Things. Security. DDoS. These are digital disruptions; the modern equivalent of enemies at the gate.
We ran the tests, and the results are in: the new F5 BIG-IP iSeries application delivery platform performs five times faster SSL ECC TPS than comparable devices from our competitors.
F5 has taken a massive step forward in helping customers deliver an application delivery solution that doesn’t force them to choose between security and performance.
And scale leads to speed. And speed leads to success. Suppose one engineer can process a change request in two hours. Suppose another engineer can process that change request in 1.5 hours. If they work together, how long will it take for them to...
If you have HTTP applications in the cloud—any cloud—there is a reasonable chance they will be vulnerable. Applications and the protocols they run remain prime targets...
The latest from F5's Jay Kelley includes a list of considerations when deploying a new identity and access solution for Microsoft Office 365.
Current infrastructure cannot handle the projected explosion of data, connections, and traffic as the world moves into the digital economy. We talk about the digital economy but we don’t often dive into the specifics of what that really means....
Cloud, compliance, and certifications. It's a complex world out there.
No, not that kind of speed. The other kind of speed. Velocity, the speed with which applications can be developed and released into production, is a common driver of organizations adopting agile development methodologies and DevOps for...
A look at one of the most popular business productivity software suites ever, the keys to its longevity, and some of its challenges.
To say that Docker’s container technology is experiencing explosive growth and adoption is not mere hyperbole or wishful thinking on the part of its highly vocal advocates. Nary a day goes by that does not include some new use of the technology or...
For the past few years we (as in the corporate We) have delved into the data center to discover how and why and where enterprises deploy and deliver applications with our State of Application Delivery surveys. We’re focused, of course, on...
Mobile devices are rapidly becoming the instrument of choice for digital users, impacting the financial sector as well. The new generation needs banking to be mobile-friendly, while also overcoming security concerns.
We’re heading back to Las Vegas next week, this time for VMworld, Aug. 28–Sept. 1, at the Mandalay Bay Hotel and Convention Center. VMworld is a great opportunity to better realize the virtual possibilities of F5 and VMware, whether you’re attending the event or following along online.
There has emerged two distinct models of “going cloud.” The first, most obvious, is the native approach. Native meaning new, either greenfield or rewritten. The native approach encourages a narrow focus on the application, the assumption being...
Conducted in partnership with the Ponemon Institute, the report surveys 605 IT and IT security professionals about their approach to protecting applications...
"The Internet of Things (IoT) continues to be a topic of interest. And while consumer oriented gadgets and gizmos tend to make headlines, it’s the behind the scenes, in the data center prep work being conducted by early adopters that remain more..."
Tens of millions of people are out exploring the new world of Pokémon Go. It turns out that many of those users are not people at all, but automated agents, or bots. Game-playing bots are not a new phenomenon, but Pokémon Go offers some new use cases for bots.
Service providers are experiencing tremendous growth in traffic. They feel pressure to scale their networks to meet demand while maintaining profitable business models. As the networks scale up and out, their operators face...
With the promise of the Internet of Things (IoT) and 5G on the horizon, industry analysts project there will be 25 billion connected devices worldwide by 2020. Service providers believe that...
Technology tends to use a lot of words interchangeably, but in some cases, the difference is actually pretty profound.
You might have figured out that yes, I’m one of those people playing Pokémon Go. Or, as is often the case of late, not playing Pokémon Go. That’s bad, because it also means our youngest is not playing, because as it turns out we’re bot...
Some of you may remember a time when national security was a question of protecting individuals from crime on the street, or the Army’s defense against international threats. Today, that picture looks very different. If anything, it is more...
An EMEA study of consumer attitudes towards personal data use and privacy
With the proliferation of Internet access, and the explosion of online services over the past decade, more people were and continue to routinely share data loosely with more organisations. As apps and websites have mushroomed, control has...
With fireworks in our rearview mirror, it’s time to turn our focus toward Las Vegas for Cisco Live, July 10-14, at the Mandalay Bay. Whether you’re going to the event or following online, here’s a snapshot of what to expect from F5 at...
Today's mobile network infrastructures are expected to provide highly available services and excellent subscriber experiences.
Grand Rapids is the second-largest city in Michigan, located in the lower peninsula (what we in the Midwest refer to more colloquially as “under the bridge”). There are no remarkable landmarks in Grand Rapids, like the Space Needle or the Golden...
There are more than 3.4 billion internet users globally with an estimated 6.4 billion IoT devices being connected to it, making the ecosystem a burgeoning exchange where information and transactions flow every other second. By 2020, Gartner...
Technology moves quickly. Or maybe it just seems like it moves quickly because new movements, approaches, and architectures are popping up left and right. This month, it’s the sudden rise of “serverless” architectures to the fore of everyone’s...
The developers of the Dridex malware display great proficiency in client and server paradigms as well as obfuscation. The following research outlines this skillset. It, along with Dridex authors’ commitment to the constant and frequent updates in the malware’s features, makes Dridex very agile and consequently hard to detect, decrypt, and analyze.
The term hybrid, in technology, has come to mean composing some thing from two or more seemingly disparate things. Hybrid cloud, for example, brings together SaaS, IaaS, and on-premise as the basis for a new, diversified corporate computing...
Distributed Denial of Service (DDoS) is a common attack method used by hacker groups and individuals to severely hamper or shut down an organization’s online services, causing both monetary and reputation losses. Whereas DDoS attacks have been...
Introducing F5’s BIG-IP 10350v-F platform, a FIPS 140-2 Level 3 supported implementation of the latest generation HSM delivering leading SSL bulk crypto performance, and superior price/performance ratio.
When we think of virtual desktop infrastructure (VDI) it usually conjures up images (ha! see what I did there?) of an infrastructure designed to support manageable desktop delivery to vast legions of non-technical users. Because fixing some craz...
F5 perspective on why upgrading network infrastructure matters and how BIG-IP v12.1 can help organizations drive innovation.
Cyberattacks are a fact of life for IT teams, but no one wants to deal with the aftermath of a hacker breach. F5, a leader in application security, has teamed with Comtrade Software to provide users with an additional level of clarity into hacke...
Financial Malware And Their Tricks: Man In The Browser Attacks
Malwares And Their Impact
Malwares have caused billions of dollars as loss for the financial industry, and there is no looking back. At this juncture one would...
The study of philosophy, at least in the past, has involved asking questions that seem, on the surface, to be, well, irrelevant. After all, is it really all that important to know “whether a ship that had been restored by replacing every single...
There’s a kind of repetitive cycle to everything (or so it seems in hindsight) in which changes in app architectures and usage spur the need for new technologies in the network. Technologies designed to address those challenges that impede the...
Just how secure are your apps?
F5’s Anticipate 2016 event happening in Singapore on 18-19 May at St Regis Hotel will take a close look at this pertinent issue.
Security today is primarily centered on protecting the network...
One of the biggest challenges organizations face today is how to “modernize” their traditional data center to meet increasing demands from the business and users alike.
Perspective from F5's Singapore team on how financial applications are going digital and fraudsters are following the trend, including attack and prevention technique details.
"The most significant data breaches in the last 15 years were a result of application vulnerabilities."
Australia is evolving a new way to leverage cloud, and New Zealand is evolving a new efficiency model for government security services. Both countries share one aspect with the rest of the world: challenges around encryption.
Most folks have heard or seen Maslow’s Hierarchy of Needs. If you aren’t familiar with the concept (or need a refresher), here’s the TL;DR – Maslow believed that people are motivated to achieve certain needs. He defined a five level hierarchy...
Perspective from F5's David Holmes, who recently completed a security evangelism tour through Asia-Pacific North (APAC), including his thoughts on the challenges and opportunities in that part of the world.
Recently, F5 has released a number of OpenStack components, including open source LBaaS V2 plugin code, a Heat plugin library, and Heat templates.
During the most recent Mobile World Congress in February 2016, there were a few primary themes that Mobile Network Operators (MNO) and leading-edge vendors (including F5) were discussing. These were the Internet of Things (IoT) and the...
Anyone who has studied philosophy and in particular, logic, knows that there are wide range of logical fallacies that ultimately undermine one’s argument. Most people are probably familiar with the ad hominem fallacy, which attempts to repudiate...
Back in the day (I’m talking 2003 here, so way back in technology years) a lot of hopes and dreams for a more seamless identity management experience were high. That was when Security Assertion Markup Language (SAML) was first coming into vogue...
It’s no secret to those who engage in actual fishing (for real, live fish) that timing matters. Certain types of fish are more active and thus likely to be caught in the morning, others in the evening, and still others in the early afternoon. It...
Once you realize that load balancing with modern, programmable proxies is more than just scale or availability, you start recognizing its potential as part of the application architecture itself.
OpenStack is making its way into production. In OpenStack’s sixth user survey, it found that 60% of deployments were there, in production. That’s compared to only 32% a mere two years earlier. That’s in part thanks to the steady growth of...
Companies of all sizes are bombarded daily by network attacks and breaches. One of the most basic, yet effective network attacks against organizations and their applications are distributed denial of service (DDoS) attacks. The onslaught of these enterprise-aimed attacks has even the most security conscious organizations questioning their application defenses.
As is the case with every technology that comes to dominate data center conversations, DevOps is currently suffering from definition fatigue. Actually at this point I think it’s exhaustion, but the line between the two is difficult to determine....
Security at massive scale to support the Internet of Things (IoT) & 4G/5G networks
For mobile operators, services delivery continues to dramatically evolve. This presents both challenges in and opportunities to be realized at the service layer; from network functions virtualization, security for IoT, video optimization, and to...
It’s that time of year again, time for the mobile industry to head to Barcelona to celebrate Mobile World Congress. It’s by far the largest mobile event in the world, and this year’s theme is ‘Mobile Is Everything.’ And for good reason: so much...
There’s an old myth associated with vampires that says they can only enter your home if invited. Obviously it’s in your best interests to not invite that vampire into your home. The problem is, of course, is how do you know that devilishl...
Integration combines IBM MaaS360 and F5 BIG-IP Access Policy Manager
If someone from the 19th century was teleported to witness a mathematics class in action in the year 2016, I would pay to see their astonished looks! From smart board interactions to children fiddling with iPads absorbing all the knowledge the...
How Standardization Enables a Customizable Per-App (Microservices) Approach to App Security
The global SDN market will be worth $12.5 billion by 2020...
Having watched the ebb and flow of technology trends over the past, well, many years, I’ve come to the conclusion that that the very first thing that drives adoption of new technology is all about costs. When cloud was first introduced, surv...
EVP Kristen Dimlow shares her thoughts as global teams mark the occasion.