As many non-essential businesses remain closed to help stop the spread of COVID-19, prompting employees and contractors to work from home or remotely for at least a few more weeks, organizations are beginning to shift their technology concerns from securing application access and maintaining user productivity, toward application security.
At the same time, attackers continue to seek out opportunities as users continue to work from home or remotely. As F5 CEO François Locoh-Donou rightly pointed out during F5’s recent quarterly earnings call, attackers prey on curiosity. With this curiosity now piqued, attackers attempt to gather more information about how organizations are attempting to secure applications and data access for their remote users. They are trying to steal insight into personal stimulus checks or small business grants and loans through the Paycheck Protection Program (PPP). Combine this with the increased use of potentially vulnerable home networks—as well as the heightened use of business and personal devices over those networks—and attackers now have burgeoning new opportunities to steal business and personal data.
What Today’s Threats Look Like
Phishing and spearphising attacks have risen significantly as former office dwellers have shifted to working from home or remotely. Phishing websites have grown—and continue to grow—exponentially during this time as well, many using COVID-19 misinformation or fake cures as a lure. Credential theft attacks have also exploded. Attackers are using phony calendar and video conferencing invitations, some with titles like “HR – Layoff Discussion” or the like, to frighten and entice users to click on the invitation. The users then find themselves on a convincing but fake login page, where their credentials are stolen. Ransomware continues unabated. And, a new threat—videobombing—has emerged, where attackers insert themselves in video conferences to annoyingly disrupt meetings, or even surreptitiously recording private video conferences to steal sensitive corporate information.
So, corporate security operations (SecOps) and IT teams now need to worry about securing remote access from virtually everywhere to applications and critical data—for nearly their entire workforce—almost overnight. And at the same time, they also must be cognizant of the fact that employees, contractors, and other personnel working from home may be using easily compromised home networks to access critical applications and data.
Securing remote access helps alleviate some of those concerns. F5 BIG-IP Access Policy Manager delivers a secure remote access solution, via SSL VPN. SSL VPN enables home-based and remote workers to access their corporate network through a secure, encrypted tunnel. The tunnel is encrypted on both the inbound and outbound routes with government-grade 2048-bit key encryption. Every application or file that a home or remote worker accesses passes through a secure, encrypted tunnel.
But, what happens when a user opens their browser and accesses a website while connected via VPN to their corporate network and applications? Or, accesses their personal, web-based email and clicks on a link in an email they’ve received? How can SecOps or IT be sure that the user isn’t sending out sensitive corporate data masked by encryption to that website? Or, that the encrypted website the user is going to doesn’t lead to a malicious command-and-control (C2) server, waiting for communications to trigger an advanced persistent threat (APT) already lying in wait on their network? Or even that the encrypted website or web application being accessed isn’t downloading new, more insidious malware to launch on their network?
Protecting Customers and Their Employees
F5 SSL Orchestrator protects against encrypted threats. It’s a centralized point to decrypt and re-encrypt both incoming and outgoing encrypted traffic. According to F5 Labs, Chrome, the most widely used web browser, now fetches over 86% of web pages over secure HTTPS connections; Firefox grabs HTTPS page loads at a still impressive 80.5% average.
They are hiding malware and other malicious payloads in encrypted traffic. While different solutions in an organization’s security stack are able to decrypt encrypted traffic, those same devices were never designed to address the computationally intensive task of decrypting and then re-encrypting, meaning they often cannot support or enforce the robust security capabilities they were purchased for in the first place. These devices can simply fail when trying to decrypt traffic, or may allow traffic to bypass inspection completely, or they may not be able to address the latest encryption protocols and ciphers, increasing the chance of threats entering the network. Moreover, if all of the security devices are run in sequence or are daisy-chained, there is a risk that if a security device breaks down, goes offline, or needs to be replaced, traffic may again bypass uninhibited because a link in the chain has been broken.
F5 SSL Orchestrator enables SecOps and IT to design dynamic service chains, allowing just the security solutions needed to inspect decrypted traffic for specific traffic types to check that traffic, based on SSL Orchestrator’s contextual policy engine. The traffic is automatically steered by SSL Orchestrator to the appropriate dynamic service chain, checked by existing security solutions earmarked for that traffic in the security stack, then redirected back to SSL Orchestrator for re-encryption.
Combining BIG-IP APM and SSL Orchestrator empowers organizations to secure access to their network, applications, and data by employees, contractors, and other users now working from home or remotely. In addition, these solutions protect users who have already securely accessed the organization’s network, applications, and data remotely from intentionally or inadvertently exfiltrating sensitive data, communicating with nefarious command-and-control servers, or downloading malware hidden within encrypted traffic via phishing or other attack methods. Simply put, F5 enables and secures apps and access to them from anywhere.
For more information on F5 BIG-IP APM, please click here.
For more information on F5 SSL Orchestrator, please click here.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.