We hear a lot in the news about increasingly massive DDoS attacks—those network assaults do, after all, lend themselves to catchy headlines featuring “Death Star-sized botnets” and “world record” attacks—but for most enterprises and large organizations, there is a whole spectrum of application attacks that are equally concerning. Just take a look at the “Attack” category page at OWASP.org (that’s the Open Web Application Security Project) and you can see a list of 70 or more techniques that attackers use to exploit vulnerabilities in applications.
Many of these attacks have interesting and fun-sounding names—brute force, spoofing, stuffing, man-in-the-middle, tabnabbing—but in reality, application attacks are no laughing matter. In 2017, for example, the average cost to a US business affected by a data breach was $7.35 million. And data breaches are just the most visible consequence of one subset of attacks—there is also the cost of network disruption or downtime; the expense of having to devote your IT staff to mitigation when they could be focused on innovation; and the losses you suffer when employees, partners, and customers cannot connect to do their jobs, sell your services, or buy your products.
But what is an organization to do? It’s not like you’re going to just give up on using applications. These days, firms of all sizes rely on web applications for just about everything: enhancing employee productivity, easing enforcement of business policies, analyzing huge amounts of data, and processing everything from payroll to accounts payable. Unfortunately, would-be attackers know how valuable these applications are to your organization, and they’re more determined than ever to bring down or compromise your most critical web apps.
For most organizations, the first line of defense is a web application firewall (WAF). Our most recent State of Application Delivery report shows that 98% of respondents protect at least some part of their application portfolio with a WAF—and more than 40% protect half or more of their apps.
As an industry leader in WAF, F5 is thrilled to see the rest of the world coming around to what we’ve been preaching for years. But you don’t become an industry leader by resting on your laurels, and we continually strive to find ways to make your applications ever more secure. Our recently announced Advanced WAF, for example, goes further than ever before to offer best-in-class application security. Advanced WAF will defend against bots (going beyond signatures and reputation to block evolving automated attacks), prevent account takeover (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioral analytics for high accuracy).
It is also important for us to work with other industry leaders to bring our joint customers a solution that is more capable and more secure than what either of us could deliver on our own. WhiteHat Security is one such partner. WhiteHat provides website risk management solutions that protect data, ensure compliance, and narrow the window of risk. And those solutions dovetail nicely with F5’s new Advanced WAF solution to extend an organization’s ability to defend both customer and corporate data.
Our joint solution (see figure above) uses the F5 open API to integrate Advanced WAF with WhiteHat Sentinel. In such a deployment, Sentinel delivers continuous dynamic scanning, backed by an expert team at the Threat Research Center that verifies every vulnerability to virtually eliminate false positives. At the same time, Advanced WAF is responsible for WAF protection and a host of visibility and reporting capabilities. Through careful integration, Advanced WAF uses the intelligence provided by Sentinel to automatically patch vulnerabilities, oftentimes before code fixes are available.
The result: complete, end-to-end web application security that helps ensure continued business productivity and promote growth.
Learn more:
Deploy a Comprehensive Web Application Security Program – WhiteHat + F5 Integration
Key Considerations in Choosing a Web Application Firewall – F5 Whitepaper
What can you do today to prevent a breach? – WhiteHat Technical Insight
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...