“What’s going on here?!”
That has got to be among the most common phrases heard in IT departments around the world. “What’s going on here?” “Help me understand the problem so I can come up with a solution.” “Help me understand the threat so I can harden our defenses.”
F5 intends to help address these crucial topics for customers who want to address timely and critical issues about their workloads with F5 Distributed Cloud Web App and API Protection (WAAP) deployed to secure workloads on-prem, across clouds, or at the edge, highlighting security threats, performance, and operations challenges.
Typically, as an example, the most effective way to get to the heart of many security-related problems in a timely manner starts with the right analytics and data visualization tools. Two of the most popular analytics SIEM (Security Information and Event Management) tool vendors are Datadog and Splunk, and now F5 Distributed Cloud WAAP enables professionals in NetOps, DevSecOps, or SecOps to visualize their unruly, unrelenting, and constantly changing data through these SIEM platforms.
Analytics are made possible by F5 Distributed Cloud WAAP providing event-based log streams. Or, to be more precise, these log streams are provided in a common JSON payload format. As always, any JSON captured log stream is just a snapshot in time—but now more than ever, that “log” is a steady stream of data—and in its raw form it can be a fearsome thing.
Taming this beast and making sense of the data is the job of data monitoring and analytics SIEM platforms like Datadog and Splunk, and chief among their capabilities is data visualization in its many forms. Including, of course, visualizing rich, information-packed log streams in a human-readable and intuitive manner that can readily be integrated into an overall SIEM strategy.
Something SIEMs Fishy Here
SIEM is a combination of security information management (SIM; with a focus on storage and analytics of logs, metrics, and other data) and security event management (SEM; focusing on real-time monitoring of events). SIEM includes the best of both worlds and provides real-time monitoring and analytics of the network and the security environment while also allowing tracking and logging for compliance or auditing purposes.
To enable data-driven decision-making, F5 Distributed Cloud WAAP provides logging today to two of the most popular modern SIEM platforms in Datadog and Splunk, with other leading vendors in this space soon to be added. Whether your applications are running within the F5 Global Network, in your own data centers, or elsewhere, you will need clear visualizations and analytics from the LAN to the WAN to AWS, Azure, Google Cloud, and everything in between to answer the question, “What’s going on here?”
F5 Distributed Cloud WAAP Compatibility
F5 Distributed Cloud WAAP is dedicated to ensuring that NetOps, SecOps, and DevSecOps professionals can access its log streams with their favorite SIEM vendor platforms. If you’re already using Splunk or Datadog, it’s only natural you’d expect to be able to tap into a holistic view with the tools you already use—and we’re committed to enabling this for you!
Among the many potential reasons to integrate your SIEM platform with your F5 Distributed Cloud WAAP deployment is the ability to ingest and aggregate routing, network, and client data with WAF, DDoS, or API Protection logs to provide additional context that can improve security and provide insights for troubleshooting.
Whatever you’re looking for in the vast trove of your cloud platform log streams, F5 Distributed Cloud Services help ensure your data visualization and analytics tools deliver all the functionality you expect. Find out how easy it is to get started today with F5 Distributed Cloud WAAP via our simulator experience and, if you are an existing F5 Distributed Cloud Services customer, go here to find out how easy it is to enable analytics with Datadog and Splunk in this demo showing these partner integrations natively available in the F5 Distributed Cloud Console.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.