January 02, 2020

Build Your Immunity Across All App-Security Insertion Points

1 min. read

Years ago, I worked on a consulting project for a large financial services company, which had recently invested $20 million into their core offering, a managed services platform for financials that was used by hundreds of customers.

We did a Failure Mode Effect Analysis for them, looking at every component making up the major service—every app, every piece of infrastructure supporting each app, every business process, every development and IT process—and every permutation of interactions across that entire stack.

As it turned out, the routers they were using for each of their dedicated customers were end of life, which we flagged as an issue. Sure enough, all of those routers came up with a bug that turned into a nasty illness. It took down the entire infrastructure and none of the firm’s customers could access their financial systems to process invoices, make or receive payments, initiate new purchases. Suffice to say, it was a catastrophe.

The fact that a $20 million service could be taken offline by a $1,000 part goes to show that any system is only as strong as its weakest link and its associated app security insertion point. Major applications today are so complex they rival living organisms, with security acting as an immune system. Infections can come from anywhere, so you have to be looking everywhere, and defending everywhere too.

Read the full article published November 27, 2019 here: by SecurityWeek.

Join the Discussion


Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.