BLOG

Getting Ahead of NIS2: How F5 Can Help

Bart Salaets Miniatura
Bart Salaets
Published November 16, 2023

The EU’s sweeping new Network and Information Security Directive (NIS2) will require many more companies to shore up their cyber defences.

As the directive is implemented by EU member states over the next 12 months, now is the time to figure out how to ensure compliance with the new rules. 

This article explains how F5 can help you meet NIS2’s rigorous risk management and reporting requirements.

Managing Your Risks More Effectively

More than ever before, applications create and catalyse new business models and revenue growth. They shape customer experiences, enable and automate operations, and alchemise data into insights. In other words, it’s what helps organisations innovate and stand out from the crowd.

At the same time, application programming interfaces (APIs) are on a relentless growth trajectory. APIs enable communication and data sharing between different systems, so they are central to how companies operate and create value for themselves and others.

However, for all their potential, apps and APIs can create some real headaches for those trying to manage and make sense of it all, and NIS2 is only going to add to the pain if you don’t get it right.

Risk management is major area of focus for NIS2. This means—you guessed it—you’ll have to get to grips with your apps and APIs, wherever they reside. That challenge is compounded by the fact that, according to our State of Application Strategy Report, 85% of organisations today are deploying their apps and APIs across multiple locations—including on-premises data centers, multiple public clouds, and edge sites.

This is where F5 Distributed Cloud (XC) Services come in.  

These are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment or wherever needed—data center, multi-cloud, or the network or enterprise edge.

The F5 Distributed Cloud WAAP solution is particularly useful in the context of NIS2, bringing together four key components critical to securing the digital experience for today’s modern enterprises:

  • Web Application Firewall (WAF): F5 Distributed Cloud WAF leverages powerful Advanced WAF technology, combining signature—and behavior-based protection for web applications. It acts as an intermediate proxy to inspect application requests and responses to block and mitigate a broad spectrum of risks stemming from the OWASP Top 10 threat campaigns, malicious users, and more. A good NIS2-related example here is when new vulnerabilities in software components/tools are detected, such as those related to Log4j. Virtual patching through the WAF component in F5’s XC WAAP solution can immediately mitigate all attacks to all apps, no matter where they, or their component microservices, are located. F5’s XC WAAP gives organisations the time they need to start patching all their systems, while significantly reducing the window for malicious actors to exploit this vulnerability to launch ransomware or perform other attacks. By maintaining business continuity while under attack, your company will be meeting a key requirement of NIS2.

  • API Security: F5 Distributed Cloud API Security safeguards application programming interfaces (APIs) from threat actors attempting to exploit them to facilitate a breach or service outage. With automatic API discovery that can identify and map API endpoints to any app and provide support for a positive security model through API swagger import organisations can easily observe, refine, and enforce proper API behavior.

  • Bot Defense: F5 Distributed Cloud Bot Defense manages and deflects malicious automation to prevent sophisticated, human-emulating attacks. It brings together unified telemetry, network intelligence, and AI/ML with human analysis to identify and defend against automated threats such as credential stuffing and account takeover, scraping, card cracking, and more.

  • DDoS Mitigation: With F5 Distributed Cloud DDoS Mitigation, organisations get multi-layered protection against attacks across layers 3–7, including network-level shielding from volumetric distributed denial-of-service (DDoS), DoS signatures, service policies including rate limiting, IP reputation, and advanced scrubbing with deep packet inspection. This provides protection from spoofed and malformed traffic, request floods, and other forms of abuse that attempt to overload web properties and apps.

Recent insights from F5 Labs and other organisations have shown that geopolitical tensions are driving a huge increase in DDoS attacks. Application-centric DDoS attacks are particularly prevalent and are clearly aiming to bring applications down. This will undoubtedly continue well into the future, and NIS2 will be hounding any organisation that doesn’t stay on top of the problem(s).

In essence, F5 Distributed Cloud WAAP breaks down organisational silos to bridge old and new operating models, as well as legacy and modern apps, on a business and technical level. It simplifies security policy and enforcement across clouds, data centers, and edge locations to reduce complexity and ensure more consistent policy. In other words, exactly what NIS2 calls for and what you should be aspiring to anyway, regardless of regulations.

Meeting the Tough New Reporting Requirements

NIS2’s demanding and detailed reporting obligations make it essential that businesses have full visibility of what is happening across their digital processes and, in particular, their digital interfaces with customers, partners, and suppliers. An organisation must report a security breach to the designated authority within 24 hours of becoming aware of the incident, and flag whether it could have a cross-border impact. The affected organisation must provide an initial assessment indicating the severity and impact of the compromise within 72 hours.

Once again, F5 XC is your friend, providing a single pane of glass that provides visibility across disparate environments, enabling you to monitor your entire app portfolio, as well as the ability to control false positive volumes to keep a strong signal-to-noise ratio, and the ability to investigate and analyse incidents. It can also be used to maintain an accurate asset inventory across those environments, facilitating risk assessments, while helping customers comply with the NIS2 requirement to have the appropriate policies in place, regardless of the environment.

It is important to note that the EU is taking steps to help organisations stay one step ahead of malicious actors and retrospectively penalise sloppy security. For example, the European Union Agency for Cybersecurity (ENISA) and the national computer security incident response teams (CSIRTs) share information about vulnerabilities to better protect businesses within their jurisdictions. F5’s XC solutions can simplify the process of applying this information operationally to mitigate risk across multiple, complex environments. The solution also provides a single, simplified logical interface for developing apps with the appropriate security baked in, across multiple technology stacks and environments.

Cloud-based and easy-to-use, F5’s XC solutions can be employed by any business, regardless of size. The platform provides that “easy button” for enterprises who do not wish or do not have the skills to manage, maintain, and operate their own security solutions or prefer a SaaS experience. Meanwhile, for enterprises with the desire, the skills, and the expertise to manage their security in-house, F5’s BIG-IP and NGINX solutions can be deployed to fully protect both legacy and modern applications as well as their digital interfaces with customers and partners.

Robust app protection is a must to comply with NIS2, and F5’s portfolio can deliver just that.