Apps And Identities - magellan netzwerke GmbH · PDF file 2018-06-21 · aws waf...

Click here to load reader

  • date post

    05-Jul-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Apps And Identities - magellan netzwerke GmbH · PDF file 2018-06-21 · aws waf...

  • Apps And Identities Initial Targets In 86% Of Breaches

    3%

    11%

    33%

    53%

    O t her ( VP N , P oS , i nf ra .)

    P hysi ca l

    U ser / I den ti t y

    We b Ap p A tt ac ks

  • Stop web attacks

    Fix vulnerabilities

    Risk & compliance

  • What is the OWASP Top 10?

    Top 10 is a broad consensus on the most critical web application security flaws

    Most are very well known attack vectors that persist Coverage is a mandatory minimum for some regulatory requirements such as PCI DSS

  • Here’s the good news.

    WAF Technology

    WAFs provide coverage for OWASP Top 10

    WAF offers protection against application

    attacks

    WAFs can be an alternative to code review

    WAFs fix vulnerabilities promptly without

    maintenance windows

    WAFs don’t require access to source code

    or developers

  • Non-API users

    Self-selected use Tech savvy consumers

    Innovators Disruptors

    Enterprise use Business partners

    Distribution partners Suppliers

    Product integration Business partners Product ecosystem

    Tech-savvy consumers

    Open Web APIs

    B2B APIs Product APIs

    Internal API

    Enterprise Applications (custom, off-the-shelf, on premise, cloud) Products

    Digital experience

    Mobile Web

  • App-layer DDoS has increased by 43%

    77% of web attacks start from botnets

    3 Billion Credentials were reported stolen in 2016

  • Traditional WAF:

    SSL/TLS InspectionSSL/TLS Inspection

    ScriptingScripting

    OWASP Top 10OWASP Top 10

    Advanced WAF:

    Malicious Bots

    Credential Attacks

    API Attacks

    SSL/TLS Inspection

    Scripting

    OWASP Top 10

  • APPLICATION PROTECTION

    ADVANCED WAF

    APP-LAYER ENCRYPTION

    BEHAVIORAL DDOS

    ANTI-BOT MOBILE SDK

    PROACTIVE BOT DEFENSE

  • Automation

    Half of Internet traffic comes from bots

    30% is malicious

    web attacks account takeover Vulnerability Scanning Web Scraping

    Denial of Service

  • Simple bots

    Impersonating Bots

    Bots with cookies / JS support

    Bots that simulate browsers

    Google

  • target of the same automated attacks

    needs mobile specific security

    lack mature security capabilities

  • Figure Credit: Verizon 2017 Data Breach Investigations Report

  • Use Case - Account Takeover

    Problem: • Criminals are performing

    account takeover by stealing account credential via malware

    Benefits: • Prevent the use of dumped

    credential databases (credential stuffing)

    • Prevent the theft of user credentials (credential harvesting)

    • Protect mobile apps - Identify and pass only the desired mobile applications.

    Solution: • App-level credential

    encryption • Anti-bot mobile SDK • Credential Stuffing protection • Brute force protection

    Mobile A uthen tica tion P ro tec tion

    C reden tia l E ncryp tion

    Hacker

    A nti-bo t M ob ile S D K

    Bots D ata C en te r In te rconnect C loud

    ATO P ro tec tion

    Users credentials

  • © F5 Networks, Inc 22

    DDoS 101 – The Targets Volumetric Attacks on Bandwidth

    Attacks on RAM. Firewall state tables.

    Targeted Attacks. Bugs and flaws in stack.

    Attacks on Server stack. Low and Slow.

    Attacks on crypto capacity. SSL floods.

    Attacks on CPU. IPS Signature Scanning.

  • Use Case - DDoS Attacks

    D D O S M anaged S erv ice

    Hacker Bots S ilve rline C loud S erv ices

    Users

    Layer 3 D D O S P ro tec tion

    O n-P rem ises

    Layer 7 D D O S P ro tec tion

    Core

    DDoS Hybrid Defender

    Advanced WAF

    Users

    O ption : conso lida te in to a s ing le layer 3 -7 so lu tion

    Silverline Always

    On

    under attack

    Communication (signaling)

    Problem: • DDOS attacks are growing, but your

    resources are not • DDoS mitigation time is slow due to

    manual initiation and difficult policy tuning

    Benefits: • On-premise hardware acts immediately

    and automatically to mitigate attacks. • Silverline cloud services minimizes the

    risk of larger attacks crippling your site or applications

    Solution: • Always-on protection with on-premises

    hardware • Mitigate with layered defense strategy and

    cloud services • F5 SOC monitoring with portal • Protect against all attacks with granular

    control • Eliminate time-consuming manual

    tuning with machine learning

  • F5 Advanced WAF Protect against bots, credential attacks, and app-layer DoS

    Key Benefits: • Protects Web and mobile apps from

    exploits, bots, theft, app-layer DoS • Prevent malware from stealing data

    and credentials

    • Prevent Brute Force attacks that use stolen credentials

    • Eliminate time-consuming manual tuning for App-layer DoS protection

    Defend against bots • Proactive bot defense • Anti-bot mobile SDK

    • Client and server monitoring

    Protect apps from DoS • Auto-tuning • Behavioral analytics

    • Dynamic signatures

    Prevent Account Takeover • App-level encryption • Mobile app tampering

    • Brute Force protection

    Mobile

    B ot M itiga tion C reden tia l P ro tec tion

    A pp-Layer D oS

    Hacker

    A nti-bo t M ob ile S D K

    Bots

    F 5 A dvanced W A F

    Users credentials

  • Maximizing Value From Your WAFTHE CHANGING DYNAMICS OF APPLICATION SECURITY

    Vulnerabilities

    & Exploits

    Automated

    Attacks

    Mobile

    Applications

    Credential

    & Data Theft

    Low & Slow

    DDoS

    API

    Vulnerabilities

    !

    DataSafe

    Encryption

    Credential

    Stuffing

    Web Application

    Firewall

    Proactive

    Bot Defense

    Behavioral

    Analytics

    Threat

    Campaigns

    Anti-Bot

    Mobile SDK

    API Protocol

    Security

    Device

    Identification

    Threat Intelligence Feeds

  • Solution

    Deployment

    Advanced WAF

    Standalone BIG-IP

    iSeriesVIPRION VE

    Cloud

    LTM/GBB/ASM Upgrade

    A dvanced W A F LaunchP ad (U pgrade on ly )

    A dvanced W A F Ins ta lla tion fo r V IP R IO N

    A dvanced W A F Ins ta lla tion fo r B IG -IP

    AWS Azure Google

    Managed Services

    F5 Silverline

    W A F M anaged W A F E xpress D D oS P ro tec tion

    F 5 M anaged R u les fo r

    AW S W A F

    A dvanced W A F Ins ta lla tion fo r B IG -IP

    Bot Defense DataSafe Encryption Behavioral DoS

    LicensingE nterp rise P er-A pp-V EB Y O L C loud M arke tp lace C loud L icens ing

    P rogram

    Anti-Bot Mobile

    Professional Services

    A ppdom e

    Apple

    Android

    A dd-on

    SDK

    Fusion

    Threat Intel IP In te lligence

    C reden tia l S tu ffing

    T hrea t C am pa igns

    D ev ice Iden tifica tion

    D D oS H ybrid D e fender

    A ccess P o licy M anager

    B IG -IQ

    DataSafe Add-on

    Complementary Solutions

    W ebS afe M ob ileS a fe

    F 5 F raud S erv ices

  • CODING

    WAF (W E B A P P LIC AT IO N F IR E W A LL)

    E N T E R P R IS E P R O T E C T IO N R E G U L ATO RY C O M P L IA N C E

    VA / D A S T IN T E G R AT IO N S M O S T E F F E C T IV E O W A S P 10

    V O L U M E T R IC M IT IG AT IO N

    RASP (R un-tim e A pp lica tion S e lf P ro tec tion )

    A P P P R O T E C T IO N IN S TA N C E P O S T W A F, IP S , ID S

    IN S ID E A P P O R S E R V E R A P P L A N G U A G E D E P E N D E N T U P TO 10% P E R F. R E D U C T IO N

    BUG FIXES IPS BOT PROTECTION

    SAST (S TAT IC A P P LIC AT IO N S E C U R IT Y

    T E S T IN G )

    DAST (D Y N A M IC A P P LIC AT IO N S E C U R IT Y

    T E S T IN G )

    IAST (IN T E R A C T IV E A P P LIC AT IO N

    S E C U R IT Y T E S T IN G )

    INLINE HOST

    MITIGATE

    VULNERABILTY ASSESMENT

    DEVELOPMENT PRODUCTION

    APPDEV