Download - Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Transcript
Page 1: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 2: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Apps And Identities Initial Targets In 86% Of Breaches

3%

11%

33%

53%

O t her ( VP N ,P oS , i nf ra .)

P hysi ca l

U ser /I den ti t y

We b Ap pA tt ac ks

Page 3: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Stop web attacks

Fix vulnerabilities

Risk & compliance

Page 4: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

What is the OWASP Top 10?

Top 10 is a broad consensus on the most critical web application security flaws

Most are very well known attack vectors that persistCoverage is a mandatory minimum for some regulatory requirements such as PCI DSS

Page 5: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Here’s the good news.

WAFTechnology

WAFs provide coverage for OWASP Top 10

WAF offers protection against application

attacks

WAFs can be an alternative to code review

WAFs fix vulnerabilities promptly without

maintenance windows

WAFs don’t require access to source code

or developers

Page 6: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Non-API users

Self-selected useTech savvy consumers

InnovatorsDisruptors

Enterprise useBusiness partners

Distribution partnersSuppliers

Product integrationBusiness partnersProduct ecosystem

Tech-savvy consumers

Open Web APIs

B2B APIs Product APIs

Internal API

Enterprise Applications (custom, off-the-shelf, on premise, cloud) Products

Digital experience

MobileWeb

Page 7: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

App-layer DDoS has increased by 43%

77% of web attacks start from botnets

3 Billion Credentials were reported stolen in 2016

Page 8: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Traditional WAF:

SSL/TLS InspectionSSL/TLS Inspection

ScriptingScripting

OWASP Top 10OWASP Top 10

Advanced WAF:

Malicious Bots

Credential Attacks

API Attacks

SSL/TLS Inspection

Scripting

OWASP Top 10

Page 9: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

APPLICATION PROTECTION

ADVANCED WAF

APP-LAYER ENCRYPTION

BEHAVIORALDDOS

ANTI-BOT MOBILE SDK

PROACTIVEBOT DEFENSE

Page 10: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 11: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Automation

Half of Internet traffic comes from bots

30% is malicious

web attacks account takeover Vulnerability ScanningWeb Scraping

Denial of Service

Page 12: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Simple bots

Impersonating Bots

Bots with cookies / JS support

Bots that simulate browsers

Google

Page 13: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

target of the same automated attacks

needs mobile specific security

lack mature security capabilities

Page 14: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 15: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Figure Credit: Verizon 2017 Data Breach Investigations Report

Page 16: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Use Case - Account Takeover

Problem: • Criminals are performing

account takeover by stealing account credential via malware

Benefits: • Prevent the use of dumped

credential databases (credential stuffing)

• Prevent the theft of user credentials (credential harvesting)

• Protect mobile apps - Identify and pass only the desired mobile applications.

Solution: • App-level credential

encryption• Anti-bot mobile SDK• Credential Stuffing protection• Brute force protection

MobileA uthen tica tion P ro tec tion

C reden tia l E ncryp tion

Hacker

A nti-bo tM ob ile S D K

Bots D ata C en te r In te rconnect C loud

ATO P ro tec tion

Userscredentials

Page 17: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 18: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

© F5 Networks, Inc 22

DDoS 101 – The TargetsVolumetric Attacks on Bandwidth

Attacks on RAM. Firewall state tables.

Targeted Attacks. Bugs and flaws in stack.

Attacks on Server stack. Low and Slow.

Attacks on crypto capacity. SSL floods.

Attacks on CPU. IPS Signature Scanning.

Page 19: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Use Case - DDoS Attacks

D D O S M anaged S erv ice

Hacker BotsS ilve rline C loud S erv ices

Users

Layer 3 D D O S P ro tec tion

O n-P rem ises

Layer 7 D D O S P ro tec tion

Core

DDoS Hybrid Defender

Advanced WAF

Users

O ption : conso lida te in to a s ing le layer 3 -7 so lu tion

Silverline Always

On

under attack

Communication(signaling)

Problem: • DDOS attacks are growing, but your

resources are not• DDoS mitigation time is slow due to

manual initiation and difficult policy tuning

Benefits: • On-premise hardware acts immediately

and automatically to mitigate attacks.• Silverline cloud services minimizes the

risk of larger attacks crippling your site or applications

Solution: • Always-on protection with on-premises

hardware• Mitigate with layered defense strategy and

cloud services • F5 SOC monitoring with portal• Protect against all attacks with granular

control• Eliminate time-consuming manual

tuning with machine learning

Page 20: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

F5 Advanced WAFProtect against bots, credential attacks, and app-layer DoS

Key Benefits:• Protects Web and mobile apps from

exploits, bots, theft, app-layer DoS• Prevent malware from stealing data

and credentials

• Prevent Brute Force attacks that use stolen credentials

• Eliminate time-consuming manual tuning for App-layer DoS protection

Defend against bots• Proactive bot defense• Anti-bot mobile SDK

• Client and server monitoring

Protect apps from DoS• Auto-tuning• Behavioral analytics

• Dynamic signatures

Prevent Account Takeover• App-level encryption• Mobile app tampering

• Brute Force protection

Mobile

B ot M itiga tionC reden tia l P ro tec tion

A pp-Layer D oS

Hacker

A nti-bo tM ob ile S D K

Bots

F 5 A dvanced W A F

Userscredentials

Page 21: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 22: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 23: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Maximizing Value From Your WAFTHE CHANGING DYNAMICS OF APPLICATION SECURITY

Vulnerabilities

& Exploits

Automated

Attacks

Mobile

Applications

Credential

& Data Theft

Low & Slow

DDoS

API

Vulnerabilities

!

DataSafe

Encryption

Credential

Stuffing

Web Application

Firewall

Proactive

Bot Defense

Behavioral

Analytics

Threat

Campaigns

Anti-Bot

Mobile SDK

API Protocol

Security

Device

Identification

Threat Intelligence Feeds

Page 24: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

Solution

Deployment

Advanced WAF

Standalone BIG-IP

iSeriesVIPRION VE

Cloud

LTM/GBB/ASMUpgrade

A dvanced W A F LaunchP ad(U pgrade on ly )

A dvanced W A F Ins ta lla tion fo r V IP R IO N

A dvanced W A F Ins ta lla tion fo r B IG -IP

AWS Azure Google

ManagedServices

F5 Silverline

W A F M anaged W A F E xpress D D oS P ro tec tion

F 5 M anaged R u les fo r

AW S W A F

A dvanced W A F Ins ta lla tion fo r B IG -IP

Bot Defense DataSafe Encryption Behavioral DoS

LicensingE nterp rise P er-A pp-V EB Y O LC loud

M arke tp laceC loud L icens ing

P rogram

Anti-BotMobile

Professional Services

A ppdom e

Apple

Android

A dd-on

SDK

Fusion

Threat Intel IPIn te lligence

C reden tia l S tu ffing

T hrea t C am pa igns

D ev iceIden tifica tion

D D oS H ybrid D e fender

A ccess P o licy M anager

B IG -IQ

DataSafeAdd-on

Complementary Solutions

W ebS afe M ob ileS a fe

F 5 F raud S erv ices

Page 25: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance
Page 26: Apps And Identities - magellan netzwerke GmbH · 2018-06-21 · aws waf advanced waf installation for big-ip ... waf (web application firewall) enterprise protection regulatory compliance

CODING

WAF(W E B A P P LIC AT IO N F IR E W A LL)

E N T E R P R IS E P R O T E C T IO NR E G U L ATO RY C O M P L IA N C E

VA / D A S T IN T E G R AT IO N SM O S T E F F E C T IV E O W A S P 10

V O L U M E T R IC M IT IG AT IO N

RASP (R un-tim e A pp lica tion S e lf P ro tec tion )

A P P P R O T E C T IO N IN S TA N C EP O S T W A F, IP S , ID S

IN S ID E A P P O R S E R V E RA P P L A N G U A G E D E P E N D E N TU P TO 10% P E R F. R E D U C T IO N

BUG FIXES IPS BOT PROTECTION

SAST(S TAT IC A P P LIC AT IO N S E C U R IT Y

T E S T IN G )

DAST(D Y N A M IC A P P LIC AT IO N S E C U R IT Y

T E S T IN G )

IAST(IN T E R A C T IV E A P P LIC AT IO N

S E C U R IT Y T E S T IN G )

INLINE HOST

MITIGATE

VULNERABILTYASSESMENT

DEVELOPMENT PRODUCTION

APPDEV