f5 unified security solutions ralf sydekum technical manager central & eastern europe...
TRANSCRIPT
![Page 1: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/1.jpg)
F5 Unified Security Solutions
Ralf Sydekum
Technical Manager Central & Eastern Europe
![Page 2: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/2.jpg)
© F5 Networks, Inc.
2
Agenda
•Real Security Challenges and Attacks
•Data Center Firewall
•DoS & DDoS
•DNS Security
•Web Security
•Access Management
•Fast Vulnerability Assessment & App. Security
![Page 3: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/3.jpg)
© F5 Networks, Inc.
3
ApplicationDeliveryNetwork
Users Data Center
The Leader in Application Delivery Networking
SAPMicrosoftOracle
At HomeIn the OfficeOn the Road
Business Goal: Achieve These Objectives in the Most Operationally Efficient Manner
![Page 4: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/4.jpg)
© F5 Networks, Inc.
4
Statement - SONY Online Entertainmenthttp://blog.eu.playstation.com/
• On April 16th and 17th, 2011….. Personal information from approximately 24.6 million SOE accounts may have been stolen…,• Name, e-mail, login, hashed password,…
• As well as certain information from an outdated database from 2007 for 10.700 customer in EU• Name, bank account number, address,…
![Page 5: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/5.jpg)
© F5 Networks, Inc.
5
Sony stock performance: Nov 2010-Nov 2011
![Page 6: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/6.jpg)
© F5 Networks, Inc.
6
• Several companies stopped the service for WikiLeaks although it is not proven that WikiLeaks violates the existing law
• Amazon removed all WikiLeaks content from their servers
• EveryDNS switched off the DNS resolution for wikileaks.org
• Several financial institutes locked up donation accounts
What happened to WikiLeaks?
![Page 7: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/7.jpg)
© F5 Networks, Inc.
7
Finally…
• Thousand of internet users unloaded their accumulated anger starting 7th Dec 2010
• Web servers of Swiss Postfinancebank were down for several hours
• Credit card companies likeMastercard and VISA where notaccessible for several hours/dayover several days
• Paypal’s transaction network wereslow but not taken down completely
![Page 8: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/8.jpg)
© F5 Networks, Inc.
8
• 3 Basic Classes of Attack • L7 (HTTP/Web): Slowloris
• Creates massive concurrent sessions • Firewalls quickly overwhelmed• Server resources completely consumed
• L4: TCP Flood/Syn Flood • Targets any TCP aware device
• L3: ICMP Flood• ICMP protocol attack• Consumes router, Firewall and server resources
• BIG-IP/ASM stopped attacks!• Combination of core TMOS functionality, iRules and
ASM (Application Security Manager)
WikiLeaks DDoS Attack Profile
PCI Compliant Firewall
F5 BIG-IP with ASM Module
Border Router (Internet Connection)
Intrusion Prevention Device
ICMP flood TCP FloodSlowloris
![Page 9: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/9.jpg)
© F5 Networks, Inc.
9
The Three Threat Vectors
Network Attacks Application AttacksDDoS Attacks
![Page 10: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/10.jpg)
© F5 Networks, Inc.
10
of network traffic is encrypted bypassing security controls
Traditional network devices are failing under load… 3 out of 6 major firewalls failed under stability testing, and 5 out of 6 were vulnerable to a common exploit.
Security is still expendable… 9 out of 10 IT organizations admit to sacrificing security for performance.
Over 90% of IT administrator want…
Security Context
Security device sprawl is a challenging problem… IT biggest security challenge with device sprawl is operational complexity.
30% Blended attacks… are overwhelming conventional security devices at the edge of the data center.
Security Challenges
![Page 11: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/11.jpg)
© F5 Networks, Inc.
11
• Who is the user?
• What devices are requesting access?
• When are they allowed to access?
• Where are they coming from?
• How did they navigate to the page/site?
Context leverages information about the end user to improve the interaction
Who
What
Where
When
How
![Page 12: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/12.jpg)
© F5 Networks, Inc.
12
“Context-aware technologies will affect $96 billion of
annual consumer spending worldwide by 2015. By
that time, more than 15 percent of all payment card
transactions will be validated using context
information.
-Gartner
![Page 13: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/13.jpg)
© F5 Networks, Inc.
13
Unified Security Architecture Traditional Approach
LOAD BALANCER
FIREWALLWEB APP
FIREWALL
DNS
SECURITY
ACCESS
MANAGEMENT
AND REMOTE
ACCES
DDoS
PROTECTION
![Page 14: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/14.jpg)
© F5 Networks, Inc.
14
TMOS TMOS
AVAILABLE
SECURE
FAST
AVAILABLE
SECURE
FAST
SECURE SECURE
iRULES
iCONTROLiAPPS
TMO
S
TMO
S
TMO
S
NETWORK FIREWALLNETWORK FIREWALL
SSL TERMINATIONSSL TERMINATION
PROTOCOL SECURITYPROTOCOL SECURITY
DDoS PROTECTIONDDoS PROTECTION
DYNAMIC THREAT DEFENSEDYNAMIC THREAT DEFENSE
GTM ASM APMMODULE SECURITY
DNS WEB ACCESS
DN
S
WEB
ACCE
SS
LTM
![Page 15: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/15.jpg)
Data Center Firewall
![Page 16: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/16.jpg)
© F5 Networks, Inc.
16
Internet Data Center Perimeter FirewallPerimeter Firewall with Load Balancer
Today
Load Balancer
Overview• Traditional firewall• Standalone load balancer
Limitations• DDoS protection• Connections• Scale• Device management• Defense methods
![Page 17: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/17.jpg)
© F5 Networks, Inc.
17
Internet Data Center Perimeter FirewallPerimeter Firewall with Load Balancer
With BIG-IP
BIG-IP LTM with ASM
Overview• Consolidated Device• Firewall Service• Application Delivery• Web Application Firewall
Benefits• Application fluency• SSL visibility• DDoS protection 30 + types• Dynamic defense methods• Best price to performance class• OWASP top 10 protection
![Page 18: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/18.jpg)
© F5 Networks, Inc.
18
• F5 helps you to mitigate DDoS and flood based attacks• Stateful, Default Deny Behavior
• High Concurrent Connection and conn/sec capacity
• User Geo-location awareness
• SSL (HW accelerated encryption/decryption)
• IPsec site to site
• Packet Filtering
• Flood protection mechanisms
• Carrier Grade NAT (NAT, NAT64)
Internet Datacenter Network Firewall
Internet Data Center
F5.com
owa.f5.com
DevCentral.F5.com
websupport.f5.com
ihealth.f5.com
downloads.F5.com
Internet
External Users
SYN flood protection and many others
High Concurrent Connection
capacity
User Geolocation Security
Router
![Page 19: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/19.jpg)
© F5 Networks, Inc.
19
Throughput
Competitor ABC + 4 Blades$124,000
F5 BIG-IP 11050$129,995
42 Gbps 20 Gbps
![Page 20: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/20.jpg)
© F5 Networks, Inc.
20
Connections per Second
1M 175K
Competitor ABC + 4 Blades$124,000
F5 BIG-IP 11050$129,995
![Page 21: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/21.jpg)
© F5 Networks, Inc.
21
Maximum Concurrent Connections
24M 2.25M
Competitor ABC + 4 Blades$124,000
F5 BIG-IP 11050$129,995
![Page 22: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/22.jpg)
© F5 Networks, Inc.
22
SSL Drives Platform Architecture
Industry increasingly using larger SSL Keys
1024 bit Keys 2048 bit Keys 4096 bit Keys
6x Tougher
41x Tougher
Increasing CPU Processing Requirements
100%
600%
4100%Increasing CPU Processing Requirements
![Page 23: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/23.jpg)
Denial of ServiceDistributed Denial of Service
![Page 24: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/24.jpg)
© F5 Networks, Inc.
24
• DoS = Denial of service
• DDoS = Distributed denial of service
• Layer 1• Cut the cable
• Layer 4 - or Layer 7 DDoS• Thousands of attackers bring down one site
• Layer 7 DoS• One attacker is able to bring down one site
• e.g. Slowloris, Slow POST
Summary
![Page 25: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/25.jpg)
© F5 Networks, Inc.
25
Network BasedDistributed
Denial Of Service (DDOS)
Protect Against:
VIPRION
BIG-IP LTM DoS Protections• Packet Filtering• Syn Cookies (L4 DoS)• Dynamic Reaping (L4 DoS)• TCP Full Proxy (L4 DoS)• Rate shaping (L4->L7 DoS)• iRules (e.g. SSL DoS protection)• Very High Performance• Very large connection tables
Protect With:
Mitigating DoS Attacks
![Page 26: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/26.jpg)
DNS Security Use Case
![Page 27: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/27.jpg)
© F5 Networks, Inc.
27
DNS Attacks Are Common
![Page 28: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/28.jpg)
© F5 Networks, Inc.
28
DNS is Vulnerable to Attacks
• Multiple DNS attacks: DDoS, Cache Poisoning, Man-in-the-middle• Application timeouts (401 errors)• Lost customers, lost productivity• Loss of Revenue and Brand Equity
Clients LDNS
Data Center
DNS Servers www.company.com
![Page 29: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/29.jpg)
© F5 Networks, Inc.
29
•High Performance DNS – Multicore GTM
•Scalable DNS - DNS Express
•Malformed UDP packets are dropped
•Spread the load across devices - IP Anycast
• Secure DNS Queries - DNSSEC
• Route based on nearest Datacenter - Geolocation
• Complete DNS control with – DNS iRules
Complete DNS Protection BIG-IP Global Traffic Manager
Clients LDNS
A
X
Q
Data Center
i
DNS Firewall Services
company.com
X QA i
![Page 30: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/30.jpg)
© F5 Networks, Inc.
30
Complete DNS control
Secure DNS query responsesRoute based on geolocation
Denial of Service mitigation
Access Denied:
http://f5.com
Scalable 10x, 70%
Support client requests and consolidates IT
IPv6 to IPv4
The Value of Complete DNS / Web Solution
![Page 31: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/31.jpg)
Web Security Services
![Page 32: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/32.jpg)
© F5 Networks, Inc.
32
Security Vulnerabilities in Web-Applications
PORT 80
PORT 443
Attacks Now Look ToExploit ApplicationVulnerabilities
Perimeter SecurityIs Strong
Forceful BrowsingCross-Site Scripting
Cookie Poisoning
SQL/OS InjectionHidden-Field Manipulation
Parameter TamperingBuffer Overflow
Brute force attacksLayer 7 DOS
WebscrapingCSRF
Viruses
!InfrastructuralIntelligence
!Non-compliantInformation
HighInformationDensity=High ValueAttack
!ForcedAccess toInformation
But Is Opento Web Traffic
![Page 33: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/33.jpg)
© F5 Networks, Inc.
33
Deploy ASM Policies without false positives
• Predefined Policy Templates• Pre-configured security policies
• Learning mode• Automatic or manual
• Web Application Scanner integration• IBM Rational AppScan
• QualysGuard Web App. Scanning
• Cenzic Hailstorm
• WhiteHat Sentinel
• Gradual deployment• Transparent / semi-transparent / full blocking
![Page 34: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/34.jpg)
© F5 Networks, Inc.
34
Customer Website
• Finds a vulnerability• Virtual-patching with
one-click on BIG-IP ASM
BIG-IP Application Security Manager
• Verify, assess, resolve and retest in one UI• Automatic or manual creation of policies• Discovery and remediation in minutes
• Vulnerability checking, detection and remediation
• Complete website protection
Web Application Scanner
![Page 35: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/35.jpg)
© F5 Networks, Inc.
35
• 3 free application scans directly from ASM/VE UI
• No time limits once signed up
• Free scans are limited health check services
F5 Free Cenzic Cloud scan tests for:
Free Cenzic Cloud Scans with ASM in v11.2
Find Vulnerabilities and Reduce Exposure
1. Cross-Site Scripting
2. Application Exception
3. SQL Injection
4. Open Redirect
5. Password Auto-Complete
6. Credit Card Disclosure
7. Non-SSL Password
8. Check HTTP Methods
9. Basic Auth over HTTP
10.Directory Browsing
![Page 36: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/36.jpg)
© F5 Networks, Inc.
36
IP IntelligenceIdentify and allow or block IP addresses with malicious activity
• Use IP intelligence to defend attacks
• Reduce operation and capital expenses
IP address feed updates every 5 min
Anonymous Proxies
?
BIG-IP System
Scanners
Financial Application
IP Intelligence Service
Botnet
CustomApplication
Attacker
Anonymous requests
Geolocation database
Internally infected devices and servers
![Page 37: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/37.jpg)
© F5 Networks, Inc.
37
• Fast IP update of malicious activity
• Global sensors capture IP behaviors
• Threat correlation reviews/ blocks/ releases
IP IntelligenceHow it works
Internet
Web Attacks
Reputation
Windows Exploits
Botnets
Scanners
Network Attacks
DNS
Semi-open Proxy Farms
Exploit Honeypots
Naïve User Simulation
Web App Honeypots
Third-party Sources
Key Threats Sensor Techniques
BIG-IP System
Dynamic Threat IPsevery 5min.
IP Intelligence
IP Intelligence ServiceThreat Correlation
![Page 38: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/38.jpg)
© F5 Networks, Inc.
38
Graphical ReportingDetailed chart path of threats in ASM
![Page 39: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/39.jpg)
Web Access Management
![Page 40: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/40.jpg)
© F5 Networks, Inc.
40
• Unify Access Control
• Authentication and Authorization
• Single Sign On
• Powerful Custom and Built-in Reporting
• Access and Application Analytics
Context = Access ControlBIG-IP Access Policy Manager
Manage Access Based on Identity
![Page 41: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/41.jpg)
© F5 Networks, Inc.
41
Enable Simplified Application AccessWith BIG-IP Access Policy Manager (APM)
![Page 42: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/42.jpg)
© F5 Networks, Inc.
42
Control Access of EndpointsEnsure strong endpoint security
• Client or machine certificates
• Antivirus software versionand updates
• Software firewall status
• Access to specific applications
• Restrict USB access
• Cache cleaner leaves no trace
• Ensure no malware enters corporate network
Allow, deny, or remediate users based on endpoint attributes such as:
Invoke protected workspace for unmanaged devices:
BIG-IP APM
![Page 43: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/43.jpg)
© F5 Networks, Inc.
43
Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager
Dramatically reduce infrastructure costs; increase productivity
![Page 44: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/44.jpg)
© F5 Networks, Inc.
44
!Non-
compliantInformation
App Security with BIG-IP ASM and APM
!Illegal
requests
!InfrastructuralIntelligence
ASM allowslegitimate requests
APM offers authenticationand authorization
ASMStops bad requests /responses
!Unauthorised
Access
Reduces the attack vector because only authenticated, authorized and legal requests are permitted to the relevant application servers
APMStops
unauthorizedrequests
BrowserApplications
![Page 45: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/45.jpg)
© F5 Networks, Inc.
45
Summary – F5 Unified Security
![Page 46: F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com](https://reader038.vdocuments.site/reader038/viewer/2022102610/5516aa16550346a25b8b57b8/html5/thumbnails/46.jpg)
© 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries