Cloud Security & Application

Delivery for your Production

Grade Applications - An F5 Primer
Rohit Andani

Solutions Architect , F5
 Application delivery is changing
CDNs Cloud Distributed Cloud
Scale out static object serving Scale out app servers Scale and connect everything

Origin Site Origin Site Cloud Origin Site(s) Cloud(s)

Data Center Hybrid Cloud Multi-Cloud Distributed Cloud

​ 2 © 2022 F5
 Explosive app growth brings big opportunities & challenges  

OPPORTUNITIES CHALLENGES

Improve customer experience Security

Modernizatio
Transform the business
n

Differentiate Complexity

IT as enabler of innovation
​ 3 © 2022 F5 CONFIDENTIAL
 Apps Security Posture Controls
Challenges?

​ 4 © 2022 F5
 1

Cloud
Consistent protection + policies
for legacy & modern apps
• Employ natively-embedded and
continuously available controls across
Consistent policy your digital experience

• Mobile, browser-based and API-centric apps

On-premises Edge
• Create policies once and easily deploy
them anywhere 

• Consistently apply policies in real-time across

constantly changing apps
Consistent policy Consistent policy

• Reduce cost and simplify operations through

self-service SaaS or a managed service

​ 5 © 2022 F5
 2
Protect modern apps & APIs at
Cloud-native the pace of digital business
• Defend modern apps and microservices with
automated discovery and allow listing of all APIs
(shadow, vulnerable, etc.)

• Automatically baseline API behavior and

detect anomalies

• Achieve faster app dev cycles and stronger

protection and compliance 

• Integrate security into your digital supply chains

APIs Microservices Containers
…all without extra time from DevOps
or DevSecOps

​ 6 © 2022 F5
 3
Network  Threat
Effect Intelligence
Scale defenses with integrated
intelligence (AI/data + human)
via human
via ML
expertise
• Continuously improve threat detection by
integrating ML + human expertise

Web app Secure Denial of

firewall access service • Drive rapid mitigation by receiving
real-time actionable insights

E
Antibot API • Reduce false positives through
& antifraud security
behavioral telemetry

Workload App infrastructure

protection protection

​ 7 © 2022 F5
 Apps Security Posture Controls

Prevent app Discover & Stop fraud &

exploits control APIs account takeover 

1 3 5

2 4
Mitigate bots & other Protect app
automated attacks infrastructure 

​ 8 © 2022 F5
 1 Prevent application exploits
• Mitigation of common application attacks

• OWASP 10, known vulnerabilities, zero-day

• Protection from denial of service (DoS) attacks

F5 WAF Engine • Continuously monitor app stress to automatically
F5 Advanced WAF
detect and mitigate app-layer DoS attacks
F5 NGINX App Protect
F5 Distributed Cloud WAF
• Protect apps + infrastructure from Layer 3 DDoS

• Protection from sophisticated attacks

• Automatically detect + block malware

• Credential protection
Threat Stack

• Prevent man-in-the-browser credential theft

associated with app-level credential encryption
​ 9 © 2022 F5
 2 Mitigate bots & other automated attacks
F5 Distributed
Cloud Bot Defense • Mitigate sophisticated bot attacks in real-time with
network, device and environmental signals
2 Browser
Fingerprint
Analysis • Adapt quickly to attacker retooling with global
collective threat intelligence and AI

User Behavior • Prevent reverse engineering and tampering

Pattern
with advanced obfuscation
3
Real-time • Improve customer experience by minimizing the
Mitigation Action
Header Pattern user friction of CAPTCHA and MFA
1
Collect telemetry • Flexibly deploy with pre-built connectors:
& transaction
metadata
cloud, on-prem or hybrid
Timing
• Augment security staff through managed service

​ 10 © 2022 F5
IP/ASN
 3 Discover & control APIs
Real-time automated API protection and
reporting…without additional resourcing or time
Distributed Cloud API Security
• Automated API discovery and control
BIG-IP Advanced WAF
NGINX+/NGINX Controller
• ML-based auto-discovery of APIs

• Automatic allow-listing of good APIs

• Automated baselining of behavior and

ongoing anomaly detection
API
• Rich reporting for behavioral analysis, forensics
API
gathering and visualization of API usage
API

• Simple integration with DevOps processes

​ 11 © 2022 F5
 4 Protect application infrastructure
• Secure your cloud application infrastructure 

Applications app • Detect and remediate threats in cloud-native

infrastructure across billions of events

Containers • Get unified visibility of real-time threats

• Comprehensively monitor for threats using

Orchestration
behavior-based alerting, ML-generated
Threat Stack insights, and human expertise
Cloud Security
Platform • Streamline compliance and audits
Virtual machines
• Simplify cloud certifications and audit requests
for HIPAA, SOC2-Type II, ISO-27001, PCI-DSS
Cloud provider APIs

​ 12 © 2022 F5
 5 Stop fraud & account takeover (ATO)
• Stop fraud before it happens

• Identify 2x–5x more fraud per month with

accurate fraud detection rates and lower false
positives

• Adapt quickly to attacker retooling with global

collective threat intelligence

• Provide frictionless consumer experiences

• Reduce MFA challenges up to 90% for

legitimate users

• Increase operational efficiency

• Decrease fraud team time spent reviewing

transactions by more than 50%
​ 13 © 2022 F5
 F5 secures Production Grade apps & APIs everywhere

Make security enforcement Detect and mitigate threats

more consistent & less complex more rapidly through AI, data &
across all apps connected intelligence 

1 3

2
Maximize protection + reduce
risk for modern apps & APIs
at modern pace
​ 14 © 2022 F5