Presentation is loading. Please wait.

Presentation is loading. Please wait.

F5 Unified Security Solutions

Similar presentations


Presentation on theme: "F5 Unified Security Solutions"— Presentation transcript:

1 F5 Unified Security Solutions
Ralf Sydekum Technical Manager Central & Eastern Europe

2 Agenda Real Security Challenges and Attacks Data Center Firewall
DoS & DDoS DNS Security Web Security Access Management Fast Vulnerability Assessment & App. Security JC

3 The Leader in Application Delivery Networking
Users Data Center Application Delivery Network At Home In the Office On the Road SAP Microsoft Oracle Business Goal: Achieve These Objectives in the Most Operationally Efficient Manner

4 Statement - SONY Online Entertainment http://blog.eu.playstation.com/
On April 16th and 17th, 2011….. Personal information from approximately 24.6 million SOE accounts may have been stolen…, Name, , login, hashed password,… As well as certain information from an outdated database from 2007 for customer in EU Name, bank account number, address,… JC

5 Sony stock performance: Nov 2010-Nov 2011
JC Why Significant?  By volume, the largest data breach of the year. Has kept a permanent drag on Sony’s stock. SQL injection made it onto the agenda of board rooms worldwide. This breach forever shifted the purpose of hacktivism from defacement to data theft.  The hacker's intent wasn’t to embarrass a company, but rather to bring it down. Summary:  Hacktivists broke into Sony worldwide, stealing about 100M data records (about 12M unencrypted). Details:  Sony's video game online network was breached which led to the theft of names, addresses and credit card data.

6 What happened to WikiLeaks?
Several companies stopped the service for WikiLeaks although it is not proven that WikiLeaks violates the existing law Amazon removed all WikiLeaks content from their servers EveryDNS switched off the DNS resolution for wikileaks.org Several financial institutes locked up donation accounts RS

7 Finally… Thousand of internet users unloaded their accumulated anger starting 7th Dec 2010 Web servers of Swiss Postfinance bank were down for several hours Credit card companies like Mastercard and VISA where not accessible for several hours/day over several days Paypal’s transaction network were slow but not taken down completely RS A botnet in general is a collection of software agents, or robots, that run autonomously and automatically. It consists of a lot of “infected” PCs which can be remote controlled to do e.g. a distributed denial of service attack or send spam. In this case, the group, called Anonymous, has been encouraging volunteers to download software called LOIC (Low Orbit Ion Cannon), which lets them centrally control these systems and direct them into a DDoS (distributed denial of service) attack. The point of the attacks is to put pressure on financial companies that recently cut ties with the WikiLeaks website over its planned publication of more than 250,000 U.S. Department of State classified

8 WikiLeaks DDoS Attack Profile
ICMP flood Slowloris TCP Flood 3 Basic Classes of Attack L7 (HTTP/Web): Slowloris Creates massive concurrent sessions Firewalls quickly overwhelmed Server resources completely consumed L4: TCP Flood/Syn Flood Targets any TCP aware device L3: ICMP Flood ICMP protocol attack Consumes router, Firewall and server resources BIG-IP/ASM stopped attacks! Combination of core TMOS functionality, iRules and ASM (Application Security Manager) Border Router (Internet Connection) Intrusion Prevention Device PCI Compliant Firewall F5 BIG-IP with ASM Module

9 The Three Threat Vectors
DDoS Attacks Network Attacks Application Attacks ? JC

10 Over 90% of IT administrator want…
Security Challenges 30% Blended attacks… are overwhelming conventional security devices at the edge of the data center. of network traffic is encrypted bypassing security controls Security is still expendable… 9 out of 10 IT organizations admit to sacrificing security for performance. Security device sprawl is a challenging problem… IT biggest security challenge with device sprawl is operational complexity. Over 90% of IT administrator want… Security Context The diversity of today’s attacks are overwhelming conventional security devices at the edge of the data center\ "…the average organizational cost of a data breach this year increased to $4 million, up 18% from 2009."  2010 Annual Study: Global Cost of a Data Breach Report (PDF), March 8th, 2011. Unemployment figures from the Bureau of Labor Statistics October report. There are now over 4 million IT workers and the vast majority of them are already employed. Network Architects enjoy a 0.2% unemployment rate. A Ponemon 2011 survey (http://www.checkpoint.com/downloads/whitepapers/ponemon-check-point-march2011.pdf) had the following question: Which of the following are the biggest information/network security challenges facing your company? Managing the complexity of security – 33% Preventing insider data theft – 21% Compliance – 19% Preventing Data Breaches – 12% Enforcing security policies- 15% On traditional firewall failure (https://www.infosecisland.com/blogview/12944-Analysis-Shows-Firewalls-Fail-to-Deliver-as-Promised.html) Traditional network devices are failing under load… 3 out of 6 major firewalls failed under stability testing, and 5 out of 6 were vulnerable to a common exploit.

11 Context leverages information about the end user to improve the interaction
Who What Where When How Who is the user? What devices are requesting access? When are they allowed to access? Where are they coming from? How did they navigate to the page/site?

12 Context-aware technologies will affect $96 billion of annual consumer spending worldwide by By that time, more than 15 percent of all payment card transactions will be validated using context information. -Gartner Gartner Says Context-Aware Technologies Will Affect $96 Billion of Annual Consumer Spending Worldwide by 2015 Analysts Discuss Latest Industry Trends at Gartner Symposium/ITxpo, October 16-20, in Orlando Orlando, Fla., October 20, 2011— Context-aware technologies will affect $96 billion of annual consumer spending worldwide by 2015, according to Gartner, Inc. By that time, more than 15 percent of all payment card transactions will be validated using context information. Gartner analysts discussed the growing importance of context-aware computing at Gartner Symposium/ITxpo, being held here through Thursday. "Context-aware computing is the method by which new experiences are constructed that blend information from mobile, social, digital and physical world sources," said William Clark, research vice president at Gartner. "The disruptions caused by context-aware computing will include major user, technology and business shifts, including the use of model-driven security in fraud detection and prevention, convergence in television, game, Web and mobile advertising, and new styles of application programming. The advanced use of personal information in customizing user experiences will result in the interest of governments in regulating contextual information access and control." Gartner estimates that by 2015, 40 percent of the world's smartphone users will opt-in to context service providers that track their activities. Given the overall smartphone base, this equates to about 720 million people or about 10 percent of the global population. Payment card issuers and retailers currently hold important transactional information per person, and social platforms such as Facebook can provide some influence, but the ubiquity of the devices and the convenience of context-enriched services mean that although those providers are sources of context, they cannot deliver "the last contextual moment of choice." However, by 2015, smartphone adoption of iOS, Android, Windows Phone and other smartphone platforms will stand at more than 1.8 billion people. This collection of vendors already possess vast amounts of information about the digital habits, and by 2015, the intent of users will be combined with further enhancements of both indoor and outdoor 3D mapping databases. This will mean that context providers will be able to use location as a foundation to allow them to redefine how consumers search for and pay for products and services. This will present a new set of opportunities, and a change in the positioning of financial service providers, consumer packaged goods companies and retailers. "Enterprises can leverage context-aware computing to better target and deliver on the promise of increased customer intimacy for millions of consumers," Mr. Clark said. "For CIOs, the timing of investment in context-aware computing will be critical. Organizations that do not prepare for thoughtful information sharing — balancing usage, privacy and business models of consumers, context providers, and the enterprises themselves, will be at a severe disadvantage. Organizations will need to coordinate in how context-enriched services will change their physical store, e-commerce and mobile-user experiences. Investing too heavily, too early will squander IT, marketing and operational resources." Transportation, utilities, energy and healthcare firms stand to gain considerable efficiency from context-aware computing, with notable use cases and case studies emanating from location and presence-enhanced apps. "There is little doubt that context will be a defining principle of mobile business for the next decade, especially advertising and marketing," said Mr. Clark. "Context also will be a key criterion for the selection of partners and many mobile business systems will exploit contextual cloud services hosted by others, emerging as a major commercial battleground with powerful vendors, such as Nokia, Microsoft, Baidu, Amazon, Google and Apple, striving to own the consumer's context."

13 Unified Security Architecture
Traditional Approach Unified Security Architecture DDoS PROTECTION FIREWALL WEB APP FIREWALL LOAD BALANCER DNS SECURITY ACCESS MANAGEMENT AND REMOTE ACCES Current Traditional Firewalls LACK OF performance and scale INABILITY TO RESPOND to changing threats FAILURE to extend new services COMPLEXITY AND COST of multiple vendors Fast – Marketshare Intelligent ADC market Today focus on secure Traditional protection methods attempt to piece together many individual point products such as static firewalls, DDoS appliances, DNS appliances, web application firewalls, and application delivery controllers.  This approach increases complexity, latency, and adds more points of failure. Worse, this approach fails to integrate information from different attack vectors, and fails to unify the response. Additionally, traditional approaches have no way of evolving as the attacks themselves evolve. The high performance internet firewall firewall builds on the F5 vision of the “dynamic data center” by acting as a strategic point of control for security enforcement from the network to the application layer. (http://devcentral.f5.com/weblogs/macvittie/archive/2010/06/17/what-is-a-strategic-point-of-control-anyway.aspx) Architecting F5 control points throughout the data center, for access, traffic management, acceleration, storage, and security enables a new model for secure application delivery built around the dynamics of the network, data, protocols, applications, and users.

14 With F5’s IDC Firewall, customers are able to:
TMOS AVAILABLE SECURE FAST DNS WEB ACCESS GTM ASM APM MODULE SECURITY DNS WEB ACCESS DYNAMIC THREAT DEFENSE LTM DDoS PROTECTION PROTOCOL SECURITY SSL TERMINATION NETWORK FIREWALL With F5’s IDC Firewall, customers are able to: Reduce hardware and operating cost by as much as 50% Defend against 30+ DDoS attack types across both the network and application layers. Leverage the performance and scalability of BIG-IP to handle 10 times more connections per second over any other network firewall. Protect by using iRules against newly published vulnerabilities that do not have a patch. As in the case of the SSL Renegotiation DOS attack, F5 published on its user community site, DevCentral, a countermeasure within hours of the exploit being published. Scale up to 72 Gbps of throughput with 72 million concurrent connections on a single device. iRULES iCONTROL iAPPS TMOS

15 Data Center Firewall

16 Internet Data Center Perimeter Firewall
Perimeter Firewall with Load Balancer Today Overview Traditional firewall Standalone load balancer Limitations DDoS protection Connections Scale Device management Defense methods Example 5 Junipers to scale to our 1 device (FACT CHECK) Threats: Traditional Network Attacks DDoS Attacks to Multiple Protocols Web Application Attacks (OWASP) SSL Renegotiation Attack OS/WS/APP Enumeration Data Loss Threats Addressed: DDoS: SYN-Flood Protection Triggering Events: Firewall HW Refresh Firewall Failure from Scale DDoS Attack Mitigation Technical Benefits: SYN-Flood Protection L4 ACLs Application Layer Gateways Load Balancer

17 Internet Data Center Perimeter Firewall
Perimeter Firewall with Load Balancer With BIG-IP Overview Consolidated Device Firewall Service Application Delivery Web Application Firewall Benefits Application fluency SSL visibility DDoS protection 30 + types Dynamic defense methods Best price to performance class OWASP top 10 protection Threats Addressed: Traditional Network Attacks DDoS Attacks to Multiple Protocols Web Application Attacks (OWASP) OS/WS/APP Enumeration Data Loss SSL Renegotiation Attack Business Benefits Reduce CAPEX Reduce OPEX Brand Protection Revenue Assurance Technical Benefits: Performance and Scale DDoS Mitigations: UDP, TCP, SIP, DNS, HTTP, SSL SSL Termination, Inspection, Re-Encryption and Certificate Storage Default Deny + Packet Filters ACLs Protocol Security Full Proxy Application Profiles Zero Day Dynamic Security Context (iRules) Fingerprinting Cloaking OWASP Attack Mitigations Advanced HTTP Analytics ICSA Certified Network Firewall ICSA Certified Web Application Firewall BIG-IP LTM with ASM

18 Internet Datacenter Network Firewall
SYN flood protection and many others User Geolocation Security Internet Data Center F5.com owa.f5.com DevCentral.F5.com websupport.f5.com ihealth.f5.com downloads.F5.com External Users Router Internet High Concurrent Connection capacity F5 helps you to mitigate DDoS and flood based attacks Stateful, Default Deny Behavior High Concurrent Connection and conn/sec capacity User Geo-location awareness SSL (HW accelerated encryption/decryption) IPsec site to site Packet Filtering Flood protection mechanisms Carrier Grade NAT (NAT, NAT64) 3 minute slide – probably one of the most important slides This slide need to make the audience understand where with network firewalls we can propose are solution LTM is intended and suited to be a data center firewall located at the very top of the network where some of the below take place: Most of the traffic that traverses the network firewall hits the LTM and by that makes the network firewall redundant. High capacity data centers that their firewalls have to deal with high performance requirements – webmonsters, large DCs. Where the network firewall has a large security security rule base due to LTM having many virtual servers (mane internal segments). LTM will not be a firewall between the user and the internet, at best can be between the internet and applications. LTM can be a datacenter network firewall – it CANNOT be a corporate / enterprise firewall – this is a key message.

19 Competitor ABC + 4 Blades
Throughput 42 Gbps 20 Gbps F5 BIG-IP 11050 $129,995 Competitor ABC + 4 Blades $124,000

20 Connections per Second
1M 175K F5 BIG-IP 11050 $129,995 Competitor ABC + 4 Blades $124,000

21 Maximum Concurrent Connections
F5 BIG-IP 11050 $129,995 Competitor ABC + 4 Blades $124,000

22 SSL Drives Platform Architecture
Increasing CPU Processing Requirements Increasing CPU Processing Requirements 4100% 41x Tougher 600% 100% 6x Tougher 1024 bit Keys 2048 bit Keys 4096 bit Keys Industry increasingly using larger SSL Keys

23 Denial of Service Distributed Denial of Service

24 Summary DoS = Denial of service DDoS = Distributed denial of service
Layer 1 Cut the cable  Layer 4 - or Layer 7 DDoS Thousands of attackers bring down one site Layer 7 DoS One attacker is able to bring down one site e.g. Slowloris, Slow POST Layer 4 Transport: SYN Flood – Incomplete TCP Handshake Layer 7 Application: Slowloris – Incomplete HTTP Requests This is what you mostly saw in the past, botnet. There is a new kind of L7 – Dos since the last couple of years where you only need to send a few packets, like one packet per sec. to make a server unavailable because you carefully choose packets which do a lot of damage to the server.

25 Mitigating DoS Attacks
Protect Against: Protect With: VIPRION Network Based Distributed Denial Of Service (DDOS) BIG-IP LTM DoS Protections Packet Filtering Syn Cookies (L4 DoS) Dynamic Reaping (L4 DoS) TCP Full Proxy (L4 DoS) Rate shaping (L4->L7 DoS) iRules (e.g. SSL DoS protection) Very High Performance Very large connection tables RS

26 DNS Security Use Case

27 DNS Attacks Are Common

28 DNS is Vulnerable to Attacks
Data Center DNS Servers Clients LDNS Large financial institution is being targeted by DDoS attacks from BOTs around the world attacking a single name server. Above DNS max (150K) server likely to crash = no DNS responses and needs rebooting. Multiple DNS attacks: DDoS, Cache Poisoning, Man-in-the-middle Application timeouts (401 errors) Lost customers, lost productivity Loss of Revenue and Brand Equity

29 Complete DNS Protection BIG-IP Global Traffic Manager
DNS Firewall Services Data Center company.com Clients X A Q i LDNS High Performance DNS – Multicore GTM Scalable DNS - DNS Express Malformed UDP packets are dropped Spread the load across devices - IP Anycast Secure DNS Queries - DNSSEC Route based on nearest Datacenter - Geolocation Complete DNS control with – DNS iRules DNS Denial of service attacks had been gaining in popularity for several years… but the threat gained higher visibility during the wiki leaks attacks. Several customers almost lost their entire DNS infrastructure during the attacks. DNS was identified as a weak link in the infrastructure DNS DDOS defense. Fortunately, F5 was already working on a game changing performance enhancement for DNS. DNS firewall security with iRules capabilities using: DNSSEC – Secure DNS queries with dynamically signed responses DNS Express – Authoritative DNS offload server scales up to 10x with 6mil queries per second and consolidating DNS infrastructure up to 70x Multicore GTM – Increase DNS performance IP Anycast - DNS iRules - DNS filtering capabilities using packet filters for DNS Step 1: Multicore GTM to enable GSLB to scale with the number of CPU cores = fast WIP queries Step 2: DNS Express to become a DNS slave, offloading the resolution of non-WIP queries = fast standard queries Step 3: IP Anycast integration to allow multiple boxes to answer on the same IP address… spreading the load across multiple devices. No DNS queries needed to be answered by the back-end DNS infrastructure = DNS Shield / DNS Firewall Combined with the new VIPRION on GTM module and high end GTM devices… the DNS price / query was at an all time new low… enabling organizations to scale cost effectively. Also, the DNS Proxy automatically drops malformed UDP packets that don’t appear to be DNS queries…. Providing another layer of initial DNS protection. X A Q i

30 The Value of Complete DNS / Web Solution
Scalable 10x, 70% Denial of Service mitigation Support client requests and consolidates IT IPv6 to IPv4 Complete DNS control Access Denied: DNS Denial of service attacks had been gaining in popularity for several years… but the threat gained higher visibility during the wiki leaks attacks. Several customers almost lost their entire DNS infrastructure during the attacks. DNS was identified as a weak link in the infrastructure DNS DDOS defense. Fortunately, F5 was already working on a game changing performance enhancement for DNS. DNS firewall security with iRules capabilities using: DNSSEC – Secure DNS queries with dynamically signed responses DNS Express – Authoritative DNS offload server scales up to 10x with 6mil queries per second and consolidating DNS infrastructure up to 70x Multicore GTM – Increase DNS performance IP Anycast – distribute loads across devices and route based on geolocation DNS iRules - DNS filtering capabilities using packet filters for DNS Step 1: Multicore GTM to enable GSLB to scale with the number of CPU cores = fast WIP queries Step 2: DNS Express to become a DNS slave, offloading the resolution of non-WIP queries = fast standard queries Step 3: IP Anycast integration to allow multiple boxes to answer on the same IP address… spreading the load across multiple devices. No DNS queries needed to be answered by the back-end DNS infrastructure = DNS Shield Combined with the new VIPRION on GTM module and high end GTM devices… the DNS price / query was at an all time new low… enabling organizations to scale cost effectively. Also, the DNS Proxy automatically drops malformed UDP packets that don’t appear to be DNS queries…. Providing another layer of initial DNS protection. Route based on geolocation Secure DNS query responses

31 Web Security Services

32 Security Vulnerabilities in Web-Applications
Attacks Now Look To Exploit Application Vulnerabilities ! Non-compliant Information Perimeter Security Is Strong Forceful Browsing Cross-Site Scripting Cookie Poisoning SQL/OS Injection Hidden-Field Manipulation Parameter Tampering Buffer Overflow Brute force attacks Layer 7 DOS Webscraping CSRF Viruses PORT 80 PORT 443 ! Forced Access to Information ! Infrastructural Intelligence But Is Open to Web Traffic High Information Density = High Value Attack

33 Deploy ASM Policies without false positives
Predefined Policy Templates Pre-configured security policies Learning mode Automatic or manual Web Application Scanner integration IBM Rational AppScan QualysGuard Web App. Scanning Cenzic Hailstorm WhiteHat Sentinel Gradual deployment Transparent / semi-transparent / full blocking

34 Mitigate Vulnerabilities Now
Customer Website Web Application Scanner Finds a vulnerability Virtual-patching with one-click on BIG-IP ASM Vulnerability checking, detection and remediation Complete website protection BIG-IP Application Security Manager *Note: Available in 11.2 Release Overview Verify, assess, resolve and retest in one UI Automatic or manual creation of policies Discovery and remediation in minutes

35 Free Cenzic Cloud Scans with ASM in v11
Free Cenzic Cloud Scans with ASM in v11.2 Find Vulnerabilities and Reduce Exposure 3 free application scans directly from ASM/VE UI No time limits once signed up Free scans are limited health check services F5 Free Cenzic Cloud scan tests for: Only the following three checks are included in non-F5 free promotions: CSS, Password Autocomplete and Non-SSL Password is checked Pre-11.2, the user was required to generate an XML file that described the vulnerabilities on Cenzic Hailstorm product, it was then required to export it and import it to ASM. Pre 11.1 : we had no integration. Cross-Site Scripting Credit Card Disclosure Application Exception Non-SSL Password SQL Injection Check HTTP Methods Open Redirect  Basic Auth over HTTP Password Auto-Complete Directory Browsing

36 IP Intelligence Identify and allow or block IP addresses with malicious activity
IP Intelligence Service Botnet Attacker Custom Application IP address feed updates every 5 min Anonymous requests Financial Application BIG-IP System Attackers could be automated bots, phishing proxies, valid users creating violations. Tor (short for The onion router) is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages and other communication forms", back to the user[5] and is intended to protect users' personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored. (For more info: First service where we get context data from the cloud With iRules IP Intelligence works outbound too and a response to a risky IP would be identified and e.g. blocked Geolocation database Anonymous Proxies ? Internally infected devices and servers Scanners Use IP intelligence to defend attacks Reduce operation and capital expenses

37 IP Intelligence How it works
Fast IP update of malicious activity Global sensors capture IP behaviors Threat correlation reviews/ blocks/ releases IP Intelligence Service Threat Correlation Key Threats Sensor Techniques Internet Semi-open Proxy Farms Dynamic Threat IPs every 5min. Web Attacks Reputation Windows Exploits Botnets Scanners Network Attacks DNS Global network of sensors deployed to attract malicious activity Sophisticated and diverse sensor types are designed to capture IP behavioral activity Raw incident data are pushed to the cloud as events occur Automated algorithm deployed to: Identify suspicious IPs Gather evidence by examining activities by the IP, correlate these activities Place IP on Trial by applying built-in rules Determine verdict and sentence the IP to appropriate block term Upon serving time, IP is released and put on indefinite review status Exploit Honeypots Naïve User Simulation IP Intelligence BIG-IP System Web App Honeypots Third-party Sources

38 Graphical Reporting Detailed chart path of threats in ASM

39 Web Access Management

40 Context = Access Control BIG-IP Access Policy Manager
Unify Access Control Authentication and Authorization Single Sign On Powerful Custom and Built- in Reporting Access and Application Analytics Manage Access Based on Identity

41 Enable Simplified Application Access With BIG-IP Access Policy Manager (APM)
BIG-IP APM = AAA control on BIG-IP Integrates with AAA servers—including Active Directory, LDAP, RADIUS, and Native RSA SecurID

42 Control Access of Endpoints Ensure strong endpoint security
BIG-IP APM Allow, deny, or remediate users based on endpoint attributes such as: Invoke protected workspace for unmanaged devices: Client or machine certificates Antivirus software version and updates Software firewall status Access to specific applications Restrict USB access Cache cleaner leaves no trace Ensure no malware enters corporate network Endpoint Security More than a dozen different endpoint security checks available (Large number of agents available, e.g. Virtual Keyboard, AV and firewall checks, process, file, and registry checks, extended Windows info, client and machine certificates, etc.) Manage endpoints via Group Policy enforcement and Protected Workspace (Endpoint remediation capabilities like Protected Workspace and Full Armor-based AD Policy enforcement, in addition to Cache Cleaner, redirects to remediation pages, and message and decision boxes).

43 Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager
Dramatically reduce infrastructure costs; increase productivity Able to show the different back-end or server side auth mechanisms that we can support Integrate and distribute users to apps. Multi-domain Single Sign-On to applications and networks ACA now in APM = OCSP , CRLDP (Certificate Revocation List) and TACACS+ (Cisco version of RADIUS) Easy and simple authentication design Single Sign-On to multiple LTM/APM or Edge Gateway virtual servers. Example: * Client Cert authentication to an iPhone/iPad back to APM/Edge Gateway using Kerberos Constrained Delegation (KCD) and Kerberos Protocol Transition (KPT) to perform backend SSO Easy configuration for settings and domains Configure different cookie settings and SSO methods for different domains or different hosts in the same domain ending multiple separate domains or multiple hosts within same domains NTLM, Basic, Header KPT,

44 App Security with BIG-IP ASM and APM
Stops bad requests / responses ASM allows legitimate requests APM offers authentication and authorization ! Illegal requests ! Non-compliant Information Browser ! Unauthorised Access ! Infrastructural Intelligence Applications Also mention the capabilities of APM to “store” the domain cookies and send the APM cookies only to the client. APM Stops unauthorized requests Reduces the attack vector because only authenticated, authorized and legal requests are permitted to the relevant application servers

45 Summary – F5 Unified Security

46


Download ppt "F5 Unified Security Solutions"

Similar presentations


Ads by Google