F5 (Pt. 2): The Hunt for IoT and it’s Threat to Modern Life
Our modern world depends on healthy, functioning, IoT devices. Unfortunately many of them are terribly insecure. Cyber attackers know this and have been aggressively compromising IoT devices for years. For the past two years, F5 Labs has been tracking cyber attackers as they hunt, infect, and build “Thingbots” - botnets made from IoT devices. This hunt has developed sizable thingbots like the infamous Mirai, and many others that have the capability to launch globally destructive attacks. These attacks can significantly impact modern life because of IoT’s presence within power systems, transportation systems, airport monitors, emergency warning systems, and security cameras. Join F5 and (ISC)2 on March 1, 2018 at 1:00PM Eastern for the 2nd Part of our three part Security Briefings series where we’ll explore the threat actors behind these attacks, the geographical targets of their attacks, how they are evolving their attack methods, and the types of devices impacted. We’ll include tips on how to start protecting yourself personally, and what you should be doing to protect your businesses.
RecordedMar 1 201859 mins
Your place is confirmed, we'll send you email reminders
Kevin Stewart ,F5 | Reggie Lau Director and Principal Consultant and Sri Prakash Gupta Consultant Forrester Consulting
Forrester Consulting recently conducted a commissioned Total Economic Impact™ study on behalf of F5, showing an analysis of F5’s SSL/TLS Visibility solution and found that the average customer will see an ROI of 373%.
Join F5 and guest speakers from Forrester as they walk through the details of the financial analysis to understand the benefits that F5 brings when combatting security threats that hide within encrypted traffic.
In this webinar, you’ll learn:
- Why visibility into encrypted traffic is critical to your security program.
- How F5’s approach provides operational efficiencies in managing your security inspection tools like Next-Gen Firewalls, Web Application Firewalls, malware sandboxes, and more.
- The ROI you can expect from investing in F5’s SSL/TLS visibility solution.
Luke Lehman, Sr. Product Manager, Shape Security Part of F5
The number of cloud-based and SaaS apps across your organization is growing fast. So is the number of attacks that target them. There are a number of myths about how to best protect your online applications from vulnerability exploits, from bots, and from denial of service attacks.
What are these myths and how do you sidestep them to effectively protect your apps, without scaling out your infrastructure and hiring hard-to-find security experts?
With F5 Silverline managed application security services, you can bust through these myths to deploy advanced, integrated security services for every app, anywhere, without upfront investments in IT infrastructure and personnel.
In this informative webinar, you’ll learn about:
- Cybersecurity myths that could be harming your business today
- The core application security feature set you need to defend your apps – and your business from these attacks
- Innovative ways to deliver improved application protection and performance, with lower operating costs
Dan Woods, VP Threat Intelligence Center, Shape Security Part of F5
Myths have always made up some of the most well-known stories and folklore around the world. But the last thing you want to do is base real business decisions and security outcomes on a well told story, even if it does sounds convincing. A misunderstanding of what does and does not protect your digital footprint can lead to devastating breaches.
Join us for this webinar as Dan Woods, VP Shape Intelligence Center and former FBI Agent, separates fact from fiction when it comes to defending your apps from sophisticated adversaries, including:
- Understanding how MFA just adds more information to the dossier of a targeted account
- Password schemes won’t protect user accounts from being taken over - CAPTCHA is a fabled response to a sophisticated problem
Get the new blueprint for keeping your financial services institution secure
Online fraud losses from application attacks are estimated to exceed $48 billion per year by 2023, making applications the single most lucrative targets for cybercriminals. Financial services institutions are naturally at risk, especially those currently maintaining open-banking platforms, migrating cloud applications or struggling to rapidly develop and deploy applications.
Join F5 Global Head of AI, former CTO Shape Security Shuman Ghosemajumder to explore:
•New and emerging fraud and cyber threats for financial services institutions
•How to maintain top security through outcome-based methodologies
●The role AI plays to proactively secure financial institutionsBillions of dollars, reputation and critical online services are at stake.
To remain secure, financial services institutions need to hold their partners and technology accountable for outcomes rather than only relying on them for functionality that cybercriminals render ineffective.
Mike Plante, VP Product Marketing, Shape Security Part of F5
Enterprises find that despite spending billions annually on tools to detect online fraud, direct fraud losses continue to climb. Juniper Research estimates that online fraud losses in aggregate are projected to exceed $48 billion per year by 2023.
Current fraud tools require extensive configuration, generate uncertain risk scores, require fraud teams to develop their own rules to defeat fraud applying a lot of friction to legitimate users, hurting revenue.
In this informative webinar, you’ll learn:
- The major sources of online fraud, including bad bots and malicious humans
- Some of the shortcomings of today’s approaches to online fraud detection
- Provocative metrics to help you understand online fraud and its impact on business outcomes
- A totally new approach to preventing online fraud using AI
Hindsight is 2020. That holds true for the OWASP Top 10, the threat awareness report that details the most critical security risks to web apps each year. Come learn the real-world impact of the OWASP Top 10, and why the guidance is relevant in maintaining a foundational security posture in an era of digital transformation.
We’ll dive into real attacks that have recently exploited OWASP Top 10 vulnerabilities.
In this webinar, you’ll learn:
- How the explosion of open source technology and cloud-based architectures has made the threat surface so challenging to protect against
- Why the OWASP Top 10 still matters and how to use it effectively to stay ahead of the curve
Sander Vinberg Threat Research Evangelist, F5 | Byron McNaught Sr. Technical Marketing Manager, F5 | Ray Pompon, F5
While gathering data for the 2019 Application Protection Report, F5 Labs focused on the theme of how trends in application architecture are driving risk. The results were hugely impactful—the attack techniques that bad actors employ have not only remained viable, but are still quite profitable.
In our upcoming webinar, F5 Labs researchers are diving into what we learned from the 2019 report and what actions organizations need to take to stay protected.
In this webinar you will learn:
- What the growing correlation means between sector and breach modes
- How and why attackers are targeting the retail sector using an injection technique known as formjacking
- More about credential abuse and phishing and the causes of the growing number of API breaches
- How to reap the benefits of the emerging architectures without increasing risk
David Warburton, Sr. Threat Research EMEA, F5 | Katie Newbold, Intern, F5 | Byron McNaught, Sr. Technical Marketing, F5
In F5 Labs latest 2019 TLS Telemetry Report they’ve expanded their scope to look at not only how organizations are using TLS protocols and ciphers, but also how they’re using certificates and supporting protocols.
In this webinar, we’ll cover the results of F5 Labs global scanning and uncover how malware is increasingly using encrypted protocols to hide its activities. We’ll offer advice and best practices for configuring TLS and related protocols.
We’re also proud to announce the release of our new HTTPS testing and reporting tool CRYPTONICE. We’ll give you a brief demo of the tool and show you how you can use it to test your own sites to make sure they’re deployed securely.
Finally, we’ll show how F5 can help manage the complexity of encryption via a risk-based approach that adapts to privacy and security requirements.
You’ll learn how:
- The rapidly changing encryption landscape has improved privacy and security—but also increased the effectiveness of attackers.
- The world’s most popular sites are using TLS.
- Malware is increasingly using encryption.
- Our new CRYPTONICE tool works.
Lori MacVittie, Principal Technical Evangelist, F5 Networks | Cindy Borovick, Business Intelligence Director, F5 Networks
Applications power our digital economy. Through what is broadly referred to as digital transformation, businesses across all industries are becoming app-centric with the goal of moving faster, boosting efficiency, and securely delivering amazing digital experiences to not only customers and employees alike.
But without powerful application services behind the scenes, your apps are like cars without fuel.
In this webinar, we’ll cover:
- How to use your own digital transformation to gain actionable business insights that prevent loss, predict capacity, optimize resources, and increase revenue
- How to gain greater visibility into your application portfolio
- What effect the growing number of APIs is having on the application landscape
- Who should be in charge of ensuring the availability, performance, and security of your applications
- We recommend virtually gathering your entire team so you can listen and connect on this important topic.
Get the latest intel on the app threats that matter.
As more application development moves into an Agile methodology, security often lags behind. Besides the shift in culture and mindset required to ensure security throughout the reimagined SDLC, legacy tools need to be updated so they’re not a hinderance to application release frequency.
Learn how the F5 Advanced Web Application Firewall (WAF) protects against a variety of attacks while providing critical feedback earlier in the SDLC process to reduce costs and speed up time to market.
Jay Kelley, Principal Product Marketing Manager - F5 Networks
Get the latest intel on the app threats that matter.
The majority of breaches in the US in 2019 were the result of access-related attacks. Why? An explosion of applications residing in multiple cloud environments have created complexity while previously breached username and password combinations have created new common attack types.
Learn how the F5 zero-trust solution integrates with your favorite identity as a service to deliver single sign on for ALL apps, regardless of where they reside, and provides an enhanced, per request, inspection to ensure appropriate access.
Get the latest intel on the app threats that matter.
SSL/TLS (encryption of data-in-transit) is used in the overwhelming majority of web and data center traffic. While this is great for privacy, it creates challenges for organizations that need to inspect ingress or egress traffic for malware or other threats.
Learn about the F5 solution that centralizes the ability decrypt traffic, orchestrates to multiple inspection tools, and re-encrypts all, based on custom policies that fit your needs.
Dan Woods, VP Shape Intelligence Center, Shape Security now part of F5
Third-party financial aggregators might make life easier for users, but they can be a new attack vector for those looking to defraud your institution and its customers.
Each time a new list of leaked credentials goes into circulation, criminals use them for credential-stuffing attacks on aggregators, as well as other targets. Once working aggregator credentials have been identified, attackers move on to siphon funds out of their victims’ accounts.
Furthermore, some aggregators explicitly aim to use their positions to disintermediate banks and other financial institutions from their customers.
What steps can banks take to:
Protect their infrastructure?
Protect their customers?
Enforce the API use agreements that they have entered with the aggregators?
Brian Uffelman, Sr Manager Product Marketing, Shape Security, a F5 Company | Luke Lehman, Product Mgr, F5 Silverline
Today’s applications have become the fabric of our economies and our lives. Applications are how value is exchanged and where the most sensitive data is stored. And that’s precisely why applications have become the focal point for cybercriminals, who target your applications for financial fraud and abuse.
In this webinar, learn how Silverline Shape Defense – the newest solution in F5’s Silverline managed services portfolio – protects your web apps from bots and other automated attacks by delivering continuous protection, even when attackers retool.
We will discuss tactics to help you:
- Slash losses due to fraud and abuse Deliver better application performance and uptime
- Achieve measurable cost savings for hosting and bandwidth costs
- Prevent sophisticated attacks including those on the OWASP Automated Threats to Web Applications list
- Detect and mitigate vulnerability exploits and denial-of-service attacks
Payal Singh, Solutions Architect, F5 | Patrick Campbell, Sr. Business Development Manager, F5
Learn how to manage the F5 BIG-IP in your ACI + BIG-IP deployment by leveraging the F5 Automation Toolchain and ACI’s programmable App Center framework.
Key Learning Objectives:
This simple and native integration aims to solve important real world use cases:
- Deep infrastructure visibility into the ACI and F5 deployment, and
- Network as well as application management on BIG-IP.
Each use case can be automated due to the SDN capabilities provided by Cisco APIC.
Join us to understand how you can leverage APIs to achieve end-to-end network automation workflows and learn how different personas within your organization can benefit from these features and functionalities.
Apps live anywhere today and can be accessed from everywhere, anytime. As the perimeter vanishes, the risk landscape increases and threats mount and become more sophisticated. “Trust, but verify” is replaced by “Never trust, always verify.” Apps are the front door to critical, sensitive data, so you must ensure that only the right users access the right apps at the right time with the right device and right configuration, from the right place. And they need to be able to do all of it simply. An identity-aware proxy drives Zero Trust app access.
Geoff Pattersen, Sr. Mgr Product Mgmt., F5 | John Howell, Sr. Global Solution Architect, F5
As service providers are preparing for the 5G transition, security continues to be top of mind. Security for new services must be both easy to manage and cost-effective. Automation and virtualization play a critical role in helping security teams be operationally efficient—doing more with less. F5 provides security solutions to the largest services providers globally.
This session will cover how F5 can help you design in security at every critical point of the infrastructure—at the edge, in the data center, and everywhere in between.
Jason Feldt, Director of Product Management, NGINX Analytics, F5
NGINX offers what you need to gain end-to-end visibility across multiple app services so you can provide powerful insights and meet SLAs with customers without having to aggregate output from disparate monitoring tools. And if you already have CI/CD analytics tools you know and love, NGINX can integrate with those, too.
F5 Labs has spent the past three years analyzing and combining data on cyber-attacks from a variety of F5 internal sources and external partners including breach data, surveys of security pros, malware forensics, global honeypot nets, and customer incident reports.
We'll dive into the top threats, broken out by industry sector, region, and technological platform.
The ability to find and address the root cause of application failure is getting more difficult as multi-cloud application deployments grow. AppDevs, DevOps, and NetOps all need deep app health visibility and simplified troubleshooting on a per-app and per-user basis, across operating environments, multiple clouds, and F5 devices—and now they can get it.
In this session, we'll see how F5 BIG-IQ provides a single source of truth across teams.
Your apps—fast, available and secure—in any cloud.
At F5, our mission is based on the fact that businesses depend on apps.
Our long-standing belief that applications are the most valuable assets of any organization in the digital age has been the foundation of our strategy to become the leader in multi-cloud application services. When you combine F5 and NGINX's expertise powering over half of the world's applications across all types of environments, with Shape's insight from mitigating 1 billion application attacks per day, you have a company that knows how to deliver and secure more applications, and more value, than any company in the industry.
This means that we are able to deliver and protect applications—revenue generating, brand-anchoring applications—from the point at which they are created through to the point where consumers interact with them. In other words, from "code to customer." This makes the combined forces of F5, NGINX, and Shape absolutely essential to every digital organization in the world, including the world's largest enterprises, service providers, financial and educational institutions, government entities, and consumer brands.
F5 (Pt. 2): The Hunt for IoT and it’s Threat to Modern LifeSara Boddy, Director of F5 Labs Threat Research, F5; Brandon Dunlap, Brightfly (Moderator)[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]59 mins