Principles for Deploying a Secure Cloud Architecture
In the shift to the cloud, enterprises are struggling to balance rapid business innovation with the integration of legacy systems into new cloud-based applications. Complicating matters further, you've got regulatory compliance constraints, escalating performance expectations from customers, and ever-evolving security risks.
The good news is that successful enterprise cloud adoption models do exist, that make it possible for teams to work together in a multi-cloud world to deliver apps quickly and securely. We call this Secure Cloud Architecture.
In this webinar, you’ll learn about:
- Architecture design principles that support business outcomes at scale
- How development and IT roles need to evolve to support the business
- The importance of reusable infrastructure and security services
RecordedApr 15 202043 mins
Your place is confirmed, we'll send you email reminders
In recent months, ransomware has successfully halted operations of several critical infrastructures, creating significant obstructions to various sectors of the U.S. economy. According to the 2021 Application Protection report from F5 labs, ransomware was a factor in approximately 30% of U.S. breaches within the last year, up from just 6% in 2019.
In our webinar, we'll cover why it's essential that critical infrastructure and federal contractors protect their organizations against the threat of ransomware spawned by phishing attacks and malicious web page downloads.
Join the webinar to learn how to:
• Protect your organization from ransomware downloaded as a malicious email attachment or link
• Prevent ransomware spawned by web downloads from encrypted web pages
• Detect and halt encrypted malware before it enters or exist your network
Shape Security (Part of F5), protects web and mobile applications from fraud and abuse by answering 3 fundamental questions about the user:
Are you human?
Are you good or bad?
Are you who you say you are?
By answering these questions, Shape makes it possible to stop malicious automated attacks, identify fraudulent human activity, and reward legitimate users all in real time. Interested in seeing Shape’s defense in action? Join us for an upcoming session.
This interactive series will cover:
How an attacker thinks through constructing an automated attack.
- The tools used by attackers and how quickly an attack can be launched.
- Things to look for to detect if there is automation present in your environment.
- How Shape’s understanding of the user protects and enables online web and mobile applications.
Device and user identifiers are the common thread that span the entire technology stack. Organizations use them to drive fraud prevention and critical business analytics. Device ID+ is a real-time, high-precision device identifier that utilizes advanced signal collection and machine learning algorithms to assign a unique identifier to each device visiting your site.
In this session, we’ll give you a rundown on how Device ID+ works, why it’s important, and how to use it within your application.
Shehzad Shahbuddin,Sr. Solutions Engineer, F5 | Rob Roj,Security Architect,F5
Competing for customer loyalty in a digital world is hard. To add to this challenge, leaders must defend the business from motivated adversaries who have evolved their tactics to bypass security defenses and evade detection. Any business that operates eCommerce applications or manages user accounts of value is a potential target and the consequences are significant: account takeover (ATO), fraud losses, damaged brand, and other equally disastrous scenarios.
In this webinar join Senior Solutions Engineer Shehzad Shahbuddin and senior Security Architect Rob Roj with f5 Shape Security to find solutions for vulnerability management. Then join ISA Cybersecurity Training Instructor Bryan Singer as he goes through a few case studies and shows exposure risks.
1) How attacks originate from automation.
2) Ways attackers adapt using imitation and human fraud.
3) Introduce practices to defeat your adversaries and protect your business from online fraud.
4) Case Study on Vulnerability Management
Peter Scheffler - Sr. Security Solutions Architect, F5 | Shahnawaz Backer - Principal Security Advisor, F5
Application programming interfaces form the chassis for modern applications. They are interfaces to software components that developers use to integrate valuable information into their applications. The universal presence of API makes them a lucrative target, F5 Labs Application Protection Report – 2020 Edition analyses API breaches and disclosures from last year.
Join us to hear from our researchers and solution architects;
• Details on errors made in securing APIs from breaches and vulnerability disclosures
• Live demonstrations of some API security challenges
• Methods to safeguard modern APIs
Join F5 for a breakdown of findings from the 2021 Application Protection Report. This report is the latest publication from the security research team at F5 Labs. It uses a year's worth of attack data to help security professionals prioritize defenses against threats such as ransomware, formjacking, and unsolicited API's. We will explore the tactics and techniques employed in more than 700 data breaches from 2020 and offer detailed recommendations for mitigating these risks.
Join this webinar to learn about:
• The explosive rise of ransomware in 2020 and the significance of that trend
• The continuing evolution of card-skimming attacks like Magecart
• The unique security challenges of APIs and API-centric architectures
As online activity increases and digital footprints expand, so too does the overall application attack surface. The recent shifts in consumer behaviors have greatly accelerated business digital transformation and compounded the associated fraud and abuse committed through web/mobile apps and APIs.
In response, security, fraud and marketing leaders must be encouraged to adjust their application infrastructures accordingly, seeking solutions that can help them achieve exponentiality alongside tangible business outcomes. In common currency, customer experience and fraud prevention should no longer be considered mutually exclusive goals. Instead, organizations must align their application security, digital fraud, CX and marketing teams to positively impact both top and bottom-line outcomes, demanding elasticity from the platforms committed to delivering this holistic approach to digital transformation.
Alex Barajas, Product Management Engineer, F5 | EJ Chen, Solutions Architect, Edge Services, AWS
A content delivery network (CDN) is an important component of a company's digital presence. In order to adapt to changing business conditions and operating environments, creating a globally secure and scalable network is crucial. Thankfully, F5 and AWS have developed solutions that deliver the world class security you need.
In this webinar, you'll learn how the F5 Managed Security Services combined with Amazon CloudFront work together to offer flexible configurations, low operating costs and the ability to iterate over time.
We'll cover how:
- AWS and F5 solutions come together to build a globally secure and scalable network
- Both architectures allow for rapid integration with third-party components
- Leveraging a managed service provides added security and support
Carlos Asuncion, Director, Solutions Engineering, F5
Account takeover attacks (ATO) are in many ways the driver of the wider fraud ecosystem. Compromised accounts are leveraged in downstream fraud with more sophisticated and costly attacks. The economic impact of fraud goes beyond just the immediate costs of remediating the attack. There are many ancillary costs of failing to stop these attacks as well, such as impacting customer loyalty, negative brand association, negative news headlines and more.
In this session, we'll examine how effective fraud prevention prevents immediate and downstream costs.
With the proliferation of apps that have adopted anti-bot technologies such as Shape Enterprise Defense, attackers are finding it difficult to identify soft targets. Instead of expending resources in an attempt to circumvent anti-automation technologies, fraudsters are pivoting and attacking unprotected email servers that become the steppingstone to the ultimate goal: your customer accounts. This, in turn, has resulted in a change in the credential marketplace landscape. Shape Security has been protecting our customers from automated attacks for years and has observed that fraudsters are left with no option but to revert to manual (i.e., human-driven) fraud methods. For this reason, we've developed machine learning models that protect our customers applications.
Roy Muermann, Solutions Architect, F5 | Dan Henley, RVP, Global Solutions Engineering, NGNIX (Part of F5)
Open banking can change the game for financial services and empower account holders like never before. Customers are demanding transparency and access to their data for third party providers, but the absence of open banking regulations in the U.S. has caused some to question the seriousness of the movement.
The good news is, the U.S. banking industry is moving forward to advance the use of open banking related API protocols, like the consortium of top financial services institutions working together to define, standardize, and secure data transfers—organized by FS-ISAC’s Financial Data Exchange (FDX).
These progressive financial institutions are helping to define an API strategy that will transform the very future of banking by driving new revenue streams and a stickier customer experience.
In this webinar we'll cover:
- The challenge, catalyst of change, and growth model of open banking
- The open banking maturity matrix, based on regulatory and market initiatives
- Key imperatives for successful implementation of open banking
- Scaling and maximizing API performance
- Safeguarding APIs and protecting against API-specific threats
The 2021 Credential Stuffing Report explored the relationship between credential theft and credential stuffing, and allowed us to characterize this threat landscape as an interdependent ecosystem with a distinct lifecycle. In other words, before credentials can be stuffed, they must first be stolen and deciphered, which illuminates how proper storage of passwords affects everyone, not just the victim of the theft.
This talk will explore the report's findings around password storage techniques and how they relate to credential theft events, and then provide recommendations for breaking this lifecycle and reducing the widespread risk of credential stuffing.
Today, applications can live anywhere—in the cloud, on premises, as a service, or on a mobile device. Plus, they're used everywhere at any time by employees and business partners. Securing access to apps that are anywhere and accessed everywhere is a major challenge that organizations face when implementing a Zero Trust strategy.
In this webinar, you'll learn how Microsoft Azure Active Directory and F5 BIG-IP Access Policy Manager work together to:
- Manage and secure all your applications, including cloud- and web-based apps like Microsoft 365 and Salesforce, classic apps like SAP and Oracle, and custom-built apps
- Provide identity federation, SSO, MFA, and Conditional Access to all your applications, regardless of where they're hosted and the method of authentication used
- Protect your applications and data while ensuring continuous verification and integrity with cloud-based identity
Like many organizations, digital transformation is probably having a profound effect on how you develop and deliver applications. Automation, self-service, CI/CD pipeline integration, new deployment environments, and new ways of collaborating with DevOps teams are likely becoming your day-to-day.
These new approaches are all in service to the metric that matters most: speed to market. But what about control, consistency, security, and integrating these new approaches and tools such as NGINX with existing investments—namely your BIG-IP infrastructure?
Join this webinar to learn how to build an app delivery pipeline that will help you balance these priorities with a unified, app-centric platform that augments and enhances your current application delivery and security investments.
In this webinar you'll learn:
• The challenges associated with modern application delivery
• Solutions and approaches to solve these challenges
• How NGINX Controller's integration with BIG-IP enables self-service and automation via demo
• Answers to your questions
Containerization and serverless computing have had a significant impact on how apps are architected, networked, and secured. In this session, we’ll provide real world examples of app and API security attacks. We’ll also cover the four key security tenets—discover, analyze, secure, and anywhere—that users should look for in an app or API focused security solution.
5G is coming! 5G core networks are intended to be cloud-native and deployed as microservices on a containerized Kubernetes infrastructure. Kubernetes is not designed for service providers that need to solve specific problems like how to manage 4G protocols on their 5G network.
In this session, we’ll teach you how to tackle and solve these issues and how to ensure granular visibility into 5G network traffic.
With APIs serving as the connective tissue across all applications, API management capabilities are critical to achieving successful outcomes. In addition, the rise of the DevOps movement has fostered a culture of self-service, supported by distributed infrastructure. What are the characteristics of distributed API management? How do you drive innovation by accelerating API release velocity? Attend this session to find out.
Jay Kelley,F5 | Don Laursen, F5 | Manish Desai, F5
According to the 2020 Phishing & Fraud Report from F5 Labs, the majority of phishing links—over 71%—use valid HTTPS certificates to appear credible so that they can fool you into clicking on a malicious link.
Join this session to learn how F5 SSL Orchestrator can stop the bait used in encrypted phishing and spear phishing campaigns and how it can also secure non-standard ports from being a source of data loss.
Lori Mac Vittie, Principal Evangelist, F5 Office of the CTO
Data Driven: Unlocking the Current and Future State of Application Delivery and Security Technologies
Technologies that deliver and secure applications are the status quo. Without them, applications don't scale, don't perform, and ultimately impact the customer experience. As businesses become digital, the technologies that enable experiences must evolve to deliver the data and actionable insights necessary to optimize and secure applications.
This session will explore the current state of application delivery and security technologies and how data unlocks future business and digital capabilities.
The challenge for many higher education institutions is balancing security with easy access for legitimate users. Unwanted or malicious automated traffic, like credential stuffing, make up anywhere from 50-90% of an average enterprise’s online and mobile traffic – resulting in account takeover. Most education institutions do not have large IT budgets and often lack the resources to implement new safeguards. The risks faced by the higher education sector are unique, but there are cost-effective tools that can help.
Join F5, Shape, and Carahsoft for a webinar where we will run through these threats and ways we can help, as organizations accelerate digital transformation in order to adapt.
In this webinar, you will learn:
- Attacker economics: why automated attacks are so attractive and lucrative
- How credential stuffing leads to account takeover and jeopardizes digital transformation
- The way attackers are leveraging the COVID-19 pandemic to accelerate application fraud
- How F5 can defeat application fraud and ensure strategic business outcomes
Service providers can solve key application challenges in their digital transformation by offering managed services that enable an enterprise to easily deploy and secure applications in any location (i.e., on premises, at the edge, in a private data center, or in a public cloud). In this way, you can focus on developing key apps for your business rather than worrying about how to deliver and secure those applications.
In this session, we’ll show you managed app services that a service provider can offer using F5 technology, successful use cases, and the support that F5 provides service providers to ensure their success in generating revenue from these managed application services.
Your apps—fast, available and secure—in any cloud.
At F5, our mission is based on the fact that businesses depend on apps.
Our long-standing belief that applications are the most valuable assets of any organization in the digital age has been the foundation of our strategy to become the leader in multi-cloud application services. When you combine F5 and NGINX's expertise powering over half of the world's applications across all types of environments, with Shape's insight from mitigating 1 billion application attacks per day, you have a company that knows how to deliver and secure more applications, and more value, than any company in the industry.
This means that we are able to deliver and protect applications—revenue generating, brand-anchoring applications—from the point at which they are created through to the point where consumers interact with them. In other words, from "code to customer." This makes the combined forces of F5, NGINX, and Shape absolutely essential to every digital organization in the world, including the world's largest enterprises, service providers, financial and educational institutions, government entities, and consumer brands.