Name: Attacker Automation: How Bots Are Evading Your Defenses For Fraud And Profit
Start: 2023-03-22T15:00:00Z
End: 2023-03-22T15:00:57.000Z
Location: BrightTALK
Rating: 4.5

F5 is the only company that can secure, deliver, and optimize any app, any API, anywhere.

F5 specializes in application delivery networking(ADN), application availability & performance, multi-cloud management, application security, network security, access & authorization and online fraud prevention.

Visit F5 at: https://www.f5.com/company

Join F5 Labs threat researcher Sander Vinberg for the latest vulnerability intelligence from F5 Labs. This talk will begin at the tactical level by exploring CVE targeting trends, including a recent focus on IoT devices. Sander will also cover the Exploit Prediction Scoring System, an open-source ML system for forecasting vulnerability exploitation.

We will unpack how the system works, how F5 contributes to it, and how best to use it to provide insight into your own vulnerabilities and risks. The talk will conclude with an examination of the long-term future of vulnerability management, referencing selected findings from a recent report on the evolving CVE landscape.

Through this talk, attendees will learn:

-  Which vulnerabilities attackers are prioritizing in 2022 and early 2023
-  Features, strengths, and weaknesses of the Exploit Prediction Scoring System
-  How changes to vulnerability publication may impact the future of the CVE system

Vulnerability Intelligence: Near Past and Distant Future

As organizations increasingly adopt hybrid architectures and microservices, the number of APIs utilized within their ecosystems continues to grow at an exponential rate. This phenomenon, known as API sprawl, poses significant challenges in terms of security, governance, and efficiency. But of them all, API security might require the most urgent response. 

For organizations trying to secure their APIs, multi-cloud complexity and difficulty enforcing consistent security top the list of challenges according to F5’s State of Application Strategy Report (2023). To address API sprawl, organizations need to adopt a more holistic app and API security strategy for their organization including components that deliver runtime protection, posture management, and help integrate security and code testing earlier in the software development lifecycle. 
 
Join the conversation to hear Joshua Haslett, Ian Dinno, and David Remington's answers to hard-hitting questions about API sprawl, management and security.

Untangling APIs: Addressing Sprawl and Securing Your Digital Ecosystem

Whether an application is hosted in one or more locations, is migrating, or has advanced delivery and security needs, it's crucial to provide effective and consistent security. Fortunately, application owners can use the F5 Distributed Cloud Platform and portfolio of services to engage multi-cloud networking for on-premises and cloud-based application deployments to provide consistent security operations.

In this session, we will: 
 -  Explore F5 Distributed Cloud’s Multi-Cloud Networking functionality for secure delivery of applications wherever they are hosted. 
-  Show consistent deployment and operations of application security across Public Cloud and/or Private Cloud/Data Center.
-  Reviewing layered security deployment architectures with the F5 portfolio solutions like BIG-IP and NGINX designs.

Protect Apps Anywhere with F5 Distributed Cloud Services

Join F5 experts to learn how to gain the observability, security, and agility you need to compete in a complex hybrid and multi-cloud digital world.

Apps and APIs span every generation of architecture—from monoliths to microservices and from client-server to mobile—across data centers, clouds, and at the edge. Organizations strive to achieve digital resiliency, yet 9 out of 10 companies that operate in multi-cloud environments are struggling to maintain a consistent security posture.

In this webinar, you'll learn:

-  The challenges of securing the enterprise architecture for digital business.
-  How the right solutions protect all apps and APIs—legacy and modern— from core to cloud to edge.
-  Best practices for deploying comprehensive protection and consistent security that unleashes innovation and digital velocity.

Application Security for a Hybrid and Multi-Cloud Digital World

As application development continues to advance, API frameworks must evolve to meet the increased security burden placed upon them. API security includes the rules, protections, and controls used to secure them as well as the essential observability and visibility provided through discovery. Together, API security and discovery accelerate development and delivery of services. 

In this session, we will:
-  Explore F5 Distributed Cloud's API Discovery functionality and ability to drive learning and visibility of discovered, inventories, and shadow APls.
-  Apply API security protections delivered at the edge and securely deliver endpoints while understanding their delivery.
-  Layer complimenting security strategies like Malicious User Detection and Mitigation, Bot Strategies, and other Service policy services to protect APls.

Discover, Monitor & Mitigate API Threats with F5 Distributed Cloud Services

Recent breaches have exposed everything from your credit score to your age, gender, and even how often you work out. Worst of all, in a recent breach, unprotected APIs (Application Programming Interfaces) have exposed the personally identifiable information and login credentials of 37 million people. Given the sensitive nature of the data that can be exposed by unprotected APIs, the need for effective security cannot be stressed enough. 

Join our webinar to learn from F5 security experts why it is imperative for organizations to address security threats to consumers and business — and the steps you can take to get started. You will hear real stories about security challenges, followed by a demo showing what shadow APIs are and look like and how to interact with them, and more.  

In this webinar, you will learn about:

-  The best ways to incorporate security controls. 
-  API discovery and API protection rules.
-  Swagger file generation through discovery and import.
-  Rate limiting based on the API inventory that gets created.

API Discovery, Inventory, and Security Webinar

APIs have become one of cybercriminals’ favorite vectors for account takeover attacks. Credential stuffing, business logic abuse, and DDoS attacks are just some of the malicious automated bot attacks deployed to take over accounts and perpetrate identity theft and fraud. 

Readily available scripts and tools make orchestrating API attacks easier than ever, and legacy bot defense techniques struggle to detect these potentially devastating incursions. Thus, it’s no surprise that, according to recent Google Cloud research, 50% of organizations experienced an API security incident in the past 12 months.
 
With such a dire threat via APIs negatively impacting user data and the bottom line, F5 and Google Cloud are hosting a panel discussion to answer your pressing questions about API security and tactics. 

Join the conversation to hear F5’s Vice President, Security, Angel Grant’s answers to hard-hitting questions about account takeover attacks and API security. 

Join the webinar to see Angel on the API security hot seat and learn: 

-  What’s the current threat landscape targeting APIs 
-  How exploits in API business logic can lead to fraud 
-  Defense tactics against API injections 
-  How to mitigate potential brand and reputational damage 
-  Why legacy bot detection techniques have become ineffective 
-  How to best decern between good and bad traffic – both human and bot 

Learn more, register today

Thwart the Account Takeover Menace – Join the API Security Conversation

Attackers will repackage mobile apps, inject malware, hooking frameworks, and perform overlay attacks to cause security breaches, data leaks, and gain privileged access. Once a mobile app is controlled or hijacked, attackers can attack your server-side applications using automated attacks. They will also steal sensitive data that resides in your mobile apps, such as customer credentials, API keys, and intellectual property. You are on the hook for rigorous compliance standards for privacy (ex: GDPR, CCPA), payments (ex: EMVCo SBMP, PCI, & PSD2), and health records (HIPAA). 

Part of picking the right infrastructure is knowing you can extend secure experiences to mobile applications. With intellectual property and sensitive information flowing through these mobile apps, it’s important to understand the risk and what you can do to make this a safe channel for your business. 

You’ll also learn more about F5’s new mobile app security solution which can help you reduce security risk and meet compliance. Join the conversation and see how mobile application security can be a bigger part of your secure application vision.

Stop Bad Actors From Attacking Your Mobile Apps

While security and operations teams care deeply about their ability to deliver the best experience possible for their customers while enhancing operational efficiencies, there is plenty left for the board and the executive staff to consider when it comes to bots and automated attacks.

Join Joshua Haslett, Strategic Technology Partner Manager at Google Cloud, and Jim Downey, Cybersecurity Evangelist at F5, for an in-depth conversation to help crack the code on “bot economics” so you can learn how to:

• Calculate financial revenue and reputation costs
• Identify and control operational expenses
• Develop a cost/benefit analysis for bot mitigation
• Prepare for that much-needed business conversation with key stakeholders

F5 Distributed Cloud Bot Defense for Google Cloud enables frictionless security that complements performance, automation, and insight to deliver and scale the application experience. Join the conversation to determine the economic impact of bots on your business so you can demonstrate to the board that the top and bottom lines are safe from bot-generated compromise.

Bots to Board Room: The Often-Missed Economic Impact of Bots

Organizations are increasingly deploying workloads across multiple diverse environments and application architectures. This creates a critical need to protect organizations’ essential applications no matter what their deployment or architecture – and with flexibility and speed.

Join our webinar to learn how the F5 Web Application Firewall (WAF) portfolio, paired with DevSecOps principles, enables organizations to deploy and maintain industry-leading security without sacrificing the time to value their applications. Our 15-minute demo will show you how you can accomplish this with multiple WAF options that allow you to deploy a hybrid architecture.

In this webinar, you’ll learn how:

-  Edge architecture can coexist with shift left practices
-  A strong security model can provide flexibility
-  F5-supported APIs and tooling paired with DevSecOps practices make it all possible

Shift Left and Edge Security with DevSecOps and F5

Dealing with multiple applications in a micro-service architecture means you’re probably contending with a fragmented environment that’s nearly impossible to manage, secure, and operate efficiently.  
In this follow-up to webinar Multi-Cloud Networking Traffic Flow Challenges, we’ll show you what multiple traffic flows look like for a common enterprise and how to solve its traffic flow issues. We’ll also demonstrate the benefits of – and how to configure – proxy architectures for a multi-cloud environment.

Part 3 of 3: Implement a Multi-Cloud Strategy to Manage Traffic Flow

As you move your cloud strategy to a multi-cloud environment, you may be losing visibility into how your various containers, microservices, and technologies are performing. And possibly leaving your systems open to errors, breaches, and attacks. 

In this follow-up to webinar Adopting Container-as-a-Service for Hybrid Cloud Security, this demonstration will walk you through getting visibility into Kubernetes components, tapping into automatic discovery of Kubernetes workloads, and securing multi-cloud environments at scale.

Part 2 of 3: Solving Hybrid Cloud Security with Container-as-a-Service

More companies are pushing their applications further toward the customer for performance gains, but those gains come with a price – like latency, offload compute, high availability, and more. For any organization, moving applications to the edge is a journey. You can shape that journey by tapping into solutions that offer more reliability, less latency, real-time data analytics, and better performance.

Join us to learn the benefits – and challenges – of moving applications to the edge. We’ll also offer some real-life use cases of applications being hosted at the edge – including examples of remote securing and updating of ATMs and retail kiosks – and show you how F5 can help at each step in that journey.

In this webinar, you'll learn:
-  Solid strategies for moving apps to the edge
-  How to get a unified security policy across your network
-  How to seamlessly connect your applications

Deploying, Delivering, Operating and Securing Applications at the Edge

In this follow-up to webinar Securing the Modern Application Framework, our demonstration will show how F5 Distributed Cloud helps secure modern application deployment and walk you through critical security configurations from client to application.

Join the FS Distributed Cloud team in this three-part demo series that takes a deeper dive into topics from earlier webinars (linked below). These 30-minute demonstration-led sessions show you how to launch solutions to today's biggest multi-cloud networking challenges. You'll walk away with a clearer understanding of what it looks like to adopt solutions that solve your traffic flow issues, offer agile and flexible security, and enable more efficient operations.

Register today

Part 1 of 3: Deploy API-First Security Across Your Applications

The landscape across application delivery and security is rapidly shifting. These changes challenges organizations when trying to protect their applications and APIs, IP, and business from malicious attacks across an ever-expanding threat landscape. The solution? Finding a platform that bridges traditional and cloud architectures that also delivers agility, performance, and protection across all applications.

Join us as we explore the benefits of combining F5 BIG-IP Security solutions with F5 rSeries appliances to help you mitigate attacks, increase your security posture, and optimize app performance. We’ll dive into key security and access use cases, plus how to empower your applications to scale and perform at peak requirements on next-gen platforms, while protecting your sensitive data, applications, and APIs from malicious attacks.

In this webinar, you’ll learn:

-  Key app security use cases: API protection, WAF, SSL VPN and secure VDI access API
-  Enhancing security and performance with secure, stateful access policies
-  Offloading DNS security services to the edge
-  Migrating security to a modern, automatable, API first ADC platform
-  Protecting your Data with rSeries
-  Future-Proofing your Infrastructure with rSeries

Unlock the Power of F5 rSeries for App Protection

Tune in to this live webinar to see the capabilities of the new VELOS chassis and rSeries appliances.

In this webinar, you’ll learn:
-  How to size a system refresh or new deployment appropriately
-  How to plan a convenient migration path from older F5 BIG-IP systems
-  How to use automation to simplify day-to-day operations
-  How to integrate VELOS and rSeries into modern application environments

After more than eight years of service in the most demanding environments, the F5 VIPRION B2000 series blades has reached End of Sale April 2023. What makes its successor, the new VELOS chassis, a compelling option? Wondering how to get a head start planning your move to the new system?

Big advances in performance and more flexible virtualization allow customers to consolidate their existing older VIPRION or BIG-IP systems on to fewer, more capable systems. Powerful declarative APIs make it faster and easier for DevOps, NetOps, and other BIG-IP-reliant teams to manage and automate their BIG-IP deployments.

The Case for F5OS: Compelling Reasons to Move to VELOS and rSeries

What you can do when bots look and act like humans.

As cybersecurity defenders, we increasingly look to automation and machine learning to detect attacks and tune our defenses. But were not alone. Organized crime also uses automation to develop new capabilities and find new ways to attack applications all while flying under the radar.

Join our webinar to get a closer look at the modern automated methods attackers use to bypass CAPTCHAs, multi-factor authentication (MFA), client fingerprinting, and bot detection systems. We will also explore how the recent explosion in generative AI tools could be a catalyst for automating attacks and circumventing existing application defenses.

In this webinar, you'll learn:
-  The tools and techniques attackers use to bypass bot detection
-  How AI/ML based tools may soon be used to even better imitate human users
-  Recommended methods for detecting and dealing with heavily automated attacks

Smart Bots and Al Assisted Attacks: Are you ready?

Overlapping IP addressing can create nightmares for network engineers and architects. But the solution can be pretty easy with the right tools! We'll discuss how in this Brightboard Lesson

Join this 5 min session: One of the most common headaches in NetOps is thoughtfully planning out internal IP address allocations. How many IP's will be needed? Does the site contain microservices? Will the workloads in a site need to connect to other sites? When it comes to supporting deployments in public clouds, many resources use the exact same CIDR blocks, for example, 10.0.0.0/8, 192.168.0.0/16, and 172.16.0.0/16 - 172.17.0.0/16. With services being spun up automatically, in many situations, the owner of the service may not have any idea which IP addresses to use and simply choose a common default. Having the same IP address used at multiple connected sites poses real challenges for transit routing.

F5 Distributed Cloud Services solve the IP Address overlap problem once and for all by connecting apps via services on its Global Network. Distributed Cloud Network Connect establishes connectivity across subnets and sites with orchestrated VPNs using MPLS to ensure segmentation. Distributed Cloud App Connect adds control and visibility at L4 and L7 by acting as a distributed reverse-proxy, allowing full abstraction of IP addresses to simplify the routing at each end. All that an admin needs to do is deploy Distributed Cloud CE's to the sites and configure a Load Balancer.

To understand how Distributed Cloud Services solve this problem before diving in to this solution, F5 staffer @buulam has a whiteboard session covering exactly what Distributed Cloud does at each step of the way.

How to Solve for Overlapping IP Addresses - On the Brightboard Lessons

As defenders, we increasingly look to automation and machine learning to detect attacks and tune our defences. But we’re not alone. Organised crime constantly develops their capabilities and continuously looks for ways to attack applications without being detected. Automation plays a huge part in this. This talk uncovers the modern automated methods which attackers are using to bypass CAPTCHAs, multi-factor authentication, client finger printing, and bot detection systems. We will explain the methods they use and take you through some real attack stories so that you will better understand the capabilities of organized threat actors.   

Key Learning Objectives: 
 1. The tools and techniques attackers are using to bypass bot detection 2. Examples of real bot attack stories 3. Recommended methods for detecting and dealing with heavily automated attacks

Attacker Automation: How Bots Are Evading Your Defenses For Fraud And Profit

Bots

Cyber Attacks

Authentication

Machine Learning

Fraud

Application Security

Cyber Security

IT Security

Attack Vectors

Botnets

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

The storage community on BrightTALK is made up of thousands of storage and IT professionals. Find relevant webinars and videos on storage architecture, cloud storage, storage virtualization and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Storage

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Attacker Automation: How Bots Are Evading Your Defenses For Fraud And Profit

Presented by

About this talk

More from this channel