Name: API Security Challenges and Best Practices
Start: 2023-04-04T17:00:00Z
End: 2023-04-04T17:59:12.000Z
Location: BrightTALK
Rating: 0

F5 is the only company that can secure, deliver, and optimize any app, any API, anywhere.

F5 specializes in application delivery networking(ADN), application availability & performance, multi-cloud management, application security, network security, access & authorization and online fraud prevention.

Visit F5 at: https://www.f5.com/company

Tune in to this live webinar to see the capabilities of the new VELOS chassis and rSeries appliances.

In this webinar, you’ll learn:
-  How to size a system refresh or new deployment appropriately
-  How to plan a convenient migration path from older F5 BIG-IP systems
-  How to use automation to simplify day-to-day operations
-  How to integrate VELOS and rSeries into modern application environments

After more than eight years of service in the most demanding environments, the F5 VIPRION B2000 series blades has reached End of Sale April 2023. What makes its successor, the new VELOS chassis, a compelling option? Wondering how to get a head start planning your move to the new system?

Big advances in performance and more flexible virtualization allow customers to consolidate their existing older VIPRION or BIG-IP systems on to fewer, more capable systems. Powerful declarative APIs make it faster and easier for DevOps, NetOps, and other BIG-IP-reliant teams to manage and automate their BIG-IP deployments.

The Case for F5OS: Compelling Reasons to Move to VELOS and rSeries

What you can do when bots look and act like humans.

As cybersecurity defenders, we increasingly look to automation and machine learning to detect attacks and tune our defenses. But were not alone. Organized crime also uses automation to develop new capabilities and find new ways to attack applications all while flying under the radar.

Join our webinar to get a closer look at the modern automated methods attackers use to bypass CAPTCHAs, multi-factor authentication (MFA), client fingerprinting, and bot detection systems. We will also explore how the recent explosion in generative AI tools could be a catalyst for automating attacks and circumventing existing application defenses.

In this webinar, you'll learn:
-  The tools and techniques attackers use to bypass bot detection
-  How AI/ML based tools may soon be used to even better imitate human users
-  Recommended methods for detecting and dealing with heavily automated attacks

Smart Bots and Al Assisted Attacks: Are you ready?

Organizations are increasingly deploying workloads across multiple diverse environments and application architectures. This creates a critical need to protect organizations’ essential applications no matter what their deployment or architecture – and with flexibility and speed.

Join our webinar to learn how the F5 Web Application Firewall (WAF) portfolio, paired with DevSecOps principles, enables organizations to deploy and maintain industry-leading security without sacrificing the time to value their applications. Our 15-minute demo will show you how you can accomplish this with multiple WAF options that allow you to deploy a hybrid architecture.

In this webinar, you’ll learn how:

-  Edge architecture can coexist with shift left practices
-  A strong security model can provide flexibility
-  F5-supported APIs and tooling paired with DevSecOps practices make it all possible

Shift Left and Edge Security with DevSecOps and F5

Overlapping IP addressing can create nightmares for network engineers and architects. But the solution can be pretty easy with the right tools! We'll discuss how in this Brightboard Lesson

Join this 5 min session: One of the most common headaches in NetOps is thoughtfully planning out internal IP address allocations. How many IP's will be needed? Does the site contain microservices? Will the workloads in a site need to connect to other sites? When it comes to supporting deployments in public clouds, many resources use the exact same CIDR blocks, for example, 10.0.0.0/8, 192.168.0.0/16, and 172.16.0.0/16 - 172.17.0.0/16. With services being spun up automatically, in many situations, the owner of the service may not have any idea which IP addresses to use and simply choose a common default. Having the same IP address used at multiple connected sites poses real challenges for transit routing.

F5 Distributed Cloud Services solve the IP Address overlap problem once and for all by connecting apps via services on its Global Network. Distributed Cloud Network Connect establishes connectivity across subnets and sites with orchestrated VPNs using MPLS to ensure segmentation. Distributed Cloud App Connect adds control and visibility at L4 and L7 by acting as a distributed reverse-proxy, allowing full abstraction of IP addresses to simplify the routing at each end. All that an admin needs to do is deploy Distributed Cloud CE's to the sites and configure a Load Balancer.

To understand how Distributed Cloud Services solve this problem before diving in to this solution, F5 staffer @buulam has a whiteboard session covering exactly what Distributed Cloud does at each step of the way.

How to Solve for Overlapping IP Addresses - On the Brightboard Lessons

As an organization's compute needs expand across private cloud, public cloud, colocation and SaaS/PaaS services, the need for multi-cloud networking arises as a way to deal with the connectivity challenges. In this video, we'll outline what those challenges are and then discuss how implementing a proper solution can actually turn multi-cloud networking into a strategic advantage for your business. (5 Min Video Overview)

What is Multi-Cloud Networking ? Brightboard Lessons

So, what is WAAP? It is an evolution of the WAF, conceptually and it stands for Web Application & API Protection (WAAP). It is similar to WAF in that the primary focus is to defend against layer 7 attacks - slowloris, brute force, L7 DOS, etc. - and also to provide protocol enforcement at layer 4. Another similarity is that both WAF and WAAP focus on the OWASP Top 10 as a framework for development. The glaring difference between the two is the necessitated inclusion of the OWASP Top 10 for APIs, as it is estimated that some 80% of the internet's traffic is now API related. WAAP has an understood bot defense component, as well. In the days of WAF, this was not as prevalent, but I think we all know that bot traffic is nothing short of explosive these days. 

Join this 6 min on-demand session to learn What is a WAAP?

What is a WAAP? Brightboard Lesson

A look at the results of the 2023 State of Application Strategy Survey
In today's digital age, the application strategy of any business is critical to its success. As we move towards 2024, Hybrid IT, Digital Services, and Security are becoming increasingly important to ensure organizations remain competitive and secure. 

Join us for a webinar where we will discuss the latest trends in application strategy, and explore how these three areas can be leveraged to drive innovation, agility, and growth.

In this webinar, we’ll cover:
-  Digital transformation is propelling a wave of modernization as it becomes a top-level business strategy—not merely an IT concern
-  Hybrid app environments will endure with capabilities distributed widely across core, cloud, and the edge
-  Speed to address emerging threats is the #1 reason for choosing security as a service

Exploring the State of Application Strategy in a Hybrid IT World

Join us on May 11, 2023, to discuss how Red Hat OpenShift and NGINX Plus can help you develop and deliver high-quality apps and APIs quickly while ensuring data security. Register now and take the first step towards a more modern, agile and secure application delivery.

Modern Application Platforms Made Simple.

The Payment Card Industry (PCI) Security Standards Council released a revised version of its Data Security Standard, PCI DSS 4.0, which delineates the minimum-security requirements that merchants must meet when they store, process, and transmit cardholder data.

PCI DSS v3.2.1 will be retired on 31 March 2024 after which PCI DSS v4.0 will be the only active version. Many of new requirements in PCI DSS are best practices until 31 March 2025, after which they are required and must be fully considered as part of any PCI DSS v4.0 assessment.

Join members from the PCI Security Standards Council and F5 as they outline the new PCI DSS 4.0 e-commerce requirements, how to prepare, and steps you can take now to meet the new client-side requirements (6.4.3 and 11.6.1) to ensure the integrity of e-commerce web pages that handle payments.
Attend this webinar to learn:
-  How digital skimming and Magecart attacks are conducted and why they are successful
-  What new PCI DSS 4.0 client-side requirements (6.4.3 and 11.6.1) were added to address these challenges
-  Best practices and resources available for meeting those requirements
-  Timelines you should be aware of and the steps you can take now

Preparing for PCI DSS v4.0  Client-Side Protection Requirements

Businesses face a growing battle against malicious bots. They can skew analytics and marketing functions, which can lead to clouded decision-making and have an overall major negative impact on a business. But knowing the latest automated threats is the first step to getting ahead of them. 

Join us to learn about the real-world impact of the OWASP’s Automated Threats. We’ll dive into real automated attacks and how to protect your infrastructure with F5. We’ll also highlight the takeaways from those scenarios and how to use them to shape a foundational security posture in an era of digital transformation. 

In this webinar, you'll learn:
-  Real-life case studies of automated attacks security-bot
-  The top malicious automation threats used to conduct fraud security-site-skull-code
-  The bot protection solutions that detect, block, and protect against these attacks security-firewall-shield

Applying Lessons from the OWASP Automated Threats Project

Organizations often move fast in developing their digital footprints – often before they’ve chosen the best platform for their application services. In their quest to offer more focused functions across multiple applications in a micro-service architecture, they also create a fragmented environment that makes it impossible to manage and secure the services and provide efficient operations. If you’re dealing with this, you’re not alone.

Join the F5 Distributed Cloud team to break down the truth of multi-cloud networking. We'll highlight the multiple traffic flows observed by a common enterprise today and show you how F5 Distributed Cloud Services can solve traffic flow challenges in a multi-cloud, multi-cluster, multi-service application delivery and security environment.

In this webinar, we’ll cover:
-  The benefits of proxy architectures for a multi-cloud environment 
-  Exposing a service between Kubernetes clusters no matter the cluster flavors 
-  Legacy on-prem application and service availability to cloud/cluster
-  The ins and outs of cloud-to-cloud networking and cloud-native service to another cloud

Multi-Cloud Networking Traffic Flow Challenges

If your organization is like most, you’re shifting your cloud strategy to a multi-cloud environment and adopting more containers, microservices, and cloud-native technologies. Unfortunately, this can leave you with an incomplete view of how they’re performing. And without dedicated resources focused on securing and monitoring, your clusters are prone to errors, breaches, or worse.
Don’t leave security as an afterthought; the risk is simply too high. Fortunately, it doesn’t have to be hard.

Join us to learn how F5 Distributed Cloud solutions give you the power to focus on developing applications, as well as correlate real-time analytics with cloud infrastructure and end-user experience. You’ll also get to know our core Container-as-a-Service offerings.

In this webinar, we'll cover:
-  Getting visibility into Kubernetes components and CI/CD pipelines
-  Tapping into automatic discovery of Kubernetes workloads
-  Securing multi-cloud environments at scale - Leveraging generic compute in a scalable API-driven design

Adopting Container-as-a-Service for Hybrid Cloud Security

As defenders, we increasingly look to automation and machine learning to detect attacks and tune our defences. But we’re not alone. Organised crime constantly develops their capabilities and continuously looks for ways to attack applications without being detected. Automation plays a huge part in this. This talk uncovers the modern automated methods which attackers are using to bypass CAPTCHAs, multi-factor authentication, client finger printing, and bot detection systems. We will explain the methods they use and take you through some real attack stories so that you will better understand the capabilities of organized threat actors.   

Key Learning Objectives: 
 1. The tools and techniques attackers are using to bypass bot detection 2. Examples of real bot attack stories 3. Recommended methods for detecting and dealing with heavily automated attacks

Attacker Automation: How Bots Are Evading Your Defenses For Fraud And Profit

As modern applications grow more complex with multi-cloud environments, it becomes more challenging to deliver security and gain access to an application’s component parts. But adopting agile and flexible security services can give you the power you need to meet these challenges.

Join us for this webinar, where we’ll show how F5 Distributed Cloud provides API-first driven security delivery that can support multiple deployment models wherever modern applications are hosted. Whether they’re delivered from public cloud service providers, private cloud datacenters or remote sites, or within Kubernetes cluster frameworks, F5 Distributed Cloud extends and secures those applications consistently, while offering critical observability and visibility.

In this webinar, you’ll learn: 
-  Key observations of modern application deployments 
-  How F5 Distributed Cloud helps secure modern application deployments
-  Critical security configurations from client to application

Securing the Modern Application Framework

In this short demo series we’re going to bring our Fraud Solutions to life by taking you along on our Journey to showcase how F5 secures organizations against fraud using our multi-method approach. In part 4 of our F5 Distributed Cloud Fraud Solutions demo series we’ll move into the fourth phase of our Fraud Solution as we identify returning good users and securely enable trust across the entire customer journey, reducing friction and enhancing the customer experience.

Part 4: Are you who you say you are? F5’s Distributed Cloud Fraud Solutions

In this demo series we’re going to bring our Fraud Solutions to life by taking you along on our Journey to showcase how F5 secures organizations against fraud using our multi-method approach. In part 3 of our F5 Distributed Cloud Fraud Solutions demo series we’ll move into the third phase of our Fraud Solution as we monitor each transaction inside of our application to determine the intent and level of fraud risk

Part 3: Are you a Fraudster? Check with F5 Distributed Cloud Fraud Solutions

Are you Human? Combating Malicious Automation with F5's Distributed Cloud Fraud Solutions. 

In this demo series we’re going to bring our Fraud Solutions to life by taking you along on our Journey to showcase how F5 secures organizations against fraud using our multi-method approach. In part 2 of our F5 Distributed Cloud Fraud Solutions demo series we’ll move into the second phase of our Fraud Solution and block the Bots that lead to fraud by eliminating the Malicious Automation.

Part 2: Are you Human? Combating Malicious Automation

Security in the Hybrid, Multi-Cloud Digital World

"You can't protect what you can't see" and "it takes a village" are familiar expressions within security and risk teams. Visibility and policy enforcement are fundamental pillars in cybersecurity and critical components within a holistic API security strategy. But the existing landscape complicates those efforts.

Why? Architecture is becoming de-centralized and distributed, transforming apps into a digital fabric of business logic interconnected by APIs. Yet the enterprise catalog continues to be powered by a mix of legacy and modern apps across data centers, clouds, and at the edge. This hybrid, multi-cloud digital world introduces major risks driven by third-party integrations, inconsistent security controls across cloud providers, and continuous code updates across complex software supply chains and CI/CD pipelines.

So how can you secure APIs in this modern digital fabric? Well, it takes a village.

In this webinar, we’ll cover:
-  The challenges of API security in a hybrid, multi-cloud digital world
-  How to get a handle on API and tool sprawl
-  Specific API security challenges and best practices for financial services
-  Expert insights on trends and solutions for API security

API Security Challenges and Best Practices

APIs

Security Breach

CICD

Supply Chain

Cloud Applications

Multi Cloud

Financial Services

Digital Transformation

Threat Landscape

Cyber Security

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

The storage community on BrightTALK is made up of thousands of storage and IT professionals. Find relevant webinars and videos on storage architecture, cloud storage, storage virtualization and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Storage

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

API Security Challenges and Best Practices

Presented by

About this talk

More from this channel