Name: What is a WAAP? Brightboard Lesson
Start: 2023-06-01T18:00:00Z
End: 2023-06-01T18:00:06.000Z
Location: BrightTALK
Rating: 5

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life.​​​​​​​ F5 partners with the world’s largest, most advanced organizations to secure and optimize every app and API anywhere—on premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats. For more information, go to f5.com. 



Join F5 Labs threat researcher Sander Vinberg for the latest vulnerability intelligence from F5 Labs. This talk will begin at the tactical level by exploring CVE targeting trends, including a recent focus on IoT devices. Sander will also cover the Exploit Prediction Scoring System, an open-source ML system for forecasting vulnerability exploitation.

We will unpack how the system works, how F5 contributes to it, and how best to use it to provide insight into your own vulnerabilities and risks. The talk will conclude with an examination of the long-term future of vulnerability management, referencing selected findings from a recent report on the evolving CVE landscape.

Through this talk, attendees will learn:

-  Which vulnerabilities attackers are prioritizing in 2022 and early 2023
-  Features, strengths, and weaknesses of the Exploit Prediction Scoring System
-  How changes to vulnerability publication may impact the future of the CVE system

Vulnerability Intelligence: Near Past and Distant Future

5G is rewriting the rules of orchestration and connectivity by moving into Kubernetes. However, user plane functions performing service chaining can consume resources, increase bandwidth needs, and negatively impact cost.

During this session we will demonstrate how to use the F5 BIG-IP Next SPK telco gateway together with the CNF Solutions for Red Hat OpenShift. This novel approach unifies SBA across networking vendors while increasing 5G user plane performance and flexibility.

PT3: Increase 5G User Plane Performance with F5 and Red Hat OpenShift

Enterprises use microservices and containers to develop applications that scale across multi-cluster environments. These distributed multi-cluster architectures create complexity due to limited visibility that can increase risks to security and performance. 

Our demonstration will show how F5 Container Ingress Controller for Red Hat OpenShift can deliver highly scalable, declarative administration of F5 BIG-IP to improve app development and performance with visibility into OpenShift app health.

PT 2: Scale Red Hat OpenShift Deployments with F5 Container Ingress Services

Event driven security offers an innovative approach to addressing today’s sophisticated threat landscape. Real-time event monitoring and automation can identify and respond to potential threats proactively – before they can cause damage.
During this session, we will explore the key concepts of event driven security, its benefits, including improved efficiency and response time, and how to overcome challenges. We will also show a security-focused demo using F5 and Event-Driven Ansible.

PT1:  Event-Driven Automation and Security with F5 and Red Hat Ansible

In this Roundtable, F5 and Microsoft will discuss the following:
-  How to better secure your Azure AKS clusters with NGINX Plus Ingress Controller and NGINX App Protect WAF & DoS.
-  Leverage NGINX Plus Ingress Controller Open ID Connect (OIDC) / JSON Web Tokens (JWT) for authentication in AKS.
-  Improve resiliency and scalability in AKS and support self-service (RBAC) with NGINX Plus Ingress Controller.

As the industry continues to “shift left” when it comes to security, having security running at more levels of your infrastructure is increasingly important. In this discussion, the Microsoft and F5 NGINX teams will talk about how you can improve your security posture by leveraging NGINX Plus Ingress Controller and App Protect in your AKS environment.

Security is essential in your infrastructure and your home – and we’d like to help with both.

Microsoft & F5 : Securing Kubernetes in Azure with AKS & F5 NGINX

F5's SaaS services delivery platform, F5 Distributed Cloud, has expanded. We'll answer common customer questions like: How does this SaaS platform work with other F5 products and services? What best practices help securely deliver my applications? And we'll look at how pairing F5 Distributed Cloud Services with your existing security services can help you become an application security hero in your organization.

In this session, we will: 
-  Explore application security features with F5 Distributed Cloud to accelerate security delivery and embrace operational consistency.
-  Cover key security practices that should be in every application delivery scenario.
-  How can operations be maintained, the true test of sustained security.

Becoming an Application Security Hero with F5 Distributed Cloud Services

As organizations increasingly adopt hybrid architectures and microservices, the number of APIs utilized within their ecosystems continues to grow at an exponential rate. This phenomenon, known as API sprawl, poses significant challenges in terms of security, governance, and efficiency. But of them all, API security might require the most urgent response. 

For organizations trying to secure their APIs, multi-cloud complexity and difficulty enforcing consistent security top the list of challenges according to F5’s State of Application Strategy Report (2023). To address API sprawl, organizations need to adopt a more holistic app and API security strategy for their organization including components that deliver runtime protection, posture management, and help integrate security and code testing earlier in the software development lifecycle. 
 
Join the conversation to hear Joshua Haslett, Ian Dinno, and David Remington's answers to hard-hitting questions about API sprawl, management and security.

Untangling APIs: Addressing Sprawl and Securing Your Digital Ecosystem

Whether an application is hosted in one or more locations, is migrating, or has advanced delivery and security needs, it's crucial to provide effective and consistent security. Fortunately, application owners can use the F5 Distributed Cloud Platform and portfolio of services to engage multi-cloud networking for on-premises and cloud-based application deployments to provide consistent security operations.

In this session, we will: 
 -  Explore F5 Distributed Cloud’s Multi-Cloud Networking functionality for secure delivery of applications wherever they are hosted. 
-  Show consistent deployment and operations of application security across Public Cloud and/or Private Cloud/Data Center.
-  Reviewing layered security deployment architectures with the F5 portfolio solutions like BIG-IP and NGINX designs.

Protect Apps Anywhere with F5 Distributed Cloud Services

Join F5 experts to learn how to gain the observability, security, and agility you need to compete in a complex hybrid and multi-cloud digital world.

Apps and APIs span every generation of architecture—from monoliths to microservices and from client-server to mobile—across data centers, clouds, and at the edge. Organizations strive to achieve digital resiliency, yet 9 out of 10 companies that operate in multi-cloud environments are struggling to maintain a consistent security posture.

In this webinar, you'll learn:

-  The challenges of securing the enterprise architecture for digital business.
-  How the right solutions protect all apps and APIs—legacy and modern— from core to cloud to edge.
-  Best practices for deploying comprehensive protection and consistent security that unleashes innovation and digital velocity.

Application Security for a Hybrid and Multi-Cloud Digital World

As application development continues to advance, API frameworks must evolve to meet the increased security burden placed upon them. API security includes the rules, protections, and controls used to secure them as well as the essential observability and visibility provided through discovery. Together, API security and discovery accelerate development and delivery of services. 

In this session, we will:
-  Explore F5 Distributed Cloud's API Discovery functionality and ability to drive learning and visibility of discovered, inventories, and shadow APls.
-  Apply API security protections delivered at the edge and securely deliver endpoints while understanding their delivery.
-  Layer complimenting security strategies like Malicious User Detection and Mitigation, Bot Strategies, and other Service policy services to protect APls.

Discover, Monitor & Mitigate API Threats with F5 Distributed Cloud Services

Recent breaches have exposed everything from your credit score to your age, gender, and even how often you work out. Worst of all, in a recent breach, unprotected APIs (Application Programming Interfaces) have exposed the personally identifiable information and login credentials of 37 million people. Given the sensitive nature of the data that can be exposed by unprotected APIs, the need for effective security cannot be stressed enough. 

Join our webinar to learn from F5 security experts why it is imperative for organizations to address security threats to consumers and business — and the steps you can take to get started. You will hear real stories about security challenges, followed by a demo showing what shadow APIs are and look like and how to interact with them, and more.  

In this webinar, you will learn about:

-  The best ways to incorporate security controls. 
-  API discovery and API protection rules.
-  Swagger file generation through discovery and import.
-  Rate limiting based on the API inventory that gets created.

API Discovery, Inventory, and Security Webinar

APIs have become one of cybercriminals’ favorite vectors for account takeover attacks. Credential stuffing, business logic abuse, and DDoS attacks are just some of the malicious automated bot attacks deployed to take over accounts and perpetrate identity theft and fraud. 

Readily available scripts and tools make orchestrating API attacks easier than ever, and legacy bot defense techniques struggle to detect these potentially devastating incursions. Thus, it’s no surprise that, according to recent Google Cloud research, 50% of organizations experienced an API security incident in the past 12 months.
 
With such a dire threat via APIs negatively impacting user data and the bottom line, F5 and Google Cloud are hosting a panel discussion to answer your pressing questions about API security and tactics. 

Join the conversation to hear F5’s Vice President, Security, Angel Grant’s answers to hard-hitting questions about account takeover attacks and API security. 

Join the webinar to see Angel on the API security hot seat and learn: 

-  What’s the current threat landscape targeting APIs 
-  How exploits in API business logic can lead to fraud 
-  Defense tactics against API injections 
-  How to mitigate potential brand and reputational damage 
-  Why legacy bot detection techniques have become ineffective 
-  How to best decern between good and bad traffic – both human and bot 

Learn more, register today

Thwart the Account Takeover Menace – Join the API Security Conversation

Attackers will repackage mobile apps, inject malware, hooking frameworks, and perform overlay attacks to cause security breaches, data leaks, and gain privileged access. Once a mobile app is controlled or hijacked, attackers can attack your server-side applications using automated attacks. They will also steal sensitive data that resides in your mobile apps, such as customer credentials, API keys, and intellectual property. You are on the hook for rigorous compliance standards for privacy (ex: GDPR, CCPA), payments (ex: EMVCo SBMP, PCI, & PSD2), and health records (HIPAA). 

Part of picking the right infrastructure is knowing you can extend secure experiences to mobile applications. With intellectual property and sensitive information flowing through these mobile apps, it’s important to understand the risk and what you can do to make this a safe channel for your business. 

You’ll also learn more about F5’s new mobile app security solution which can help you reduce security risk and meet compliance. Join the conversation and see how mobile application security can be a bigger part of your secure application vision.

Stop Bad Actors From Attacking Your Mobile Apps

While security and operations teams care deeply about their ability to deliver the best experience possible for their customers while enhancing operational efficiencies, there is plenty left for the board and the executive staff to consider when it comes to bots and automated attacks.

Join Joshua Haslett, Strategic Technology Partner Manager at Google Cloud, and Jim Downey, Cybersecurity Evangelist at F5, for an in-depth conversation to help crack the code on “bot economics” so you can learn how to:

• Calculate financial revenue and reputation costs
• Identify and control operational expenses
• Develop a cost/benefit analysis for bot mitigation
• Prepare for that much-needed business conversation with key stakeholders

F5 Distributed Cloud Bot Defense for Google Cloud enables frictionless security that complements performance, automation, and insight to deliver and scale the application experience. Join the conversation to determine the economic impact of bots on your business so you can demonstrate to the board that the top and bottom lines are safe from bot-generated compromise.

Bots to Board Room: The Often-Missed Economic Impact of Bots

Organizations are increasingly deploying workloads across multiple diverse environments and application architectures. This creates a critical need to protect organizations’ essential applications no matter what their deployment or architecture – and with flexibility and speed.

Join our webinar to learn how the F5 Web Application Firewall (WAF) portfolio, paired with DevSecOps principles, enables organizations to deploy and maintain industry-leading security without sacrificing the time to value their applications. Our 15-minute demo will show you how you can accomplish this with multiple WAF options that allow you to deploy a hybrid architecture.

In this webinar, you’ll learn how:

-  Edge architecture can coexist with shift left practices
-  A strong security model can provide flexibility
-  F5-supported APIs and tooling paired with DevSecOps practices make it all possible

Shift Left and Edge Security with DevSecOps and F5

Dealing with multiple applications in a micro-service architecture means you’re probably contending with a fragmented environment that’s nearly impossible to manage, secure, and operate efficiently.  
In this follow-up to webinar Multi-Cloud Networking Traffic Flow Challenges, we’ll show you what multiple traffic flows look like for a common enterprise and how to solve its traffic flow issues. We’ll also demonstrate the benefits of – and how to configure – proxy architectures for a multi-cloud environment.

Part 3 of 3: Implement a Multi-Cloud Strategy to Manage Traffic Flow

As you move your cloud strategy to a multi-cloud environment, you may be losing visibility into how your various containers, microservices, and technologies are performing. And possibly leaving your systems open to errors, breaches, and attacks. 

In this follow-up to webinar Adopting Container-as-a-Service for Hybrid Cloud Security, this demonstration will walk you through getting visibility into Kubernetes components, tapping into automatic discovery of Kubernetes workloads, and securing multi-cloud environments at scale.

Part 2 of 3: Solving Hybrid Cloud Security with Container-as-a-Service

More companies are pushing their applications further toward the customer for performance gains, but those gains come with a price – like latency, offload compute, high availability, and more. For any organization, moving applications to the edge is a journey. You can shape that journey by tapping into solutions that offer more reliability, less latency, real-time data analytics, and better performance.

Join us to learn the benefits – and challenges – of moving applications to the edge. We’ll also offer some real-life use cases of applications being hosted at the edge – including examples of remote securing and updating of ATMs and retail kiosks – and show you how F5 can help at each step in that journey.

In this webinar, you'll learn:
-  Solid strategies for moving apps to the edge
-  How to get a unified security policy across your network
-  How to seamlessly connect your applications

Deploying, Delivering, Operating and Securing Applications at the Edge

So, what is WAAP? It is an evolution of the WAF, conceptually and it stands for Web Application & API Protection (WAAP). It is similar to WAF in that the primary focus is to defend against layer 7 attacks - slowloris, brute force, L7 DOS, etc. - and also to provide protocol enforcement at layer 4. Another similarity is that both WAF and WAAP focus on the OWASP Top 10 as a framework for development. The glaring difference between the two is the necessitated inclusion of the OWASP Top 10 for APIs, as it is estimated that some 80% of the internet's traffic is now API related. WAAP has an understood bot defense component, as well. In the days of WAF, this was not as prevalent, but I think we all know that bot traffic is nothing short of explosive these days. 

Join this 6 min on-demand session to learn What is a WAAP?

What is a WAAP? Brightboard Lesson

Application Delivery

Cloud Applications

Cloud Adoption

Cloud Architecture

Multi Cloud

Hybrid Cloud

DevOps

Security

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

The storage community on BrightTALK is made up of thousands of storage and IT professionals. Find relevant webinars and videos on storage architecture, cloud storage, storage virtualization and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Storage

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

What is a WAAP? Brightboard Lesson

Presented by

About this talk

More from this channel