Embed Size (px)
Citation preview
F5 App-Centric Security: Vision, Strategy, and RoadmapJon Kuhn Security Product Management Team
© 2016 F5 Networks
Applications Drive Innovation and Massive Growth in Data…
3
© 2016 F5 Networks
Applications Drive Innovation and Massive Growth in Data…
3
THE NEW NORMAL
IP devices to 24B in 2019
16B
people can access apps via internet
3.2B
SmartDevice
TabletSmartPhone
© 2016 F5 Networks
APPLICATIONS KNOW NO BOUNDARY
Internet applications
Data center applications
Applications Drive Innovation and Massive Growth in Data…
3
THE NEW NORMAL
IP devices to 24B in 2019
16B
people can access apps via internet
3.2B
SmartDevice
TabletSmartPhone
© 2016 F5 Networks
EVOLUTION OF APPLICATIONS
hybrid cloud applications in 2015
1B
APPLICATIONS KNOW NO BOUNDARY
Internet applications
Data center applications
Applications Drive Innovation and Massive Growth in Data…
3
THE NEW NORMAL
IP devices to 24B in 2019
16B
people can access apps via internet
3.2B
SmartDevice
TabletSmartPhone
© 2016 F5 Networks
EVOLUTION OF APPLICATIONS
hybrid cloud applications in 2015
1B
DATA IS EVERYWHERE
data consumption in the world
44ZB
APPLICATIONS KNOW NO BOUNDARY
Internet applications
Data center applications
Applications Drive Innovation and Massive Growth in Data…
3
THE NEW NORMAL
IP devices to 24B in 2019
16B
people can access apps via internet
3.2B
SmartDevice
TabletSmartPhone
© 2016 F5 Networks
…Resulting in an Unprecedented Increase in Attacks
4
© 2016 F5 Networks
…Resulting in an Unprecedented Increase in Attacks
4
Source: Based on aggregated data from IT Business Edge, Krebs on Security, Security Week, and CSO Online
12% OTHER
16% HUMAN ELEMENT
28% COMPROMISED
IDENTITIES
44% VULNERABLE
APPS
1.2BCOMPROMISED
RECORDS SINCE 2014
514MPERSONAL
PROFILES STOLEN
$270MCREDIT CARD FRAUD IN 2015
$15MAVERAGE COST OF AN ATTACK
46AVERAGE DAYS TO
RESOLVE AN ATTACK
© 2016 F5 Networks
Perimeter Security
Security Investments Are Completely Misaligned with Reality
5
© 2016 F5 Networks
Perimeter Security
25% 90%
OF ATTACKS ARE FOCUSED HERE
OF SECURITY INVESTMENT
Security Investments Are Completely Misaligned with Reality
5
© 2016 F5 Networks
Perimeter Security Identity & Application Security
25% 90% 72% 10%
OF ATTACKS ARE FOCUSED HERE
OF SECURITY INVESTMENT
OF ATTACKS ARE FOCUSED HERE
OF SECURITY INVESTMENT
Security Investments Are Completely Misaligned with Reality
5
© 2016 F5 Networks
PERIMETER SECURITY
Traditionally, Data Was Secure Inside the Perimeter
6
IPSFirewallDLPAUTHORIZED USERS UNKNOWN USERS MALICIOUS USERS
AUTHORIZED USER
MANAGED DEVICES APPS DATA
© 2016 F5 Networks
The Perimeter Has Dissolved…
7
…and Zero Trust Must Reign
PERIMETER SECURITY
© 2016 F5 Networks
The Perimeter Has Dissolved…
7
ZERO TRUST
…and Zero Trust Must Reign
Private
SaaS
Public
© 2016 F5 Networks
Cloud Apps and Mobility Have Changed the Game
8
Private
SaaS
Public
© 2016 F5 Networks
Cloud Apps and Mobility Have Changed the Game
8
3.2 billion unknown users7.4 billion unsecured devices
1 billionapplications
44 ZB of data by 2020
Private
SaaS
Public
© 2016 F5 Networks
Today’s RequirementProtect Identities, Apps, and Data
9
Private
SaaS
Public
© 2016 F5 Networks
Today’s RequirementProtect Identities, Apps, and Data
9
Private
SaaS
Public
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
10
Private
SaaS
Public
PROTECT APPLICATIONS Safeguard your apps, regardless of where they live
PROTECT ACCESS AND IDENTITY Enable secure access for any user on any device
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
11
SSL Inspection and Interception
Private
SaaS
Public
Secure Web Gateway
Identity FederationRemote Access
App Access ManagementEnterprise Mobility GatewayWAF DDoS Protection Web Fraud Protection
Carrier Class Firewall IP Intelligence DNS Security
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
12
SSL Inspection and Interception
F5 SilverlineVirtual Edition Purpose-Built Hardware
Private
SaaS
Public
Secure Web Gateway
Identity FederationRemote Access
App Access ManagementEnterprise Mobility GatewayWAF DDoS Protection Web Fraud Protection
Carrier Class Firewall IP Intelligence DNS Security
© 2016 F5 Networks 13
© 2016 F5 Networks
FY16 Security Roadmap
14
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
15
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
15
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
F5 in top 3 recommended
vendors by NSS
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
16
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
17
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
18
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
19
Cross-Product Roadmap Security Intelligence Risk Engine Visibility and Analytics BIG-IQ Centralized Management
Advancements
© 2016 F5 Networks
SSL Intercept
DDoS Protection
Carrier Class FW
Identity and Access Anti-Fraud WAF
Competitors
F5 Strategy Trojan horse through SSL visibility
Single vendor for hybrid DDoS
protection
Laser focus on GiFW and DC use cases
for SP
Retain leadership in SSL-VPN and expand
into IAM
Leverage position as a WAF player to deploy
Anti-Fraud
Drive market share leveraging hybrid WAF
F5 Advantage Undisputed leader in proxy tech., scale
Largest DDoS vector spectrum, hybrid, and
L7 capabilities
Best scale and price performance
Consolidated access across applications Clientless approach
99.89% security effectiveness and
lowest TCO
Market/TAM 500M 12% CAGR 765M 16% CAGR 1B 12% CAGR 5.7B 8% Growth 380M 15% CAGR 580M 19% CAGR
RoadmapEnhanced service
chaining, risk integration
Behavioral, analytics, out of band,
reporting, management
Addl. protocols, Volte, new compiler
enhancements
SSO/Fed protocols, app provisioning,
adaptive auth.
Improve malware detection, ease of
configuration
Transparent mode,improved context, risk
engine, simplified deployment
FY16 Security Roadmap
20
Cross-Product Roadmap Risk Engine Visibility and Analytics BIG-IQ Advancements
© 2016 F5 Networks
Vision and Roadmap for Application Access
21
© 2016 F5 Networks
• New cloud app access and auth. use cases (Oauth)
• Client: increase OS/browser support, less support issues
• BIG-IQ Centralized Management for central management
• Introduction of SSL Intercept
FALL 2016 Evolving Our Identity Bridge
• Consolidated dashboard for provisioned applications
• Integrated login protection to protect against credential stealing
• Evolve BIG-IQ Centralized Management: policy editing, HA, and reporting
PHASE 2 Simplified Access Management
• Single point of visibility, risk scoring, and control for cloud/on-premises app access
• Integrate user behavioral analytics (risk engine), service chaining decisions, and the analytics
• CASB API approach to protecting data and compliance for the use of apps
PHASE 3 Risk-Based Cloud Access
Vision and Roadmap for Application Access
21
© 2016 F5 Networks
• Improved firewall robustness: NAT, compiler opt, SSH proxy
• Simplify policy, improve security with web sockets
• Improving fingerprinting and DDoS efficacy
• BIG-IQ Centralized Management: scale and configuration support
FALL 2016 Evolving Our Identity Bridge
• App-centric policy management
• Improved context around user authentication, endpoint type, posture, behavior—human or a bot
• Improved visibility and threat event reporting
• Introduce risk engine to develop a risk score
PHASE 2 Simplified Access Management
• Evolved risk-aware, app-attached policy and workloads
• Fully evolved dynamic service chaining with large ecosystem of third-party vendors
• Shared intelligence across customers
• Matured centralized visibility and analytics
PHASE 3 Risk-Based Cloud Access
Vision and Roadmap for Application Protection
22
© 2016 F5 Networks
• Improved firewall robustness: NAT, compiler opt, SSH proxy
• Simplify policy, improve security with web sockets
• Improving fingerprinting and DDoS efficacy
• BIG-IQ Centralized Management: scale and configuration support
FALL 2016 Evolving Our Identity Bridge
• App-centric policy management
• Improved context around user authentication, endpoint type, posture, behavior—human or a bot
• Improved visibility and threat event reporting
• Introduce risk engine to develop a risk score
PHASE 2 Simplified Access Management
• Evolved risk-aware, app-attached policy and workloads
• Fully evolved dynamic service chaining with large ecosystem of third-party vendors
• Shared intelligence across customers
• Matured centralized visibility and analytics
PHASE 3 Risk-Based Cloud Access
Vision and Roadmap for Application Protection
22
Purpose-Built Initiative
© 2016 F5 Networks
Purpose-Built: Company-Wide Focus on the Security Buyer
24
CHIEF INFORMATION SECURITY OFFICER (CISO)
SECURITYARCHITECT
SECURITYENGINEER
© 2016 F5 Networks
Purpose-Built: Company-Wide Focus on the Security Buyer
24
CHIEF INFORMATION SECURITY OFFICER (CISO)
SECURITYARCHITECT
SECURITYENGINEERPURPOSE-BUILT PARTNERSHIPS
PURPOSE-BUILT SECURITY PRODUCTS
PURPOSE-BUILT SELLING
PURPOSE-BUILT MARKETING
F5 LABS SECURITY RESEARCH
© 2016 F5 Networks
Purpose-Built Guidelines
25
© 2016 F5 Networks
• Meaningful market opportunity
• Long term investment for success
Market Opportunity
• Leveraging state-of-the-art new hardware
• New look and feel
New Hardware
• Simplified setup and configuration
• Align UI with security buyers
User Experience
Purpose-Built Guidelines
25
© 2016 F5 Networks
Hybrid DDoS
Purpose-Built Products
26
Carrier-class FWSSL Intercept
All-in-one appliance solution designed to provide
increased visibility into encrypted traffic
Comprehensive DDoS protection, tightly-integrated
on-premises and cloud
Network firewall across SP-specific Gi and DC FW use cases
© 2016 F5 Networks
Hybrid DDoS
Purpose-Built Products
26
Carrier-class FWSSL Intercept
All-in-one appliance solution designed to provide
increased visibility into encrypted traffic
Comprehensive DDoS protection, tightly-integrated
on-premises and cloud
Network firewall across SP-specific Gi and DC FW use cases
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
27
Private
SaaS
Public
PROTECT APPLICATIONS Safeguard your apps, regardless of where they live
PROTECT ACCESS AND IDENTITY Enable secure access for any user on any device
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
27
Private
SaaS
Public
PROTECT APPLICATIONS Safeguard your apps, regardless of where they live
PROTECT ACCESS AND IDENTITY Enable secure access for any user on any device
F5 IDENTITY AND ACCESS MANAGEMENT
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
28
Private
SaaS
Public
PROTECT APPLICATIONS Safeguard your apps, regardless of where they live
PROTECT ACCESS AND IDENTITY Enable secure access for any user on any device
© 2016 F5 Networks
F5 APPLICATION PROTECTIONF5 IDENTITY AND ACCESS MANAGEMENT
F5’s Access, Identity, and App Protection Solutions
28
Private
SaaS
Public
PROTECT APPLICATIONS Safeguard your apps, regardless of where they live
PROTECT ACCESS AND IDENTITY Enable secure access for any user on any device
F5 APPLICATION PROTECTION
• Add class to your personal schedule.
• Survey will pop up in Mobile App. • Answer the multiple choice. • Submit your question to complete. • Receive 5 points!
Give Feedback – Get Points!
