Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
雲端時代企業應用的安全與挑戰
© F5 Networks, Inc 2
A different approach to Application Security
APPLICATION ACCESS APPLICATION PROTECTION
Protecting your most critical business assets
© F5 Networks, Inc 3
Remote
Access
SSL
Inspection
Network
Firewall
Enterprise
Mobility Gateway
Secure Web
Gateway
Traffic
Management
DDoS
Protection
Web Fraud
Protection
Web App
Firewall
Access
Federation
App Access
Management
DNS
Security
F5’s Comprehensive Security Solutions
Web Fraud
Protection
SSL VPN App
Delivery
Network Firewall Web App
Firewall
SSL
Inspection
Cloud-Based
DDoS Protection Network DDoS
Protection
APPLICATION ACCESS APPLICATION PROTECTION
Cloud-Based
WAF
© F5 Networks, Inc 4
Comprehensive Application Security Solutions
Protecting your applications
regardless of where they live
Securing access from
any user on any device
AP
PL
ICA
TIO
N A
CC
ES
S
Enterprise Mobility Gateway
Access Federation
Remote Access
App Access Management
Secure Web Gateway
AP
PL
ICA
TIO
N P
RO
TE
CT
ION
IP Intelligence
Web Fraud Protection
Hybrid WAF
SSL Inspection
DDoS Protection
DNS Security
Network Firewall
Private, Public Cloud & On-Premise DC
Silverline
Strongest set of application
security controls that reduce risk
Applications run today’s world.
EXPERIENCE
DevOps – Mode 2
NetOps/SecOps – Mode 1,
Adopting Mode 2
Private Cloud
MSP
Applications
Private Cloud
Corporate Datacenter
Silverline
DDoS
BIG-IP iSeries
© F5 Networks, Inc 14
The traditional approach to security is inadequate. Blind, inflexible point solutions
© F5 Networks, Inc 15
Client/Server
Centralized
Apps
1995
40M
20K
Internet Applications
Data
Confidentiality
2000
400M
9.5M
HTML
JAVA SSL
SOAP
Mobile Devices
Mobility Malware
Threats
2005
1B
58M
Public Cloud
Website
Availability Threats
2B
207M
2010
Hybrid Cloud
Blended
Attacks
3.2B
1B
2015
XML
FLASH
VOIP
SAML
AJAX
MOBILE
VIDEO
HTML 5 ITIL
HYPERVISOR
SDN/ SDS
DEVOPS
IPV6
CONTAINERS
NANO/
MICRO
IOT
MACHINE LEARNING
The Evolution of the Application
© F5 Networks, Inc 16
Data Centers & Offices
Security
Threats/Attack
s
SSL
Global Load
Balancing
Local Load
Balancing
Cloud
Security and
Access
LT
M
AP
M
PE
M
Physical Legacy Infrastructure
Hacktivism
INTERNET
AWS
AZURE
…
DN
S
AF
M
AS
M On P
rem
ises D
ata
Cente
r
Business Function
Business Function
Public Clouds
Cloud Adoption
Private Cloud Network virtualization
? Cloud
Migration
© F5 Networks, Inc 17
Data Centers & Offices
Private Cloud
Security
Threats/Attack
s
SSL
Global Load
Balancing
Local Load
Balancing
Cloud
Security and
Access
LT
M
AP
M
PE
M
Business Function
Business Function
Physical Legacy Infrastructure
Hacktivism
? DN
S
AF
M
AS
M
INTERNET
Cloud Migration
Cloud Integration
Public Clouds/Managed Private Clouds
Silverline
Hybrid Cloud Challenges
? Cloud
Migration Network virtualization
Network virtualization
Consistent
and Secure
Application
Delivery
Platform
?
?
On P
rem
ises D
ata
Cente
r
F5 Agility 2015 18
Application Threats Increase Challenges and Complexity
© F5 Networks, Inc 19
LET’S TALK
ABOUT
SECURITY.
© F5 Networks, Inc 20
Unpredictable
Inconsistent Inconvienent
?
?
?
LET’S TALK
ABOUT
SECURITY.
Slow Expensive
© F5 Networks, Inc 21
A labyrinth of security measures applied with little
to no context, consistency, or coordination.
TIC
KE
TIN
G
G IANT SECURIT Y LINE
ID/PASSPORT CHECK
PAT DOWN
X-RAY
BODY SCAN
SWAB
GATE TICKET SCAN
F5 Agility 2015 22
Important Trends in Threat Vectors
WhiteHat Security
Statistics Report 2015
WhiteHat Security
Statistics Report 2015
Threat Brief Report, Webroot,
May 2015
Symantec Internet
Security Report 2014
© F5 Networks, Inc 23
50B Connected
Devices
Worldwide by
2020
6B Connected
Devices
2013
2020 2013 2018 2016
The Driving Force behind Device-Based Network and App Congestion
Application Attacks Hurt Your Business
Damages brand reputation.
Results in significant downtime and revenue loss.
Compromises sensitive enterprise, employee, and customer data.
Breaches compliance required to conduct business online.
© F5 Networks, Inc 25
© F5 Networks, Inc 26
© F5 Networks, Inc 27
© F5 Networks, Inc 28
Botnet Online shop
© F5 Networks, Inc 29
© F5 Networks, Inc 30
• TOR is a system enabling its users to communicate securely & anonymously on the Internet.
• TOR is free and can be installed in seconds • Very difficult to trace user traffic
• Often used nefariously…..but it is not inherently malicious. • “Anonymous” and Encrypted Gateway to the Deep and Dark Web
HTTP/HTTPS
Secured
Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM Leveraging
browser
application
behavior • Caching content,
disk cookies, history
• Add-ons, plug-ins
Manipulating user
actions: • Social engineering
• Weak browser settings
• Malicious data theft
• Inadvertent data loss
Embedding
malware: • Browser Keyloggers
• Framegrabbers
• Data miners
• MITB/MITM
• Phishers/Pharmers
Hmmmm… Customer Browser
Zero Trust
F5 Agility 2015 34
• DDoS attack before giant data breach
• 2.4M customers’ data stolen from web app attack
• More commonplace threat for Internet-connected businesses—especially those that house sensitive data (such as credit cards or personal information).
• Investment at network layer
• Many attacks at app layer
The Hybrid Threat
• Carphone Warehouse Breach with a DDoS Smoke Screen
Freedom To Deploy Any Cloud Application
Cloud Portability
Consistent Policies
F5 Grade Security
Visibility
Lowest TCO
Freedom