雲端時代企業應用的安全與挑戰

© F5 Networks, Inc 2

A different approach to Application Security

APPLICATION ACCESS APPLICATION PROTECTION

Protecting your most critical business assets

© F5 Networks, Inc 3

Remote

Access

SSL

Inspection

Network

Firewall

Enterprise

Mobility Gateway

Secure Web

Gateway

Traffic

Management

DDoS

Protection

Web Fraud

Protection

Web App

Firewall

Access

Federation

App Access

Management

DNS

Security

F5’s Comprehensive Security Solutions

Web Fraud

Protection

SSL VPN App

Delivery

Network Firewall Web App

Firewall

SSL

Inspection

Cloud-Based

DDoS Protection Network DDoS

Protection

APPLICATION ACCESS APPLICATION PROTECTION

Cloud-Based

WAF

© F5 Networks, Inc 4

Comprehensive Application Security Solutions

Protecting your applications

regardless of where they live

Securing access from

any user on any device

AP

PL

ICA

TIO

N A

CC

ES

S

Enterprise Mobility Gateway

Access Federation

Remote Access

App Access Management

Secure Web Gateway

AP

PL

ICA

TIO

N P

RO

TE

CT

ION

IP Intelligence

Web Fraud Protection

Hybrid WAF

SSL Inspection

DDoS Protection

DNS Security

Network Firewall

Private, Public Cloud & On-Premise DC

Silverline

Strongest set of application

security controls that reduce risk

Applications run today’s world.

EXPERIENCE

DevOps – Mode 2

NetOps/SecOps – Mode 1,

Adopting Mode 2

Private Cloud

MSP

Applications

Private Cloud

Corporate Datacenter

Silverline

DDoS

BIG-IP iSeries

© F5 Networks, Inc 14

The traditional approach to security is inadequate. Blind, inflexible point solutions

© F5 Networks, Inc 15

Client/Server

Centralized

Apps

1995

40M

20K

Internet Applications

Data

Confidentiality

2000

400M

9.5M

HTML

JAVA SSL

SOAP

Mobile Devices

Mobility Malware

Threats

2005

1B

58M

Public Cloud

Website

Availability Threats

2B

207M

2010

Hybrid Cloud

Blended

Attacks

3.2B

1B

2015

XML

FLASH

VOIP

SAML

AJAX

MOBILE

VIDEO

HTML 5 ITIL

HYPERVISOR

SDN/ SDS

DEVOPS

IPV6

CONTAINERS

NANO/

MICRO

IOT

MACHINE LEARNING

The Evolution of the Application

© F5 Networks, Inc 16

Data Centers & Offices

Security

Threats/Attack

s

SSL

Global Load

Balancing

Local Load

Balancing

Cloud

Security and

Access

LT

M

AP

M

PE

M

Physical Legacy Infrastructure

Hacktivism

INTERNET

AWS

AZURE

…

DN

S

AF

M

AS

M On P

rem

ises D

ata

Cente

r

Business Function

Business Function

Public Clouds

Cloud Adoption

Private Cloud Network virtualization

? Cloud

Migration

© F5 Networks, Inc 17

Data Centers & Offices

Private Cloud

Security

Threats/Attack

s

SSL

Global Load

Balancing

Local Load

Balancing

Cloud

Security and

Access

LT

M

AP

M

PE

M

Business Function

Business Function

Physical Legacy Infrastructure

Hacktivism

? DN

S

AF

M

AS

M

INTERNET

Cloud Migration

Cloud Integration

Public Clouds/Managed Private Clouds

Silverline

Hybrid Cloud Challenges

? Cloud

Migration Network virtualization

Network virtualization

Consistent

and Secure

Application

Delivery

Platform

?

?

On P

rem

ises D

ata

Cente

r

F5 Agility 2015 18

Application Threats Increase Challenges and Complexity

© F5 Networks, Inc 19

LET’S TALK

ABOUT

SECURITY.

© F5 Networks, Inc 20

Unpredictable

Inconsistent Inconvienent

?

?

?

LET’S TALK

ABOUT

SECURITY.

Slow Expensive

© F5 Networks, Inc 21

A labyrinth of security measures applied with little

to no context, consistency, or coordination.

TIC

KE

TIN

G

G IANT SECURIT Y LINE

ID/PASSPORT CHECK

PAT DOWN

X-RAY

BODY SCAN

SWAB

GATE TICKET SCAN

F5 Agility 2015 22

Important Trends in Threat Vectors

WhiteHat Security

Statistics Report 2015

WhiteHat Security

Statistics Report 2015

Threat Brief Report, Webroot,

May 2015

Symantec Internet

Security Report 2014

© F5 Networks, Inc 23

50B Connected

Devices

Worldwide by

2020

6B Connected

Devices

2013

2020 2013 2018 2016

The Driving Force behind Device-Based Network and App Congestion

Application Attacks Hurt Your Business

Damages brand reputation.

Results in significant downtime and revenue loss.

Compromises sensitive enterprise, employee, and customer data.

Breaches compliance required to conduct business online.

© F5 Networks, Inc 25

© F5 Networks, Inc 26

© F5 Networks, Inc 27

© F5 Networks, Inc 28

Botnet Online shop

© F5 Networks, Inc 29

© F5 Networks, Inc 30

• TOR is a system enabling its users to communicate securely & anonymously on the Internet.

• TOR is free and can be installed in seconds • Very difficult to trace user traffic

• Often used nefariously…..but it is not inherently malicious. • “Anonymous” and Encrypted Gateway to the Deep and Dark Web

HTTP/HTTPS

Secured

Data Center

WAF

HIPS

Traffic management

NIPS

DLP

Network firewall

SIEM Leveraging

browser

application

behavior • Caching content,

disk cookies, history

• Add-ons, plug-ins

Manipulating user

actions: • Social engineering

• Weak browser settings

• Malicious data theft

• Inadvertent data loss

Embedding

malware: • Browser Keyloggers

• Framegrabbers

• Data miners

• MITB/MITM

• Phishers/Pharmers

Hmmmm… Customer Browser

Zero Trust

F5 Agility 2015 34

• DDoS attack before giant data breach

• 2.4M customers’ data stolen from web app attack

• More commonplace threat for Internet-connected businesses—especially those that house sensitive data (such as credit cards or personal information).

• Investment at network layer

• Many attacks at app layer

The Hybrid Threat

• Carphone Warehouse Breach with a DDoS Smoke Screen

Freedom To Deploy Any Cloud Application

Cloud Portability

Consistent Policies

F5 Grade Security

Visibility

Lowest TCO

Freedom