Asia's Source for Enterprise Network Knowledge

Sunday, February 26th, 2017

Secure Your Apps

How to protect the ‘security last mile’ in an app-driven world

 In the burgeoning digital economy, applications are driving innovation and massive growth in data but also creating an exponential increase in the attack surface, especially with the explosion of the Internet of Things (IoT). IDC forecasts that IoT devices in Asia-Pacific, excluding Japan, will hit 8.6 billion by 2020.

“With the proliferation of devices and rapid improvement in infrastructure, Asia is at the crossroad of digital transformation and disruption,” commented Kunaciilan Nallappan, F5 Networks’ solution marketing director for Asia-Pacific, in a blog post. “No other region is developing quite as quickly when it comes to the adoption of new technologies and innovation. This has brought a lot of attention to apps and technology that connect users, information and devices.”

To ensure fast, secure, and available applications for an enterprise’s employees and suppliers, it is vital to set up a robust, reliable, and flexible application delivery solution. Designed with purpose-built hardware and software, the F5 application delivery, optimization and security solutions, for example, provide complete application management across any data center, whether on- or off-premises.

Always-on expectations

“An application could be the best application in the world, but it would be obsolete if it is not highly available or cannot meet the expectations of users,” Kunaciilan added. “Ultimately, the user experience should always be optimal: peak performance regardless of devices, along with reliability, agility and security. Even when on the move, users are highly influenced by the reliability of applications, and the more dynamic and uninterrupted they are, the more likely they are to use them.”

Organizations will also have to pay particular attention to the ‘last mile for security’ – “the user or the user’s device, PC, or that ‘thing’ reporting back in to its mother app in the cloud”, as described by Lori MacVittie, principal technical evangelist at F5 Networks.

“Because many of the interactions that take place between consumers and providers involve money, there is a very real need for a high level of sensitivity toward the security of said transactions,” MacVittie said. “Which, like the performance challenges of the past, are really super hard to address when you don’t own ‘the last mile’.”

In the modern threat landscape, anti-fraud protection is no longer a concern that dogs the financial industry only. “The reality is that only 25% of real-world malware is caught by anti-viruses and though it may be targeting financials with which end-users interact, like the honey badger, it doesn’t care if corporate credentials happen to be exfiltrated in the process,” MacVittie said. “And once they’re on the open market, you can bet there’s someone who will pay for them.”

Elastic perimeter

MacVittie’s warning is timely because the ‘app’ has essentially become the new security perimeter – the gateway to data – and sometimes, that perimeter has to be extended around the endpoint, even if only temporarily. Hence, organizations across industry sectors concerned about the overall strength of their security posture and committed to protecting the ‘always-on’ client need to evaluate web fraud protection to help prevent malware and viruses and other stealth attacks from absconding with corporate credentials.

Organizations also need to ensure that security policies follow apps and provide authentication for users no matter where they are or what device they’re using. F5’s contextual, dynamic, risk-based approach to identity and access management ties in with this need, improving the user experience and scaling without limits.

Additionally, F5 offers advanced capabilities to establish strong, sophisticated policy-based security for applications and access to applications across on-premises and hybrid cloud environments.

Organizations will be able to carry out detailed analysis and more extensive device ID tracking to secure business-critical applications using the BIG-IP Application Security Manager’s (ASM’s) customizable bot detection methods. Accelerated blacklisting of malicious IPs in hardware at high rates for layer 7 threats provides complementary coverage until feed lists are updated with BIG-IP ASM.

By automatically mitigating L3-7 attacks upstream in the ISP realm, stopping evasive application use of random ports, and controlling SSH channel user-initiated actions with simple custom policy enforcement through the BIG-IP Advanced Firewall Manager (AFM), organizations can stop the most aggressive volumetric distributed-denial-of-service (DDoS) attacks before they can reach the data center.

For applications and associated services to produce competitive differentiation in the digital era, IT must better integrate DevOps practices, agile development, and cloud resources into established and emerging environments. F5’s BIG-IP iSeries ‘software-defined’ application delivery controllers support node.js programmability via iRules LX, enabling customers to easily to tailor their systems for evolving infrastructure needs like enhanced DDoS protection, private cloud and SDN technologies.

These capabilities are geared to empower enterprises defending the new security perimeter so that they can simply secure the ‘last mile’ and deliver applications without a hitch in a hyper-connected, always-on, app-driven environment.

This is a QuestexAsia feature commissioned by F5 Networks Asia Pacific.