Advertisement Advertisement

Keeping application security into focus, F5 is adding to the company’s comprehensive security solutions that will provide visibility of gaps within one’s defence system as well as provide a hybrid strategy to mitigate any cyberattacks. 


Parag Khurana, Managing Director - F5 Networks throws more light on this to discuss how F5 today looks at application security - 

Hybrid cloud is a reality today. F5 recently did a study for 2000 of its top enterprise customers worldwide; almost 75% said that hybrid cloud is a reality, while another 20% said that they will move half of their applications to the Cloud. There are three important things happening at present – digital economy, ecommerce and digital banking. And with this cyber security threats have increased. 


The study also indicated that 5-7% of investment is on security spending nowadays. 
“From F5 perspective, we still continue to be a leader in the ADC (Application Delivery Network) area worldwide; we enjoy a 50% market share. In India, we enjoy a market share of 35%. We are still focusing on application delivery but security has taken a bigger picture,” says Parag Khurana, Managing Director - F5 Networks.


Business leaders across different sectors are increasingly cognizant of how powerful applications and data assets can be in the journey to achieving agility demanded from the shift to the digital economy. More than ever, organizations need to rethink traditional security architectures, to focus on areas of greatest vulnerabilities – their applications and users.


“Apps have become mobile and they can be accessed on mobile phones. If we talk to a CIO or a CSO today, they say that 75-80% of their applications are web enabled. The next level for them will be to move these apps on cloud. But again their biggest concern is security. Earlier their environment was within a physical parameter, let’s say a datacenter. So even if you place your firewall within your parameter, you are ensured safe. But now it’s not the case because apps have moved out of the datacenter. Again for instance, a company provides infrastructure as a service; the concern for them will be that when a customer builds, configure and deploy an app on it, he should be able to deploy and secure it properly. Security concerns have indeed risen,” reiterates Parag.
The mission statement of F5 has been to deliver applications to users in a fast, secured and a reliable manner. For last 10 years the company has been protecting applications through its platform called web application firewall, but now it has brought in purpose-built hardware for that. “CSOs need purpose-built solutions and so we are launching now a new series of products called Herculon. They are into 2 areas – the first product is in the DDoS area (Herculon DDoS Hybrid Defender) and the 2nd in the area of encryption (Herculon SSL Orchestrator),” says Parag.  


While focusing on cyber security, F5 has partnered with other security elements, for instance for Herculon SSL Orchestrator it has partnered with ATP vendors. 


F5 sees massive opportunities for protecting applications. The company is present across verticals, but those companies that are app-savvy or are adopting business apps happen to come to F5 for its solutions. “Like the banking sector for their internet banking, IT-ITeS, Telecom are some of the verticals where adoption of application security is deeper and stronger. Even Pharma and Manufacturing verticals are moving to application security in a big way,” says Parag.
He further continues, “We are in a kind of business where if infrastructure grows, then we are surely to leapfrog. Indian customers have been investing to protect the traditional parameters of physical security, but what is changing drastically is the shift to application security. Security is a market where threats are evolving and protection has to evolve along with that. There is a catch-up game happening. The challenge before a CSO today is how fast they can convince their management to invest more,” sums up Parag. 

•    Herculon DDoS Hybrid Defender gives customers a multilayered defense against volumetric and pervasive DDoS attacks by integrating high-performance hardware with the intelligence of offsite cloud scrubbing via F5 Silverline. This hybrid approach improves time to mitigation in scenarios where website and application availability are crucial to customer interactions and profitability. The product can be deployed in-line or in out-of-band mode, and provides comprehensive DDoS coverage through behavioral analytics, sub-second attack mitigation, and visibility into sophisticated application layer attacks.


•    Herculon SSL Orchestrator provides improved insight for the visibility gaps created by the growing use of encryption for application data. With purpose-built hardware for SSL/TLS, this product provides leading cryptographic capabilities, context-aware dynamic service chaining, and native integrations. A ‘defense in-depth’ strategy is employed to enhance detection, enforcement, and orchestration with support from a rich ecosystem of security vendors.


•    Cloud-based application security as a service with Silverline® WAF Express: F5 is introducing a pre-configured, self-service offering that takes advantage of its cloud-based Silverline platform. Customers can easily select which applications WAF services are applied to, while F5 manages security policies behind the scenes to protect apps from a wide range of threats including OWASP attacks, parameter tampering, and bots. In this model, F5’s Security Operations Center experts engage and maintain policies, including monitoring, app attack mitigation, and analytics for applications hosted in the public or private cloud, as well as the data center.

Samrita Baruah
samrita@varindia.com

Advertisement