Forum Discussion

Ireda's avatar
Ireda
Icon for Cirrus rankCirrus
Aug 03, 2023
Solved

Threat Campaigns

Dears,

I have the below license:

Threat Campaigns, 1Yr(Subscription)

  • Subscription expires after May 23, 2024

Please, what are the benefits, and how i can configure them?

application delivery
security
  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Aug 03, 2023

    Hi Ireda  - 

    Joel_Cohen wrote this for the F5 blog in December:
    "F5 Threat Campaigns is an intelligence service that accurately detects and blocks current and ongoing attack campaigns with virtually zero false positives. It leverages a team of security experts dedicated to finding, analyzing, and dissecting real ongoing attacks in the wild, with a tool arsenal that includes, among others, a worldwide network of honeypots constantly attacked and targeted by threat actors.

    F5 Threat Campaigns provides you fast and preemptive protection against current ongoing attack campaigns before they reach your enterprise. Using F5 Threat Campaigns is easy and requires only turning it on without additional configuration. The intelligence service provides rich context about the nature and purpose of the threat campaign. It will automatically be updated with the latest campaigns released by F5.​

    F5 Threat Campaigns is a subscription add-on to F5 BIG-IP Advanced WAF and is included with F5 Distributed Cloud WAF and F5 NGINX App Protect WAF. 

    Each provision of F5 Threat Campaigns is explicitly created for an attack campaign detected in the wild as done by a cyber adversary. This is different than a broad signature approach that might, for example, try to detect multiple vulnerabilities and exploits in a generic way.

    This focus on specific campaigns eliminates the likelihood of false positive detections while providing low-maintenance protection against real ongoing attacks. Additionally, thanks to the low risk associated with false positives and the accuracy of the campaign, F5’s release cycle for new campaign entries is quick, leading to a short time between detection in the wild until customers are protected against the attack.

    F5 Threat Campaigns provides additional insights about the nature of the attack campaign, what it tries to do, the risk it poses to applications, and the attacking actor’s intent. This helps security operators better understand what might attack them, how and by whom, and assess risks.

    It is essential to understand that F5 Threat Campaigns is not intended to detect a single or random attack. Instead, it is focused on real-world attacks that are usually detected in volumes, which means more widespread risks to users. An example of a single or random attack could be when a single attacker executes an injection on one site or when a pen-tester tries a CVE that could be exploited in theory but has never been used in a real attack."

     



    You can learn more about managing/configuring Threat Campaigns over at techdocs, at https://techdocs.f5.com/en-us/bigiq-7-0-0/managing-threat-campaigns-using-big-iq/managing-threat-campaigns.html

2 Replies

Sort By
  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Ret. Employee
    Aug 03, 2023

    Hi Ireda  - 

    Joel_Cohen wrote this for the F5 blog in December:
    "F5 Threat Campaigns is an intelligence service that accurately detects and blocks current and ongoing attack campaigns with virtually zero false positives. It leverages a team of security experts dedicated to finding, analyzing, and dissecting real ongoing attacks in the wild, with a tool arsenal that includes, among others, a worldwide network of honeypots constantly attacked and targeted by threat actors.

    F5 Threat Campaigns provides you fast and preemptive protection against current ongoing attack campaigns before they reach your enterprise. Using F5 Threat Campaigns is easy and requires only turning it on without additional configuration. The intelligence service provides rich context about the nature and purpose of the threat campaign. It will automatically be updated with the latest campaigns released by F5.​

    F5 Threat Campaigns is a subscription add-on to F5 BIG-IP Advanced WAF and is included with F5 Distributed Cloud WAF and F5 NGINX App Protect WAF. 

    Each provision of F5 Threat Campaigns is explicitly created for an attack campaign detected in the wild as done by a cyber adversary. This is different than a broad signature approach that might, for example, try to detect multiple vulnerabilities and exploits in a generic way.

    This focus on specific campaigns eliminates the likelihood of false positive detections while providing low-maintenance protection against real ongoing attacks. Additionally, thanks to the low risk associated with false positives and the accuracy of the campaign, F5’s release cycle for new campaign entries is quick, leading to a short time between detection in the wild until customers are protected against the attack.

    F5 Threat Campaigns provides additional insights about the nature of the attack campaign, what it tries to do, the risk it poses to applications, and the attacking actor’s intent. This helps security operators better understand what might attack them, how and by whom, and assess risks.

    It is essential to understand that F5 Threat Campaigns is not intended to detect a single or random attack. Instead, it is focused on real-world attacks that are usually detected in volumes, which means more widespread risks to users. An example of a single or random attack could be when a single attacker executes an injection on one site or when a pen-tester tries a CVE that could be exploited in theory but has never been used in a real attack."

     



    You can learn more about managing/configuring Threat Campaigns over at techdocs, at https://techdocs.f5.com/en-us/bigiq-7-0-0/managing-threat-campaigns-using-big-iq/managing-threat-campaigns.html