Forum Discussion
Threat Campaigns
- Aug 03, 2023
Hi Ireda -
Joel_Cohen wrote this for the F5 blog in December:
"F5 Threat Campaigns is an intelligence service that accurately detects and blocks current and ongoing attack campaigns with virtually zero false positives. It leverages a team of security experts dedicated to finding, analyzing, and dissecting real ongoing attacks in the wild, with a tool arsenal that includes, among others, a worldwide network of honeypots constantly attacked and targeted by threat actors.F5 Threat Campaigns provides you fast and preemptive protection against current ongoing attack campaigns before they reach your enterprise. Using F5 Threat Campaigns is easy and requires only turning it on without additional configuration. The intelligence service provides rich context about the nature and purpose of the threat campaign. It will automatically be updated with the latest campaigns released by F5.
F5 Threat Campaigns is a subscription add-on to F5 BIG-IP Advanced WAF and is included with F5 Distributed Cloud WAF and F5 NGINX App Protect WAF.
Each provision of F5 Threat Campaigns is explicitly created for an attack campaign detected in the wild as done by a cyber adversary. This is different than a broad signature approach that might, for example, try to detect multiple vulnerabilities and exploits in a generic way.
This focus on specific campaigns eliminates the likelihood of false positive detections while providing low-maintenance protection against real ongoing attacks. Additionally, thanks to the low risk associated with false positives and the accuracy of the campaign, F5’s release cycle for new campaign entries is quick, leading to a short time between detection in the wild until customers are protected against the attack.
F5 Threat Campaigns provides additional insights about the nature of the attack campaign, what it tries to do, the risk it poses to applications, and the attacking actor’s intent. This helps security operators better understand what might attack them, how and by whom, and assess risks.
It is essential to understand that F5 Threat Campaigns is not intended to detect a single or random attack. Instead, it is focused on real-world attacks that are usually detected in volumes, which means more widespread risks to users. An example of a single or random attack could be when a single attacker executes an injection on one site or when a pen-tester tries a CVE that could be exploited in theory but has never been used in a real attack."
You can learn more about managing/configuring Threat Campaigns over at techdocs, at https://techdocs.f5.com/en-us/bigiq-7-0-0/managing-threat-campaigns-using-big-iq/managing-threat-campaigns.html
Thanks, noted.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com