Adaptive Apps: Simple and easy to deploy WAAP solution for tiered app protection - Demo Kit
Introduction
Adaptive applications utilize an architectural approach that facilitates rapid and often fully-automated responses to changing conditions—for example, new cyberattacks, updates to security posture, application performance degradations, or conditions across one or more infrastructure environments.
Unlike the current state of many apps today that are labor-intensive to secure, deploy, and manage, adaptive apps are enabled by the collection and analysis of live application performance and security telemetry, service management policies, advanced analytic techniques such as machine learning, and automation toolchains.
Two key components of F5's Adaptive Apps vision are to help our customers speed deployments of new apps and to help our customers more rapidly detect and neutralize application security threats.
In today's digital landscape, the need for modern, simple, consistent, and scalable application security has become increasingly critical. With the increasing number of cyber threats and the potential risks they pose to sensitive data, user privacy, and business operations, organizations must prioritize robust application security measures across all environments including traditional on-premises, public cloud, and edge deployments. As technology advances and applications become more interconnected, the potential risks and vulnerabilities that can be exploited by malicious actors also grow. Therefore, it is essential to prioritize robust and scalable security measures to protect sensitive user data, prevent unauthorized access, and maintain the integrity of applications.
Simplicity is crucial to ensure that security measures are practical, easy to understand, quick to deploy, and easy to maintain. Simplicity is a key requirement for accelerating secure application deployments.
Consistency ensures that security standards and best practices are uniformly applied across all applications, reducing the potential for gaps or vulnerabilities and speeding up secure application deployments. By prioritizing modern, simple, and consistent application security, organizations can safeguard their digital assets, maintain user trust, and mitigate the financial and reputational risks associated with security breaches.
As organizations expand their digital presence, the volume and complexity of applications grow exponentially. This expansion introduces new security challenges and potential vulnerabilities. Modern application security practices must address these challenges by adopting scalable solutions that can accommodate the increasing demands of diverse and dynamic applications.
By prioritizing modern, simple, consistent, and scalable application security, organizations can quickly and effectively protect their digital assets, mitigate the impact of security breaches, and maintain the trust of their users in an ever-changing digital landscape.
This Demo Kit provides an example of a modern application security architecture that meets the requirements of simplicity, consistency, and scalabiity via use of F5 Distributed Cloud Web Application and API Protection (F5 XC WAAP).
The modern architecture shown here enables you to more easily and quickly deploy a common set of application security capabilities across all deployment environments using F5 XC as a single consistent deployment console. Additionally, given application security does not fit a "one size fits all" model, we show how to enable tiered application security capabilities as appropriate for your low risk, medium risk, and high risk applications.
Moreover, with this security architecture, existing BIG-IP AWAF customers have the flexibility to continue using AWAF in their on-prem data centers and/or migrate their AWAF application security capabilities to F5 XC WAAP using the F5 Policy Supervisor.
Specifically we demonstrate the following:
- Enabling F5 XC Global Network
- Deploying F5 XC WAAP in Regional Edges (REs) to provide tiered application security for external application traffic
- Deploying F5 XC WAAP in Customer Edges (CEs) within traditional customer on-prem data center to provide tiered application security for partner/B2B application traffic
- Deploying F5 XC HTTP load-balancing in REs to distribute traffic across multiple CEs/customer data centers to maximize application availability and resiliency
- Deploying traditional applications behind BIG-IP in on-prem data centers
- Deploying NGINX Plus with third-party open source tools (ClamAV with Squid ICAP server as an example) in F5 XC CEs to enable malware analysis and defense for all application traffic
With this modern architecture, our customers can enjoy the following benefits:
- Consistent, easy to deploy WAAP security solution for all app deployments, managed by F5 XC
- Accelerated secure application deployments
- Multi-tier security architecture providing differentiated levels of application security to optimize SecOps efficiencies
- Strong tiered application protection for both external and partner traffic
- Horizontal scaling using a CE fleet across application deployment environments
Note application deployments are not limited to traditional on-prem data center environments as shown in this simplified example. Applications deployed within F5 XC REs and CEs (whether on-prem or in public cloud) can also enjoy the same F5 XC WAAP-enabled tiered application security benefits.
Use Case
Simple and easy to deploy WAAP solution that delivers comprehensive app protection across the F5 portfolio and our customers’ deployment scenarios.
Problem Statement
Customers find it difficult, time-consuming, and costly to deploy a consistent security model across their application deployments on-prem, in cloud, and at the edge in an automated fashion.
Customer Outcome
Customers can easily and quickly deploy secure applications and make better informed remediation decisions regarding their security posture and protect against potential threats in an automated fashion.
The Guide
Please refer to https://github.com/f5devcentral/adaptiveapps for detailed instructions and artifacts for deploying this demo.
Solution Architecture
F5 XC WAAP Provides Tiered Application Security in Regional Edge (RE) and Customer Edge (CE)
F5 XC WAAP Provides Tiered Application Security for Partner Traffic in Customer Edge (CE)
Bringing It All Together: F5 XC WAAP Solution Provides Tiered Application Security
Demo Video
Watch the demo video: