F5 Silverline: Getting the most out of your WAF
Traditional network firewalls (Layer 3-4) do a great job of preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. Attack vectors today are being introduced at all layers of the network. For example, the Slowloris and HTTP Flood attacks are Layer 7 attacks...a traditional network firewall would never stop these. But, nonetheless, your application would still go down if/when it gets hit by one of these. So, it's important to defend your network with more than just a traditional Layer 3-4 firewall.
That's where the Web Application Firewall (WAF) comes in. The F5 BIG-IP Application Security Manager (ASM) is a Layer 7 ICSA-certified WAF that provides application security in traditional, virtual, and private cloud environments.
Most companies can’t afford to hire a fully qualified team of security professionals to manage and administer their WAFs. And even if they could, I’m sure they would prefer to use those resources elsewhere in their organization if possible.
That’s where Silverline comes in. The Silverline WAF is built on the BIG-IP ASM, but it’s provided via F5’s Silverline cloud-based application services platform and wholly deployed, set up, and managed by highly specialized experts in our Security Operations Center (SOC).
If your organization has moved application workload to the cloud (and who hasn’t, right?) then it’s best to deploy a WAF that’s optimized for cloud environments as well. Security attacks in cloud environments are becoming more sophisticated, so it’s critically important for your business to have access to the latest attack data, protection measures, and consistent security policies that provide compliance across all your environments.
Our team lives and breathes this stuff, and they certainly stay up to date with the latest attack vectors and mitigation actions. In fact, as they develop countermeasures for various attacks, they catalog and reuse them as necessary on future attacks. This allows them to implement countermeasures very quickly following an attack.
You’ve probably read reports that claim attack sophistication is on the rise while knowledge needed to carry out the attack is on the decline. In short, you can execute a formidable attack against a web application and not really know the details of what the attack does or how it does it. This is true, in part, because common attack vectors still work very well, and attackers have conveniently packaged them up and made them available for anyone to use.
While attackers are using and re-using attack tools, they are also hitting the same targets again and again. The top 4 security flaws listed in the OWASP Top 10 haven't changed in the past 5 years (see table below). This is interesting because it shows a pattern of oft-used attack space, but it also provides an interesting opportunity for teams like the F5 SOC to focus their studies of attack space.
When you combine the effectiveness of a highly-skilled SOC team with the power of F5’s WAF, it’s easy to see the benefit of employing Silverline. Although the complete list is long and impressive, here are some of the quick highlights of utilizing the Silverline WAF:
- Visibility: see what is happening during an attack, quickly identify the source and vector, and implement countermeasures to mitigate
- Control: the customer portal allows you to take as much control as you need, mitigate exactly what you need with extreme precision so you don’t affect other parts of your network
- Integration: F5 products easily and accurately send signal attack information to Silverline; and you can deploy Silverline WAFaaS
So how do you get the most out of your WAF? You utilize F5’s world-class security team and implement Silverline.