on 29-Jan-2013 06:40
I don’t have an office anymore. I write from diners, coffee shops, hotel rooms, and airplanes. My world changed 18 months ago, when the patriot hacker, The Jester, attacked WikiLeaks and goaded the hacktivist collective Anonymous into attacking Visa, MasterCard, PayPal, Amazon, and others, with volumetric floods. Since then, I gave up my desk job and have lived on the road, preaching the gospel about DDoS attacks and letting customers cry on my shoulder.
The targets of those WikiLeaks attacks saw their firewalls go down amidst the TCP floods and ended up using their “F5s” as their firewalls. This event was one of the top reasons for the genesis of F5’s Application Delivery Firewall, which officially launches today with a whole host of features aimed at reporting and mitigating volumetric DDoS attacks. It couldn’t come at a better time for F5 or our customers, many of whom are facing a new round of DDoS attacks.
With the launch of this Application Delivery Firewall, we are betting big that DDoS isn’t going away (it’s only going to get worse) and that we have the best tools to deal with it on-premise. It’s a different approach, one that revolves around defending the application. We’re attaching network firewall policy directly to the application object, in the same way that we already do for web application firewall policy.
We’re ready to change the world with this solution, but the question is whether the world is ready to change with us?
One of the security architects (who was getting pounded by the Cyber Fighters) wasn’t ready to hear about the new application-centric firewall paradigm. In fact, he had already panicked and embiggened his firewall (from the same vendor). The conversation we had made him the perfect stand-up to represent the conventional firewall.
Fallacious Arguments favoring Traditional Firewalls
In the same way that weak defenses “hide” behind a failed firewall, all of these arguments “hide” behind it too. These are real challenges (well, #1 and #2 are anyway) which can be solved with vision, engineering, and process. Solving them gets us closer to having dynamic defenses so we can keep the “Open” sign up even in the worst cyber weather.
If the world figures out how to overcome these problems, we can all move forward. Our job for 2013 and 2014 will be to help people get past these excuses so that they can move on to bigger and better things – namely not living in fear from DDoS attacks and running their businesses. And maybe I can go back to writing code and not living out of a suitcase.