event
43 TopicsDevCentral Visits BlackHat 2023 !!!
Once again,is headed to BlackHat in Las Vegas! Find the F5 Booth at Black Hat: A talk with Kara Sprague, Chief Product Officer at F5 Bots, AI, and Social Engineering with Dan Woods at Black Hat 2023 Quantum Cryptography with Keyfactor at Black Hat 2023 Check out PQC Labs educational resources here! MazeBolt's RADAR Dashboard Fighting security alert fatigue with Stellar Cyber App and Security teams working together with Venafi The API security journey with WWT Until next time, Black Hat! Once again,buulamis headed to BlackHat in Las Vegas! He's super-excited to hit the ground in the desert to meet up with the community and some F5 partners! He'll be bringing the experience back to you, right here, so bookmark this article for all the latest news! Find the F5 Booth at Black Hat: Looking for theF5Booth?Here it is! Check out the prize vending machine, Lego give aways, and the new Frankenstack plushies. 🎁 If you're at the show, keep your peepers peeled 👀 forbuulamwhowould love to say "hi!" A talk with Kara Sprague, Chief Product Officer at F5 Buu Lam talks with F5 Chief Product Officer Kara Sprague about F5 solutions, particularly around APIs and Multi-Cloud Networking, and what's in store for the future. 00:30 - What does the role of Chief Product Officer entail? 01:30 - Why API security has suddenly become so important in recent years? 03:40 - The exponential increase in API sprawl. 04:11 - Multi-Cloud Networking growth as a use case. 05:45 - F5 being able to deliver security embedded within Multi-Cloud networking architecture. 06:30 - What does the future hold for F5? Bots, AI, and Social Engineering with Dan Woods at Black Hat 2023 Buu Lam talks with Dan Woods (Global Head of Bot and Risk Management at F5) about bots and AI bring used to create social influence and enhance the damage of social engineering. 00:45 - Ticket bots and Sneaker bots 01:46 - Are businesses actually trying to fix this? 03:10 - Bots and AI being used to create mass social influence 06:10 - AI being used to greatly enhance the damage of social engineering Quantum Cryptography with Keyfactor at Black Hat 2023 Ted Shorter from Keyfactor talks about post-quantum cryptography, its impact, and how organizations can stay ahead of the curve. 00:40 - Post-Quantum Cryptography 01:00 - KeyFactor's PQC Lab: an educational resources 02:20 - Strategies for thriving in a post-quantum world Check out PQC Labs educational resources here! MazeBolt's RADAR Dashboard Matthew Andriani (Founder and CEO of MazeBolt) walks us through a demo of MazeBolt's RADAR dashboard--showing how vulnerabilities can be remediated, then re-checked with updated results within 5 minutes. Fighting security alert fatigue with Stellar Cyber SOC teams face alert fatigue and the burden of so many tools. Stephen Salinas shares how Stellar Cyber uses AL and ML to reduce the noise. This allows security analysts to use information gathered across all their security tools to reach conclusions quickly. For more coverage from Buu Lam at #BlackHat, check out the DevCentral overview here: https://community.f5.com/t5/devcentral-news/devcentral-visits-blackhat-2023/ta-p/319253 App and Security teams working together with Venafi Teamwork makes the dream work. Paul from Venafi sees app and security teams coming together to resolve conflicts by reaching the outcomes they want without getting in each others way. The API security journey with WWT Where are you at in your API security journey? David and Clint from WWT share their perspective, their education-focused engagement with customers, the importance of real world scenario training. Until next time, Black Hat! That's a wrap for DevCentral at Black Hat 2023! Buu Lam shares some takeaways and observations: API security dominating discussions Hybrid and Multi-Cloud is the new norm Frankenstacks are cool, look for them at future events3.4KViews4likes0CommentsRSA Conference 2022 - That's a wrap! Here's what you may have missed
RSA Conference is one of the biggest conferences you can attend in our industry. It was last held in person in February 2020 with 36,000 attendees, although previous years saw numbers around 45,000 attendees. In 2021, it was held virtually and everyone has been excited to get back to an in-person event in 2022. This year, the show floor had a great amount of energy! I reconnected with many old friends and I met many people for the first time in person, having only seen them online otherwise, whether co-workers or other industry friends. Some common discussions happening around the F5 booth this year were: What's new with F5? and filling them in on Distributed Cloud and WAAP What are you doing for Fraud? What are APIs and how do you protect them? What is your approach to Zero Trust? These themes guided some of the videos thatPSilvaand I created during the week. We realize not everyone can attend the event so we wanted to document the event as best we can and share the experience with viewers. We even tried using a 360 camera to create a VR experience for everyone. And we also pulled off a Live Stream from the show floor! Below is all of the main videos we created for the week. We created some additional Bonus Content that is geared towards the members of the DevCentral Connects Group as well - please join the group in order to see that feed. Some of the shorter content will just end up on our social accounts so be sure to follow us there as well. Peter: LinkedIn / Twitter Buu: LinkedIn / Twitter Looking forward to seeing everyone again soon!1.9KViews2likes0CommentsThat's a Wrap! DevCentral Visited: GovWare 2022
A couple months ago, I was asked to attend GovWare, in Singapore. Ignorant to events outside of North America, I was surprised to find out this was an event that attracted 10,000+ attendees from all around Asia and was in fact, Asia's largest Cyber Security conference! Held in the famous Marina Bay Sands Expo and Convention Center, this event was bigger than I imagined and busier than I'd experienced otherwise, all year. What made the difference here was the people. The show floor was extremely energetic with people willing to learn. The talk tracks had some of the worlds brightest talents on stage. F5 even sent our very own Joel Moses, Distinguished Engineer and CTO of Platforms and Systems, as well as Dr. Aditya K. Sood, Senior Director of Threat Research and Security Strategy - 2 folks from our Office of the CTO who are some very bright thinkers. I set out to determine what are some differences in Cyber Security in Asia. In fact, I asked this of nearly everyone I met. Most replied that its not that different. If anything, I just heard amplified messages from earlier this year. API security is a real concern. Enabling security for app developers is a priority so that they can focus on code. One topic that was discussed more than I'd heard before is interesting edge computing use cases. Not just standard compute, but AI/ML use cases and security use cases. So basically, everything is the same, but different😄 Of course, I created much content for everyone to follow along. In case you hadn't seen it all, I'll link a playlist with everything (over 20 videos) if you'd like to binge. But I'll also list some of my favorite pieces directly, as well! 🎥 DevCentral Visits: GovWare 2022 - Full Playlist🎥1.6KViews4likes1Comment✨🎩 LIVE DevCentral @ Black Hat USA 2022
Join the DevCentral team (AubreyKingF5,buulam,PSilva) this week in Las Vegas for Black Hat USA 2022! Don't forget to stop by the F5 booth 2140! Grab a t-shirt, some DC trinkets, and a selfie with the gang. We'll be releasing a ton of content live as we explore Black Hat so make sure to subscribe to this post to get the latest from the team! Keep an eye for updates in the comments! Let us know if there's anything you'd like to see at Black Hat. Highlights: Black Hat USA 2022 Partner Preview in 360! @buulamand@PSilvawalk theBlack HatBusiness Hall and give a preview of theF5Partners they'll be interviewing this week including@Trellix,@OPSWAT(1186),@NonameSecurity(1860),@AppViewX(3144) and@Entrust_Corp. DevCentral VisitsBlack Hat USA 2022! @buulamand@PSilvaguide you to the F5 booth 2140: the place for giveaways and learning about fraud, API security and automated attacks. Ask the Expert: What are Automated Attacks PSilvatalks with Dan Woods,F5Head of Intelligence about Automated Attacks, what they are, what they can do and what you can do about them. Partner Spotlight: OPSWAT Tom Mullen, SVP of Business Development talks about how OPSWAT integrates with F5 solutions on platform, in the cloud, or with a VE. Partner Spotlight: AppViewX buulamsits down with Mike Turner, Worldwide VP Systems Engineering from AppViewX to discuss the benefits of a joint solution with F5 and AppViewX.1.6KViews4likes7Commentsit-sa Expo & Congress in Germany - DevCentral Visits
buulamis heading to it-sa Expo & Congress 2023 inNuremberg, Germany! Make sure to subscribe to the DevCentral Youtubechannel,and follow DevCentral and Buu Lam to get the latest updates from across the pond. And we'll be sure to update thispost,too. DevCentral Visitsit-sa Expo and Congress Secure Multi-Cloud Networking with Markus Hennig WebAssembly Support added to F5 NGINX Unit Using F5 for SSLO with the German Pension Fund Westcon to the rescue Daniel Wolf on what it means to be a leader in the community DevCentral Visitsit-sa Expo and Congress Buu Lam says hallo from Nuremberg as he heads to it-sa Expo and Congress, one of the biggest security conferences in Europe. F5 can be found at the Weston, Computacentre, and Magellan booths. Stay tuned for more from it-sa, including Markus Hennig's talk, a live hacking demo, and more. Secure Multi-Cloud Networking with Markus Hennig Markus Hennig, F5 Distributed Cloud Services Specialist, talks secure multi-cloud networking at it-sa Expo and Congress 2023. IT security needs are global at a high level--everyone needs automation and flexible deployment options. Markus shares additional regional insights on local security adoption and prioritization. WebAssembly Support added to F5 NGINX Unit Timo Stark, Principal Technical Product Manager at F5 NGINX (and Docker Captain) talks about the new WebAssembly support added to NGINX Unit. Using F5 for SSLO with the German Pension Fund Alexander Müehleck and Oliver Tönnies from the German Pension Fund Network Infrastructure and Security Gateway team talk about their long-term experiences with F5. Most recently, they implemented an SSLO solution across multiple sites that provides outbound security services for their 60,000 users. One big benefit: flexibility--being able to switch seamlessly back and forth between their data centers enables them to do maintenance easily. Westcon to the rescue Buu Lam interviews Robert Jung (Westcon Managing Director for DACH and Eastern Europe region) about how Westcon enables F5 partners to get more value out of their products via training, go-to-market strategies, financing, and more. Robert also shares insights on what he sees in the security business regionally. Daniel Wolf on what it means to be a leader in the community Daniel_Wolf, Security Solutions Engineer at Controlware GmbH, is well-known in the DevCentral Community! Buu Lam meets up with Daniel IRL and gets the story behind his motivations to become DevCentral MVP.1.3KViews4likes0CommentsCommunity Highlights, Week 41, '22
More of a midweek update this week, but a quick FYI to let you know that going forward I'm adding a section at the bottom to recognize some of our more active members over the past week. I'm always looking for ways to recognize and reward the healthy behaviors that make our community such a helpful place, so if you've got other ideas please let me know in the comments. Since there's a lot of Cybersecurity Awareness Month content this month and we don't want it to get lost, here's a quick list of the past week's security content before I call out individual user posts below: Dharminderwrote about the previous week's events inBinance Hack, Data Leak and Supply Chain Attack - F5 SIRT This Week in Security - Oct 1st to Oct 7th Fouad_ChmainysharedManage F5 BIG-IP Advanced WAF Policies with Terraform (Best Practices) MichaelatF5 gave us a two-parter: How to Split DNS with Managed Namespace on F5 Distributed Cloud (XC) Part 1 – DNS over HTTPS How to Split DNS with Managed Namespace on F5 Distributed Cloud (XC) Part 2 – TCP & UDP There were two additions to the ongoingSSL Orchestrator Advanced Use Cases article series: Kevin_Stewartwrote aboutIntegrating F5 Intrusion Prevention System (IPS) KevinGallaugher wrote aboutOne-Armed Mode AubreyKingF5 was able to work with F5'sLakhwinder Singh to create the video walkthroughLearn How to Apply F5 Distributed Cloud WAAP with GKE via a Public GCP IP Address. Dave_Potterwrote about how toUse F5 Distributed Cloud to control Primary and Secondary DNS DevCentral'sRebecca_Moloney,who is responsible for our content, wanted to created a series to give insight to what some of our too-often unsung extended teammates do with her Helpers Behind the Scenes article serieswritten by regular and guest authors ed_patronshared his story in Security Operations Center - Helpers Behind the Scenes mpbwrote about how she ended up working inF5 Threat Intelligence - Helpers Behind the Scenes m_heathwrote about his journey to and inF5 Labs - Helpers Behind the Scenes Lior_Rotkovitchwrote A Day in the Life of a Security Engineer from Tel Aviv We've got more Scary Hack Stories! over on theDevCentral YouTube channel Beware What You Download Protect Your Management Interface! Avoid API Assault ! Monitor the Ghosts in Your Graveyard! Forum post highlights: Deena,new to F5 and DevCentral, wants to be proactive about learning aboutF5 Lingo, andMohamed_Salah_ andboneyard dropped some knowledge and advice. I'll include LiefZimmerman's great list of learning resourceson Deena's other post here, because it may come in handy to whoever reads this week's Highlights. Welcome to the community, Deena! southern_shreddasked how to write an iRule toredirect to to 301 location, and after a little back and forth,CA_Valliwas able to help out Unanswered questions: VFBasks aboutAdding a dynamic generic host to GTM spalandewants to know aboutAll attack signatures vs server/application specific ASM attack signatures spetrof5 has an issue withMaintenance page with an image using iRule and iFile, image never gets displayed Notable solutions: Michaelyangasked When Active/Standby failover send mail, andNikoolayy1 jumped in with the answer Notable users (excluding F5 employees): Most kudoed authors: Nikoolayy1 CA_Valli Mohamed_Salah_ Gave the most kudos: Nikoolayy1 Michaelyang boneyard Top kudoed post: CA_Valli's Accepted Solution toMichaelyang's questionAbout log rorate Tip of the week: Remember to mark Accepted Solutions if someone helps solve your issue - not just so they get kudos, but so that future users can easily find the same answer you needed!1.1KViews3likes0CommentsNGINX Microservices March 2022: Kubernetes Networking
Kubernetes operators (or aspiring operators), be sure to check out Microservices March 2022: Kubernetes Networking, a month-long free educational event by our friends at NGINX. Each week will feature a different unit with useful information for Kubernetes users of all levels (or those planning to adopt Kubernetes within the next year.) Unit 1 (March 7–11): Architecting Kubernetes Clusters for High-Traffic Websites How to route traffic to microservices deployed in Kubernetes. Unit 2 (March 14–18):Exposing APIs in Kubernetes Best practices for deploying API gateways in Kubernetes. Unit 3 (March 21–25):Microservices Security Pattern How to secure apps and APIs to be production-ready. Unit 4 (March 28–31): Advanced Kubernetes Deployment Strategies How to split traffic and use Kubernetes for shadow rollouts. Choose Your Own Adventure Microservices March includes around 16 hours of Kubernetes educational content in total, with three different way of learning: High-level livestreams: Overviews that are technical in nature, but still accessible to people who are not Kubernetes experts or in a technical role. Learning more with blogs and videos:Deeper technical knowledge for those familiar with basic traffic management concepts (for example, load balancing). Hands-on labs: Recommended for participants with some Kubernetes experience as they will be using YAML. Look for the hashtag #microservicesmarch to follow the event on social media. All content will be available on-demand beginning in April.1KViews4likes1CommentGlueCon 2022 Recap - Are in-person conferences a thing again?
[Scroll down for accompanying videos] Over the past 2 years, I've seen many events in our industry take a shot at delivering a virtual experience. Let's face it, though, virtual events are not the same. Why? You miss "The Hallway Track". This is the name of the informal chats outside of the formal talk tracks. This is where you meet up with your colleagues and share recaps of the last sessions you just attended. Or you grab one of the speakers after their talk and ask a couple more questions about the subject that they just passionately spoke about. Or you visit vendor booths and get their view on how they see the world and see if it aligns with what you're working on. Or you see someone sitting alone at a table for lunch, you decide to sit down and make an effort to get to know someone new. I've done all of these things and I know that this is where I have learned the most. For two years, we lost the opportunity to fully experience The Hallway Track. When I saw that NGINX was sponsoring GlueCon 2022 and saw how well the agenda aligned with my areas of technical focus, I immediately made a case to get out there. And now having just gotten back and reflecting on my experience there, I can say I was extremely happy that GlueCon was my first time back at an in-person conference. GlueCon is a unique conference in that it is focused on delivering high-quality technical content to developers. They don't want the sales pitches, even though I could see hints of sales pitches were snuck in to some presentations but done in a tasteful way (let's face it, the vendors need to justify the sponsorship money that funds a lot of the conference so let's give them a minute so they're inspired to invest more in future). The talks this year ranged from APIs, Observability, Serverless Technologies, Authentication, Service Mesh, Developer Tools and even some Blockchain and Web3. There were also some interesting high level talks on Cloud-Native Organizations and Product Managing Your Infrastructure. What I took away from the event is that developers have a few big things they worry about. Getting code to work in the first place Getting code up and running on their infrastructure Observability of the application and keeping it safe and secure What this also means is that developers do not have the time to mess around with solutions that are a burden to implement. There is incredible pressure to deliver on time and they need solutions that "Just Works" whether that's accomplished through great documentation, great example code or great service/support. This was confirmed by the conversations I was having with individuals. By looking them in the eye when they shared horror stories of sleepless nights and failed deploys. By listening to their specific needs before I said anything about our own products to them. By trying to relate in whatever way I could to their day to day lives in the trenches. Doing this in person is difficult to replace even if you have every tool available to you so I look forward to meeting up with some of you one day for The Hallway Track. P.S. Here's some of the videos I've created from the week:870Views2likes0CommentsThat's A Wrap From BlackHat 2022 - API Security, it's time to shine
We hit the road and we hit it HARD! Between the editing and interviews, it was hard to find a lot of time for sleep. This was a truly immersive experience, heading out there. Coming back to producing another show immediately, I've had some time to reflect on our trip to BlakHat USA 2020. There were some resounding themes, for sure. Firstly, it is an API world. If you look at the summary article of BlackHat 2022 announcements I talked about on DevCentral Connects yesterday, you see a trend: I am THRILLED to see the rest of the security industry finally taking an interest on the segment that we've led in terms of industry deployment numbers for 15 years. In 2007, TMOS 9.2.4 delivered an XML firewall to our customers - able to ingest a WSDL for schema baselines - that learned expected API usage over time like any other http delivered application. SOAP followed shortly, thereafter and, of course, REST shortly after that. This was just an evolution of WAF here at F5. Watching NGINX+ delivery of API gateways add on NGINX App Protect features with the F5 WAF engine showed me that we continue to value this level of API defense at every scale, as well. When I saw Gartner and other vendors starting to call the segment 'WAAP,' it bothered me a bit, as we at f5 have always understood WAF to encompass APIs. I really hope that we can capitalize on our pedigree in this space to deliver our customers the most reliable and scalable API Security solutions there are. Regarding the f5 booth,it's been a minute since I've been at a trade show for f5. The thing that stuck out the most for me was the lack of the term 'load balancing.' What I heard more of was 'API Security,' and 'Multi-Cloud Networking'. What struck me the most was that customers seemed to understand that multi-cloud was really our thing now, and I think that having partners like RedHat has helped us to be viewed as a software company, rather than a big iron vendor. This speaks volumes to our ongoing transformation and our ability to get that message out there. Kudos to our sales teams for really making that apparent. Be sure to follow us all on the socials for content, in addition to YouTube: DevCentral handles:https://www.linkedin.com/showcase/f5-devcentral/| https://twitter.com/devcentral Peter Silva: https://www.linkedin.com/in/psilvas/ | https://twitter.com/psilvas Buu Lam: https://www.linkedin.com/in/buulam/ | https://twitter.com/buulam Aubrey King: https://www.linkedin.com/in/aubreyking | https://twitter.com/aubreykingf5 Content summary: BlackHat USA 2022 Playlist:https://www.youtube.com/playlist?list=PLyqga7AXMtPPL3Xw0qrWO3sZnsbL4amP5868Views5likes1Comment