Videos from F5's recent Agility customer / partner conference in London
A week or so ago, F5 in EMEA held our annual customer / partner conference in London. I meant to do a little write-up sooner but after an incredibly busy conference week I flew to F5's HQ in Seattle and didn't get round to posting there either. So...better late than never? One of the things we wanted to do at Agility was take advantage of the DevCentral team's presence at the event. They pioneered social media as a community tool, kicking off F5's DevCentral community (now c. 100,000 strong) in something like 2004. They are very experienced and knowledgeable about how to use rich media to get a message across. So we thought we'd ask them to do a few videos with F5's customers and partners about what drives them and how F5 fits in. Some of them are below, and all of them can be found here.DNSSEC – the forgotten security asset?
An interesting article from CIO Online last month explained how DNS had been used to identify over 700 instances of a managed service provider’s customers being infected with malware. The MSP was able to determine the malware using DNS. As the article points out, a thirty year old technology was being used to defeat twenty-first century computer problems. In short DNS may be a viable means of identifying infections within networks quicker, because as well as security apps relying on DNS, the attackers do as well. DNS however still comes with its own unique security approach. The signature checking procedures outlined in the Domain Name System Security Extensions (DNSSEC) specifications were deemed adequate for the protocols surrounding domain resolution. While the certificates offer security that is authenticated, the data is not encrypted, meaning that data is not confidential. The other problem with DNSSEC is that in the event of Distributed Denial of Service (DDOS) DNS Amplification attack on a DNS server, the processing of validation requests adds to the processor usage and contributes to slowdown. DNSSEC does, however, provide protection against cache poisoning and other malicious activities and remains part of the network security arsenal. At F5, our solution for the DNSSEC load problem was to integrate our DNSSEC to our BIG-IP Global Traffic Manager. The traffic manager handles all of the overhead processing requirements created during a DDOS DNS Amplification attack. The result is that the DNS Server can be left to function with no performance limitation. On top of this the F5 solution is fully compliant with international DNSSEC regulations imposed by governments, organisations and domain registrars. While DNSSEC may seem mature and even outdated for its security specifications, the correct application of technology, such as F5’s BIG-IP Global Traffic Manager delivers peace of mind over security, performance, resource and centralised management of your DNS.Context. SDN. Big Data. Security. Cloud.
That's right, something for everyone. F5 recently attended IP Expo in the UK. We had some speaker sessions at the event - some readers might have come along and seen them live. The event organisers did a nice job of filming the slots along with the slideware presented, and here they are: THE NETWORK FIREWALL IS REDUNDANT (NATHAN PEARCE) BIG DATA - A CONTEXTUAL GOLDMINE (NATHAN PEARCE) KEEPING APPLICATIONS RUNNING SMOOTHLY FROM THE CLOUD (NATHAN PEARCE) AUTOMATION & ORCHESTRATION - KEY REQUIREMENTS FOR SOFTWARE DEFINED DATA CENTRES (KEVIN WARE-LANE)Broken Yo Yo!
An emergency. VIPRION blade down. But this wasn’t the worst of it. In Denmark, the F5 expert team at security and networking reseller Snex faced a dire situation. The F5 Yo Yo had broken. The Technical Support team at F5 swung into action immediately. First, the secondary, non business-critical stuff. Snex had a new VIPRION blade the following day, and were able to maintain their ability to demonstrate the advantages of the world’s only application delivery controller able to scale on-demand. And then they turned their attention to the knotty problem of the Yo Yo. F5 are a billion-dollar organisation that sells to most of the world’s biggest banks and service providers. We have a reputation for quality, an important component of our market share and technology leadership. And so there were important issues at stake. Should we metaphorically – and literally - sweep the defective Yo Yo under the carpet? Hope that it got forgotten about? No. As all business leaders are aware, the cogs of commerce depend on inexpensive promotional items. And so, after great efforts from procurement, a replacement Yo Yo was located, purchased and shipped in second class post to Denmark, only weeks after the breakage and fulfilling the strict terms of F5’s Yo Yo SLA. Here it is in action.“You can use Application Delivery Controllers as firewalls?”
When F5 sent out a global survey to 1000 large organisations worldwide, concentrating on complex attacks and how people defend against them, some of the questions related to what people use to protect their web-facing applications. In one section – prompted by what we had seen amongst our customer base, especially after the Wikileaks attacks – we asked if Application Delivery Controllers (ADCs) had a role to play. In my less positive moments, the question I pose above was the response I was expecting. It turns out that’s not the case. Half said ADCs can replace many or most traditional safeguards and, depending on what’s being protected, up to 45% of UK respondents are already using ADCs for security (this figure relates to application security). Why might that be? The answer lies in part in another - fairly shocking – finding: 42% of companies have had firewalls melt against a DoS attack, but 79% still rely on them for protection. Having firewalls melt in the face of a DoS attack doesn’t mean all firewalls melted, so presumably there’s some level of protection still being offered, or this finding would speak to a degree of masochism within the survey respondent base But what some very large F5 customers found during the relatively recent spate of massive DoS attacks was that all their firewalls did melt…and the thing that didn’t was the ADC that sat behind them. The thing that could handle massive numbers of connection requests. So they started to use that as their firewall for their web-facing applications. Food for thought. The infographic below sums up survey responses from the UK. Please feel free to contact me if you’d like the associated report.
