Securing business-critical apps with F5 Networks
Mats Ericsson, VP of Presales, EMEA at F5 Networks

Securing business-critical apps with F5 Networks

Intelligent CIO caught up with Mats Ericsson, VP of Presales, EMEA, F5 Networks at GITEX to discuss the key findings of F5’s Future of Apps report and the increasing importance of application security.

Q: What is F5 Networks primary focus for GITEX this year?
A: The primary focus for GITEX would be two things, cloud and security. These are the two strategic areas where we’re going to focus all our development resources and of course where we see the market is moving towards. It’s not either or, it’s cloud and security. It’s a lot about security in the cloud.

Q: What solutions does F5 offer to help MEA organisations ensure the security of business-critical apps?
A: If you look at the security space there are many ways you can slice it. The way we like to slice it is application access, application security, and networking security. We have solutions in each of those three areas and we have done for the last 12 years. We are constantly making improvements and doing new things but on a high level from F5, those are the three areas that we operate our security focus on.

If you look at, for example, network security, that would be a traditional firewall; it would contain DDoS attacks. If you look at application security, that would cover web application firewalling, port protection on a higher level, machine learning, and behavioural attack. If we look at the number of attacks right now, about 25% of them are in the network area, and 75% is in the application area.

However, if we ask Gartner or anyone where they allocate their budget, it’s exactly the other way around. So it’s 75% towards buying network firewalls, and only 25% goes in the application area. This is what the bad guys are realising and now refocusing to the application area because there is less protection in that area.

That’s something we try to tell our customers, it’s equally or even more important now to look at that application situation.

Q: Do you think this vulnerability is an awareness issue rather than reluctance to invest in application security?

A: It is awareness. I would say that at the same time it’s 2017, almost ’18, not having a web application firewall for any Internet basic application today, I would say it’s like having no network firewall five years ago. Five years ago, no one would have done that, so why do a lot of businesses have no application firewall today? So it is definitely awareness and education. As soon as you understand the drivers behind it, I think most people would say, “Oh, we need that.”

Q: What were the key findings from F5’s Future of Apps report?
A: On the security side it was about protecting your DNS infrastructure. If you hit the DNS infrastructure, you basically take out all the traffic to that site on the Internet. That is one of most vulnerable pieces of infrastructure companies have. At the same time, it’s a very old infrastructure, DNS was a protocol done many, many years ago and it’s fairly simple to hit it. One of the biggest finding was people are not protecting with a DNS firewall, in the same way I was talking about application firewall or network firewall, they’re not protecting their DNS infrastructure, which has led to some rather big attacks.

Moving to the cloud, the report came back and said that very few companies will be going 100% cloud. That’s the reality, most people in the foreseeable future will have a mix of running something in the data centre and other applications in a public cloud. Because there are pros and cons, in a public cloud from a cost perspective and flexibility, and being able to spin it up in two minutes is outstanding. It normally takes a long time for even the most sophisticated company to do something like that internally.

So the cloud is very efficient to use. However, there are still a lot of security issues and especially in the mind of people about storing data, where will that data end up, will it go outside the country? Will it go somewhere where another government will have legal rights to look at it? Such as The Patriot Act from the US which gives NSA and other US government access to look at the data.

There will be a mix. What companies should do is an inventory of their applications and decide, “These sit perfectly in my private data centre because of security or latency or response time.” Then you have other applications that you can easily put into the public cloud because maybe their use could be up in three weeks, perhaps there is a three week marketing campaign, or they might be there for a long time but they are not that sensitive so it’s the cost-efficiency is better.

What we’ve done is we have then worked out the solutions to help to make sure that no matter if your application resides in your private data centre, or a colocation data centre or in the public cloud, F5 can assist with the migration and the security policy to enable the same security no matter where you are. That was the essence of that report.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive