Historically, many people assume that cybersecurity is a relatively new concern, ascending as a priority within the last decade. Practically speaking, though, cybersecurity dates to the 80s, before most people even had a computer. In 1988, Robert Morris accidentally created a computer worm, which slowed the early Internet down significantly. This was an era when few people were concerned about malicious software and no one had protective software installed. It infected 10 percent of the computers then on the Internet.
Today’s Internet is much larger, but perhaps not much more secure. Some things have actually gotten worse. Today, many more cyber adversaries are after applications, as they represent the defining value propositions for most businesses. As in the F5 Labs’ 2019 Application Protection Report, “Any way you measure it—by port, by breaches, by compromised records—applications are the number one target on the Internet.”
The trend of digital transformation has also increased the application footprint (consider different and expanding form factors like web, mobile, APIs, microservices, bots, and more). Additionally, modern app architectures are diverse in nature and extend across hybrid and multi-cloud environments, with each app service carrying a potential for compromise and increased exposure. The need to protect each app service has become more vital since app layer attacks remain the #1 type of attack.
Standard security tools generally fall short in defending against sophisticated attack campaigns, as some are difficult to detect automatically. For comprehensive app protection, modern web application firewalls (WAFs) need to be equipped with live, strategic, and actionable threat intelligence. And while manual threat hunting in-house might be the best path for some organizations, it may not constitute a practical approach in terms of cost and efficacy.
F5’s approach: To better address the security landscape described above, F5 has introduced its Threat Campaigns subscription as an add-on service to F5 Advanced WAF. The service helps customers protect their applications and IT infrastructure from sophisticated attacks by detecting active attack campaigns and malware.
Returning to the historical comparison, figuring out who is behind particular attacks is not as easy as waiting for that person to get worried and send out apology notes and warnings, as Morris did in 1988. F5 Threat Campaigns can proactively gather context on target information, payload analysis, tactics, prevention, malicious requests, and intent. In return, there are fewer false positives, enabling the security team to mitigate effectively and leading to lower overall costs.
F5 is helping businesses digitally transform by enabling developers, security teams, and operations to scale their security capabilities without impacting business velocity. The value of accurate, insightful data is realized by detecting and acting upon a threat before the attack occurs, not a month after the breach. The F5 Threat Campaigns offering provides a glance into a hacker’s preliminary approach to block attacks proactively.
Like any security solution, F5 Threat Campaigns won’t solve all your problems, but it can be an essential line of defense. Applications are integral to organizations' business models—and in many cases not only are businesses dependent on apps, but the apps are the business (consider companies like Airbnb, Uber, Netflix).
Many of today’s most prevalent attack types aren’t new, but they remain commonly seen as not everyone understands the risks and how to mitigate them properly over time.
The underlying equation is simple: If applications lack security, organizations lose business. There is no modern world without cybersecurity, and not everyone can outpace the proverbial bear that’s after the livelihood of organizations and their competitors. Cyclically, the more cybercrime we see, the more cybersecurity will emerge (and vice versa).
This is why we’ll continue discussing them. And this is why cybersecurity is becoming even more relevant in an age of digital transformation.