F5 Networks’ security threat intelligence research team, F5 Labs, has launched a new portal for one of its most popular topics, the Application Protection Research Series. While everything Labs researches is related to application security—reflecting applications’ evolving role as the focal point of the Internet and the most commonly attacked asset—the Application Protection Research Series is oriented around long timeframes, identifying patterns, and the big-picture threat landscape.
As a follow-up to the widely-cited 2018 Application Protection Report, F5 Labs Principal Threat Research Evangelist Ray Pompon envisioned both a wider scope and an accelerated cadence of publication. This will allow readers to consume and act upon intelligence while maintaining the broad perspective needed to put emerging threats in context. For this reason, the report has evolved into a research series, with each episode focusing on specific tiers of the App Stack attack surface model that Pompon developed in 2018 with the F5 Labs Director, Sara Boddy. F5 Labs will publish a final 2019 report containing each of the episodes as well as overarching conclusions and recommendations for security programs.
A recurring theme of 2019 findings has been the difficulty of maintaining visibility within their application environments. While situational awareness in security has always been a problem, it is particularly relevant now, in the context of rapid and foundational changes in how information systems are designed and run. Many disparate but linked developments, such as DevOps, microservices architectures, the growth of APIs, third-party web functions, and heavy use of cloud storage have transferred complexity from code bases to environments and business models. The result is that maintaining awareness of systems has become more difficult. Because of this, the tactics that attackers are finding most fruitful are, for the most part, not new or particularly sophisticated, but rather new incarnations of tried-and-true techniques such as injection or phishing.
One of the takeaways from analyzing hundreds of public breach notices has been correlations between successful attack tactics and organizations’ business models. Organizations whose operations hinge on processing financial information over the Web are likely to experience web hacks, whereas organizations that store their valuable data deeper in their networks are more likely to experience social engineering or other attacks against access controls. In addition to their tactical value for defenders, actionable findings such as these also validate threat intelligence as a critical component of a risk-based security program. F5 Labs’ overarching purpose is to give the initiative back to security professionals, enabling them to proactively address new tactics before they are targeted. As the research series continues, the Labs team looks forward to dissecting trends, identifying anomalies, and delivering intelligence to their audience with the greatest combination of perspective and detail.
F5 Labs has also rolled out a new series focused on foundational concepts in information security, such as the CIA triad, DDoS attacks, and how controls fit into a security program. These educational pieces are designed to help fill in gaps for people new to security or interested in exploring a different niche in what is undoubtedly a niche-filled field. As the threat research continues, Labs will continue to flesh out the EDU series to show how all the concepts (and yes, jargon) presented there fit together into a more comprehensive whole.
Visit https://www.f5.com/labs to find out more!