BLOG

F5 WAF Support for AWS Security Hub – Empowering Centralized Security Reporting

Tom Atkins Miniatura
Tom Atkins
Published November 28, 2018

As digital transformation has become a requirement among corporations globally, cloud adoption has been accelerated by the need to deliver more applications to market in less time, while optimizing expenditure. This, in turn, has led to an increased need for application developers over recent years, with that trend set to continue into the foreseeable future. In fact, it is estimated that the number of software developers worldwide currently stands at 23 million, with that number projected to soar to 27.7 million over the next five years.

Combining the growing number of developers within IT organizations with the architectural freedom and agility of the public cloud has, in many cases, led to more and more siloed deployments across application teams. This often causes huge challenges for security teams, as individual teams begin adopting readily available cloud-native security offerings (such as AWS GuardDuty or AWS WAF) while others might leverage products from traditional security vendors like F5’s Advanced WAF. And when you consider that the average enterprise already uses 75 security products to secure their network and applications, the result is the continued expansion of a diverse security portfolio. This makes obtaining a holistic view of a company’s security and compliance posture even more challenging.

For security teams who find themselves in this position, the recent preview release of the AWS Security Hub might just be the answer. Offering a comprehensive view of high-priority security alerts across various AWS-native, and AWS Marketplace third-party partner security solutions, AWS Security Hub is able to provide visibility into key findings of numerous disparate security solutions—all from a single pane of glass. And at a time when security teams are often overwhelmed by diverse concoctions of alerts from differing sources, the need to distill these down to just the most critical of threats to improve efficiency has never been more vital. In other words: more signal, less noise.

As a launch partner of this new service, F5 recognized the need for its customers to simplify and consolidate security proceedings beyond that of just its own product portfolio. As such, F5’s industry-leading Web Application Firewall solutions (Advanced WAF and BIG-IP ASM) can now be integrated with AWS Security Hub, allowing predefined alert information from blocked traffic (such as attack type, source, etc.) to be escalated to this central console for further review, alongside inputs from other security products. Additionally, with automated compliance checks AWS Security Hub can assess F5 WAF configurations to ensure compliance with industry requirements specified by users. Shown in Figure 1 below is a sample architecture showcasing F5’s integration with AWS Security Hub, and in Figure 2, you’ll see an example of how alerts received from F5 WAF appliances are highlighted within the AWS Security Hub console.

Figure 1 – Representational architecture of F5’s integration with AWS Security Hub
Figure 2 – Example F5 WAF findings in AWS Security Hub console

For more information about F5’s Web Application Firewall solutions or any of its other application delivery services on AWS, please visit us at F5.com or in the AWS Marketplace. Alternatively, if you happen to be attending AWS re:Invent this week, feel free to stop by our booth (#1640) and discuss the matter with our experts.