Hybrid Web Application Firewall

1y ago
27 Views
2 Downloads
2.58 MB
56 Pages
Last View : 9d ago
Last Download : 3m ago
Upload by : Brenna Zink
Transcription

Application Protection Sales PlayHybrid Web Application Firewall

Hybrid WAF PrerequisitesThis playbook assumes a basic understanding of BIGIP ASM and Silverline WAF technologies, use cases,and value, based on existing training materials.BIG-IP ASM educationWeb based training and product information Product Training https://university.f5.com/ Follow us on f5.com: Application Security Manager Manuals and Release Notes on f5.comSilverline WAF educationProduct information Follow us on f5.com: Silverline WAF Onboarding Tech. Notes on f5.com F5 Networks, Inc.2

Topics To Drive Hybrid WAF WinsTOPICMake More Money Selling Hybrid WAF!WAF Market And Customer ChallengesRethink Security Architectures with App PerimeterIdentify Hybrid WAF OpportunitiesSelling Hybrid WAFSelling Silverline WAFdescribes what the salesperson should do indifferent situations they might encounter whenselling the product.Help new salespeople coming on board butshould not be considered a substitute forsales training.Winning With Hybrid WAFHow Customers Buy F5Note: You should be trained already in BIG-IP ASM/Silverline WAF F5 Networks, IncUse as a resource for trained salespeople toleverage in recalling best practices in real-time,helping identify where best opportunities are,what impediments to sales success exist, andhow to marshal resources and messages totackle both.3

Make More Money Selling Hybrid WAF!Make More Money Selling Hybrid WAF!What’s In It For You? Expand your business and sell Hybrid WAF protecting all web apps Increase deal size of existing DDoS Protection with App Protection (ASM/ Silverline WAF) Set the stage for future solution offerings tied to the broader security portfolio F5 Networks, Inc4

Understanding the WAF Market andCustomer Challenges

WAF Market and Customer ChallengesKey Takeaways For Market And Customer Challenges1 F5 is a recognized challenger in a growing marketWAF market growth driven by increases in app2 attacks, mobility and cloud adoption3 Protecting applications creates new customerchallenges and opportunities for F5 F5 Networks, Inc6

WAF Market and Customer ChallengesF5: Recognized As Leading Challenger In Growing MarketWeb Application Firewall (WAF) Market size, Growth and TAM through 2017WAF Total Addressable MarketMarket Growth and Revenue Trends500TAM in 2015 stands at 407M trending toward 492M in 2017450 WAF market growth from 306 million in 2013 to 500 million by 2018, with a CAGR* of 17.2%400350300 Gartner recognized F5 as the leading challenger toImperva, backed by an unmatched ability toexecute250200150100 Largest revenue generating industries: Banks,Insurance, E-commerce, and Government Over 50% of public web apps will use WAFsdelivered as a cloud service or internet-hostedvirtual appliance by 2020 F5 Networks, Inc.5002012-20132014Infonetics, Q4CY2013Gartner, Q4CY2013IDC, 2013Gartner WAF MQ 2014, F5* Technavio report, titled, “Global Web Application Firewall (WAF) Market 2014-2018 ”2015201620177

WAF Market and Customer ChallengesWAF Market Growth Driven By Increases In App AttacksEVERY23 Mins.A WEBSITE ISHIT BY ACRITICALEXPLOITF5 Security Research2.3M Botsactively attackingSymantec Internet SecurityReport 201486% of websites 1 serious vuln.;56 vulnerabilities per website on avg.WhiteHat Security Statistics Report 201589% of IT security budgets increasing56% employ WAF as part of thesecurity threat defense moving fromcompliance to security (2015 Cisco AnnualSecurity Report).have an organized effortfor app patching. 2015 Cisco Annual Security Report 40%2014 Cyber Defense report, Bluecoat.36% use hybrid security and100S F5 Networks, Inc.Internet of things emergingHundreds of devices andapplications introduce attacker exploitsincreasing to 48% over the nextcouple of years*8

WAF Market and Customer ChallengesMobility, Cloud Adoption, & App Migration Increase OpportunitiesUsers are goingMobileCloud and SaaSbased applicationsare being deployed more than,and faster than, ever beforeMost applications areWeb applications F5 Networks, Inc9

WAF Market and Customer ChallengesApplication Attacks Hurt Our CustomersEvolving security threats 1M 1221.5MCost of single cyberattack can be wellabove 1,000,000Successful attacksper week1 Damages brand reputation Results in significant downtime andrevenue loss Compromises sensitive enterprise,employee and customer data Breaches compliance required toconduct business onlineMonitored cyber attacksin US2Source: 1 Ponemon Institute, Cost of Cyber Crime Study, 2 IBM Security Services, 2014 Cyber Security Intelligence Index F5 Networks, Inc10

WAF Market and Customer ChallengesApplication Threats Create Customer Challenges AndOpportunities For F5How can I protect my businessagainst zero-day attacks andvulnerabilities?Where can I find WAFpolicy experts?How can I protect cloudand SaaS applications,quickly? F5 Networks, IncHow can I maintain complianceacross hybrid environments?How can I scale protectionwithout upfront ITinvestments?How can I driveoperational and costefficiencies?11

Rethink Security Architectures withApp Perimeter

Rethink Security Architectures with App PerimeterKey Takeaways For Rethink Security Architectures1 Understand the new perimeter is an app perimeterF5 architecture is the foundation for defense against2 advanced threats3 Security messaging hierarchy helps you recommendthe best solutions F5 Networks, Inc13

The New Perimeter Is An App PerimeterRethink Security Architectures with App PerimeterApps Are The Gateway to Data!TRADITIONALF5APPSSLSSLAppSSLTRADITIONAL NETWORK PERIMETERPER-APP / PER-USER PERIMETERSSL-visible Location-independent Session-based Continuous trustverification Strategic control points App availability IT’S TIME TO RETHINK SECURITY ARCHITECTURES F5 Networks, Inc14

Rethink Security Architectures with App PerimeterF5 Architecture For The New PerimeterFull Proxy defense against advanced security threats Chain Security Services SSL inspection Access & app protection Partner ecosystem Execute Protection Performance & scalability Hybrid delivery Per-app defense F5 Networks, IncInspection ZoneUser SideEvaluateContextChainServicesDeployment ModesRiskReputation BehaviorLocation User/Device12ExecuteProtections Evaluate Context User, device, location, etc. Behavior Threat risk vs. app LSTRONG AUTHWEB APP FIREWALLURL FILTERINGApp Side3RouterClone / MirrorICAP / ProxyL2 BridgeNGFWIDSDATA LOSSPREVENTIONAPTSCANNINGWEB APPFIREWALLPACKET /FORENSICSANTIVIRUSIPSA FOUNDATION FOR MORE COMPREHENSIVE SECURITY15

Rethink Security Architectures with App PerimeterF5 Security Messaging HierarchyF5 Corporate Messaging &Security Architecture MessagingF5 App AccessF5 App ProtectionSales PlaysSSLEVERYWHERE F5 Networks, IncDDOSPROTECTIONAPP PROTECTIONAPPACCESSWEB FRAUDPROTECTION16

Identifying Hybrid WAF Opportunities

Identify Hybrid WAF Opportunities4 Key Steps to Identifying a Hybrid WAF1 Every organization needs app security2 Identify your target persona3 Ask target persona qualifying questions4 Determine which WAF deployment is right F5 Networks, Inc18

Identify Hybrid WAF OpportunitiesStep 1: Every Organization Needs App SecuritySERIOUS VULNERABILTIES! Government64% of the time Hospitality55% Transportation55% Manufacturing51% Other services (everything else) 53% Healthcare50% Utilities36% Finance and Insurance 35% Information Retail and eCommerce 29% Education35%INDUSTRY NEEDS HELP WITH! Critical web apps and compliance Apps interfacing with sensitivedata History of downtime due to appattacks Cloud-based or 2 tier appsunprotected Finding and PatchingSerious Vulnerabilities!27%Window of exposure for at least one serious vulnerability(WhiteHat Sec. Stats 2015) F5 Networks, Inc.19

Identify Hybrid WAF OpportunitiesStep 2: Within Each Org., Identify Target PersonasEXECUTIVELEADERSECURITY/ NETWORKVP, DIR., ARCH.APPLICATIONOWNERCOMPLIANCE MGRConcerned with the cost,necessity and ROI;adapting traditionalbusiness, technology,commerce, andmarketing practices to adigital world.Defines andImplements networkinfrastructureDeploys and manages theapp service & roadmap andensure the success ofbusiness/appMaintain PCI regulatorycompliance Managing organizationallosses due to databreaches and attacks Maintaining compliance Data centerconsolidation Deploys, maintains,and reports onsecurity controls Investigates securityincidents Collaborate with othersto identify and defineeffective controls Ensures services that meetkey customer needs & keycompliance standards Assess app health andensures availability,performance and security Drives efforts to patchvulnerabilities Maintains awarenessof compliance risks; Ensures compliance Reports on theeffectiveness of WAFsolutions F5 Networks, Inc.20

Identify Hybrid WAF OpportunitiesStep 3: Ask Target Persona Qualifying QuestionsUncover Hybrid WAF Opportunities! How do you protect against L7 Attacks? How are you complying with PCI-DSS? How do you reduce non-human traffic to your website? Do you have SaaS applications you need to deploy, or web applications you intend tomigrate to the cloud? How quickly will you be able to deploy WAF policies to protectthem? What are the implications for performance when enabling current WAF policies?Critical Question! Do you have resources to manage security policy with each application? F5 Networks, Inc.21

Identify Hybrid WAF OpportunitiesStep 4: Determine Which WAF Deployment Is RightDo you have resourcesto manage securitypolicy with eachapplication?YESSHOWCASE THE APPSECURITY VALUE OFBIG-IP ASM SILVERLINE WAFSee Slide 20 F5 Networks, IncNOTIP:Both optionsbuilt onBIG-IP ASMSHOWCASE THEMANAGED SERVICESVALUE OFSILVERLINE WAFSee Slide 2722

Identify Hybrid WAF OpportunitiesIf Still Unclear, Consider the Following PositioningProspect ConsiderationsBIG-IP ASMSilverlineWAFHave resources to manage WAFNeed to maintain app blocking controlHelp required from professional servicesPCI compliance challengesVA/DAST part of app development/protectionHybrid WAFDeploymentMust protect cloud-based appsMust protect tier 2 appsPrefer outsourcing app securityRequire 3rd party policy creation with 24x7x365 supportSilverline WAFDeploymentSell the Appropriate WAF Solution! F5 Networks, Inc23

Selling Hybrid WAF

Selling Hybrid WAF4 Key Steps to Selling Hybrid WAF1 Cover key functionality in your conversation2 Highlight Hybrid WAF validations3 Showcase the value of Hybrid WAF differentiationsStress flexible deployment options and handle4objections F5 Networks, Inc25

Selling Hybrid WAFStep 1: Cover Key Functionality In Your ConversationPROTECTS AGAINST LAYER 7 ATTACKS WITH HIGHEST LEVEL OF on inthe datacenter, cloudor virtualenvironmentsMaliciousBOTProtection― Provides a proactive defense against automated attack networks― Identifies, blocks and enables deeper analysis of BOT attacksAppVulnerabilityPatching Integrates with leading DAST scanners for immediate patching of vulnerabilities Streamlines and increases accuracy of vulnerability patchingDynamicSecurityVisibility,Compliance &Reporting F5 Networks, Inc. Delivers a full-proxy architecture with intrinsic application security Enables immediate defense against Layer 7 DDoS, Webscraping, and OWASP top 10 Maintains IP Intelligence identifying bad actors and whitelisting acceptable users Easily correlate malicious activities with violations to identify other suspicious events Provides quick views of events for analysis with drill downs to attack details Helps ensure compliance such as PCI-DSS with easy read reports and graphs26

Selling Hybrid WAFStep 2: Highlight F5 Hybrid WAF 3rd Party Validation#1 most deployedWAF worldwide!!#1 most effective WAFin enterprise class!!99.89.124 F5 Networks, Inc*451 Research reports that leadership inWAF has transitioned from Imperva to F5.% Overall securityeffectiveness% Minimal falsepositives**Source: NSS Labs Web Application Firewall Product Analysis: F5 BIG-IP ASM 10200 v11.4.0;27

Selling Hybrid WAFStep 3: Showcase the Value of Hybrid WAF Differentiations #1 Most Effective WAF (NSS Labs) 2780 signatures for best protection Enable transparent protection fromever-changing threats Reduce risks from vulnerabilities withdynamic VA/ DAST integrations Engage unique BOT detection (rapidsurfing, intervals, event sequence) #1 Most Deployed WAF (451 Research) 10 of OWASP attacks mitigated withon-box reporting Most programmable and extensibleWAF solution available (iRules VIPRION) Deploy full-proxy* or transparent fullproxy (bridge mode)*F5 unique full-proxy WAF isolates application traffic, services, and infrastructureresources to withstand L7 attacks from client-side and server-side data leakage. F5 Networks, Inc28

Selling Hybrid WAFStep 3: Highlight Dynamic One-Click PatchingUnsurpassed integrations: BIG-IP ASM and leading DAST vendors2. Recommend vulnerability assessment*(VA) scanning virtual patching1. Apps have vulnerabilities! Finds a vulnerabilityVirtual-patching with one-click on ASMManual patching guidanceVA/ DAST Solutions Vulnerability checking,detection and remediationComplete website protectionWhiteHatQualysIBMHP3. Fast verification and policy deployment F5 Networks, IncVerify, assess, resolve and retest in one UIAutomatic or manual creation of policiesDiscovery and remediation in minutesAutomatic notification of website changes*29

Selling Hybrid WAFStep 5: Stress Flexible Deployment OptionsData CenterDevicesSecuring applications in the cloudLoad Balancing DDoS Protection Application SecurityInternetProtection in the datacenterVIPRION PlatformBIG-IP ASM Install on any BIG-IP platform to protect applications in thedatacenter. Deploy as an add-on to BIG-IPs in use or run it as astandalone.BIG-IPVirtual EditionASM VE Activate security servicesclose to apps that havemoved to the cloud Accelerate development.and testF5 Silverline WAF Protection Recommended for fast activation ofASM protections for SMB’s andenterprise-wide SAAS and tier 2applicationsHint! Pitch Hybrid WAF in Every Deal! F5 Networks, Inc30

Step 6: Handle Hybrid WAF ObjectionsSelling Hybrid WAFObjectionResponseWe already have existingprotection solutions, whatvalue does F5 add? F5 provides more flexible hybrid WAF protections that guard against sophisticatedattacks like shell shock, poodle, and provides advanced proactive bot defense.We do not have familiaritywith ASM and would needto develop needed skillssets BIG-IP ASM is an effective solution for even a novice user with step by step hints.Why should I choose F5Hybrid WAF over othersolutions? F5 Hybrid WAF delivers most comprehensive set of capabilities with highest levelsof security effectiveness compared to other vendors such as Imperva. F5 Networks, Inc. Hybrid WAF integrates with AFM to consolidate the datacenter, accelerateperformance and protect against DDoS attacks. ASM is equipped with a set of pre-built application security policies that provideout-of-the-box protection for common apps requiring zero configuration time Better price per performance than most solutions including SecureSphere andprovides unsurpassed DAST support, and protection against automated Bots.31

Selling Silverline WAF

Selling Silverline WAF4 Key Steps to Selling Silverline WAF1 Share key value and underscore ASM foundation2 Position Silverline WAF appropriately3 Emphasize the F5 SOC and key differentiators4 Handle objections and engage Silverline sales experts F5 Networks, Inc33

Selling Silverline WAFStep 1: Share Key Silverline WAF ValueProven security effectiveness as a convenient cloud-based service Protect web apps and data from layer 7attacks with F5 cloud-based WAF Leverage 24x7x365 F5 SOC support forpolicy creation and attack management Enable compliance, such as PCI DSS Outsource app security expertiseCloudL7 Protection:Geolocation attacks, DDoS, SQLinjection, OWASP Top Tenattacks, zero-day threats, AJAXapplications, JSON payloadsLegitimateUserAttackersPrivate CloudHosted Web AppWeb Application FirewallServicesWAWAFFF5 SilverlinePhysical HostedWeb AppVA/DAST ScansPolicy can be builtfrom 3rd Party DAST F5 Networks, IncPublic CloudHosted Web App34

Selling Silverline WAFStep 2: Underscore ASM foundation of Silverline WAFRuns on #1 most effective and #1 most deployed WAF99.89% overallsecurityeffectivenessdatacentersworldwide thanany other WAFDeployed in moreRecognized WAFon #1 ADC in themarketSilverline WAF built on BIG-IP ASMWAFVIPRION Platform F5 Networks, IncBIG-IP PlatformBIG-IP Virtual EditionF5 Silverline35

Selling Silverline WAFStep 3: Position Silverline WAF AppropriatelyAll the capabilities of BIG-IP ASM, now a managed services offering.WHAT IT ISWHAT IT IS NOT Fully managed enterprise-gradeservice built on BIG-IP ASM Managed service for on-premisesASM within a customer’s datacenter Service which the SOC creates,modifies, monitors and tunes allpolicies on behalf of the customer Self-service portal in which thecustomer configures their ownpolicies (NOT Self-Service WAF) Customer portal showing violationevents, proxy statistics and reports* CDN (content distribution network) Pay-as-you-go, monthly, limitedservice* Limited on initial release F5 Networks, Inc36

Selling Silverline WAFStep 4: Focus on Two Common Use CasesPROTECT SECONDARY WEB APPSPROTECT ALL WEB APPS1. Keep BIG-IP ASM on-premises toprotect primary, business-critical apps1. Deploy Silverline WAF and protect allapps no matter where they reside2. Deploy Silverline Web App Firewall toprotect secondary apps2. Drive operational and costefficiencies Applications moving to the cloud SaaS apps Customers without sufficient securitystaff to manage WAF policies Customers building cloud datacenters Productivity apps Legacy apps Less frequently used apps Need a simpler way to provide consistentWAF protections across hybrid instancesNO APP LEFT UNPROTECTED F5 Networks, Inc37

Selling Silverline WAFStep 5: Emphasize The F5 Security Operations Center (SOC)Reduce operating costs by outsourcing WAF policy management to F5 SOC expertsF5 security experts proactively monitor,and fine-tune policies to protect webapplications and data from new andemerging threats. Expert policy setupPolicy fine-tuningProactive alert monitoringFalse positives tuningDetection tuningWhitelist / Blacklist Set up andmonitoring F5 Networks, IncF5 Security Operations CenterExpert Policy Setup andManagementAvailability & SupportActive Threat Monitoring38

Selling Silverline WAFStep 6: Highlight Silverline WAF Key Differentiators Designed with #1 most deployed andeffective WAF: BIG-IP ASM High level of service from F5 SOCexperts: Gain attack insights via F5Customer Portal 24x7x365 SOC support Expert policy creation F5 Networks, Inc 2780 signatures for best protection Dynamic vulnerability protections withthe ability to share VA/DAST scans Highly-customizable programmability Design iRules and iApps to protectagainst zero-day threats Future integrations with BIG-IP ASM toprovide hybrid WAF services and APIs39

Selling Silverline WAFStep 7: Handle Silverline WAF ObjectionsObjectionResponseOther cloud companieshave 20 POPs, you onlyhave four. How muchadditional latency should Iexpect with F5 service? No other cloud competitor uses purpose-built WAF appliance such as ASM, thus noone has a greater footprint with the capabilities of Silverline WAF.Other companies havebundles in performance/CDN functionality. Using BIG-IP, we have many inherent performance capabilities to cache andaccelerate the application, as well as industry leading SSL accelerationThe service seems to belimited in user control (selfserve). This was by design as the initial product was aimed towards customers who wantedthe security of ASM, while reducing the complexity to manage it.I don’t want to provide mySSL keys in the cloud. Some customers are designing a SSL DMZ where they have separate certs/keysbetween us and the client, and again between us and the origin. F5 Networks, Inc The more POPs that are introduced into a network, the longer it takes to propagatepolicies. This is critical when it comes to new attack vectors and zero day threats. Silverline was the first to build a service that integrated with the complexity of apurposed built WAF product (ASM). More Portal updates coming soon.40

Winning With Hybrid WAF

Winning with Hybrid WAFF5 Customer Case StudiesLTMASMAPMAFMAAMGTM“The attacks happen; the attacks getblocked. If we need to changesomething, the interface is simpleenough that we can go in and make allthe adjustments in a matter of minutes—without taking anything offline.”VIPRION--Chris Thomas, Network Manager, CARFAXKey Benefits of F5 Guards against data theft Refuse all traffic from countries where they don’t dobusiness Simple UI supporting changes in minutes Easy to manage as part of a consolidated platformView video on F5.com F5 Networks, Inc42

Winning with Hybrid WAFF5 Customer Case StudiesLTMASM“With the F5 solution, we’re getting farfewer false positives, so we’re allowingmore legitimate traffic,” “Because F5enables deep packet inspection, wecan tell exactly what is causing an errorand know how to fix it.”-- Stuart Lyons, Security Engineer at HKKey Benefits of F5 Reduces filtering of good traffic by minimize falsepositives Eliminates server downtime with virtual patching Provides more granular information , withincreased flexibility and configurability Excellent quality of service with 24x7x365 support F5 Networks, Inc43

How Customers Buy F5As they deploy F5 to more of their application portfolio across the traditional datacenter and private& public cloud environments, F5 offers customers a variety of programs optimized for their hybridcloud strategies and right-sized for CAPEX and OPEX budgets.

How Customers Buy F5Flexible Options To Meet Customers Where They Are GoingPlatforms: Create great customer value with blended1platform optionsLicensing: Choose flexible options across perpetual2 licensing, subscription models and on-demand pricingServices: Select a variety of F5 services and support3options to help customers succeedSizing: Build out the right requirements for ASM and4Silverline WAF quotes F5 Networks, Inc45

How Customers Buy F5Platforms: Create Great Customer ValueF5 Platforms25M2000 series*200M4000 series1Gbps5000 Series3Gbps7000 Series5Gbps10Gbps10000 Series12000 SeriesVirtualPhysicalF5 softwareF5 hardwareProvide flexible deployment options for virtualenvironments and the cloud with Virtual EditionHigh-performance with specialized anddedicated hardwareVirtual Edition is best for:Physical Hardware is best for: Accelerated deploymentMaximizing data center efficiencyPrivate and public cloud deploymentsApplication or tenant-based podsKeeping security close to the appLab, test, and QA deployments F5 Networks, Inc VIPRION 2200Fastest performanceHighest scaleSSL offload, compression, and DoS mitigationAn all F5 solution: integrated HW SWEdge and front door servicesPurpose-built isolation for application deliveryworkloads*Note: 2000 Series appliances is not offered with Better or Best bundlesVIPRION 2400VIPRION 4480VIPRION 4800HybridPhysical virtual hybrid ADC infrastructureUltimate flexibility and performanceHybrid is best for: Transitioning from physical tovirtual and private data center tocloud Cloud bursting Splitting large workloads Tiered levels of service46

How Customers Buy F5Licensing: Choose Flexible Software OptionsCloud options tailored to customer needs for greater flexibility and choiceVolume of F5-backed AppsCloud Licensing Program(CLP)Bring Your Own License(BYOL)Volume Licensing Subscription(VLS)On-demand Utility pricing withhighest flexibility; pay-as-you-go orannual subscription.Perpetual VE License whichSubscription discounts for 100 customer owns and can move across applications; 1 or 3-year terms, up toprivate and public clouds.78% discount. Includes premiumsupport services.Public cloudPublic, private, and hybridPublic, private and hybridBest for deployment flexibility; ondemand consumptionBest for few production workloads orexisting licensesBest for large scale workloadproduction; F5 for every app.OPEXCAPEXOPEXvia F5 or channel partnerPrice/License F5 Networks, Inc 47

How Customers Buy F5Licensing: Find an F5 Ready Public Cloud ProviderVerified by F5 for greater cloud confidenceF5-verifiedBIG-IP products verified byF5 for compatibility in F5Ready clouds.Global-reachingFlexibleF5-verified providers spanAmericas, EMEA, and APAC forbroad reach and selection.Variety of purchase options:BYOL, on-demand Utility billing,Volume Licensing Subscription.Note: F5 adds new partners on a regular cadence, check f5.com/f5ready for the most up-to-date list F5 Networks, Inc48

How Customers Buy F5Services: Select A Variety of Service and Support OptionsDrive Greater ROI With Customers Throughout The Solution LifecycleOptimizeArchitectMaximize performance, health, security Proactive Assessments & Integration iHealth / AskF5 / DevCentral CertificationDesign for best-practices deployments Solution Definition Workshops Design and AssessmentsMaintainImplementEnsure continued availabilityDeploy quickly and optimally Installations and Migrations Web and Onsite Training Upgrades and Expert Services World-class Support Premium Plus and EnhancedServices F5 Networks, IncSell App SecurityPro. Services:1. ASM deployment serviceincluding policy creation2. VA/DAST MitigationService for virtual one-clickpatching49

How Customers Buy F5Services: Optimized For Customer InitiativesEnd-to-end Global Services and Support OptionsTraditional ADCArchitectDesign for best practicesImplementQuick and optimalSecurityCloudSolution Definition WorkshopDeployment & Migration ServicesTraining and CertificationMaintainBacked by F5 SupportMaintenance AgreementsPremium Plus SupportOptimizeMaximize performance, health,security F5 Networks, IncCustomization & ScriptingiHealth Diagnostics & Self-help Tools50

How Customers Buy F5Services: Flexible OptionsPackaged, Custom & HourlyPackagedCustomHourlyLicense: Fixed PriceLicense: CustomLicense: HourlyScoped to meet popularcustomer solutions.Scoped to meet your specificbusiness and solution needs.Flexible procurement options.Small-scale services for ad-hoccustomization and scriptingFocus: Customer andtechnology trends. Carefullyaligned with F5 pricingbundles and popularcustomer solutions.Focus: Complex or uniquesolutions, or where a customercan leverage our deep skills.Focus: Extended applicationverification, complex monitors,iRules scripting, iControl API, andother automated tasks.F5 UNITY Gold or Platinum PartnersDedicated Professional Services staffbacked by F5 certifications F5 Networks, Inc51

How Customers Buy F5Sizing: Build Out The Right Requirements for QuotesSales is often asked how to size ASM for an opportunity?The short answer is: You need to work with your Channel SE.Key things to discuss with the customer: Transactions per second TPS? HTTP RPS average request size? Do they have a team that is focused on applicationsecurity? and patching application holes? Do they want to set & forget to solve a compliancecheck-box?BIG-IP ASM SKU IG-BT-4200V F5 Networks, IncDescription Do they have a DAST (Whitehat) that will drive policymaintenance? Is ASM going to be colocated with something else?(APM, AFM, AAM, LTM) What's going to consume the ASM logs, because wedon't want that on-box?BIG-IP ASM VE and Cloud ExamplesSKUApplication Security Manager standalone (16 GBMemory, Max SSL, Max Compression)BIG-IP Application Security Manager Add-onSoftware Module for 4200v/4000sF5-BIG-ASM-VE-1G-V13BIG-IP 4200v Best Bundle (16 GB Memory, MaxSSL, Max 3DescriptionBIG-IP Virtual Edition Application Security Manager1 Gbps (v11.4.1 - v15.x)BIG-IP Virtual Edition Best Bundle 1 Gbps (v11.4.1- v15.x)BIG-IP Virtual Edition Best Bundle Max VolumeLicensing Subscription (100 Instances, 1 Year)Contact your F5 Channel Account Manager for more information52

How Customers Buy F5Sizing: Build Out The Right Requirements for Quotes Cost of service is determined by:# of SitesCleanBandwidthSOC Hoursof Service Upgrades are available for additional sites, bandwidth, and extended support.Contact your F5 Channel Account Manager for more information F5 Networks, Inc53

How Customers Buy F5Sizing: Build Out The Right Requirements for QuotesSilverline Web Application Firewall Subscription1YR SKU3YR SKU# of SitesBandwidth (95th Y550 10100 50500 1002 2002 Gbps/monthRequired SOC Services Hours of ServiceRecommended SOCService SKUs basedon Sites/Bandwidth20 hrs Per SKUF5-FAS-SOCS-20H-1Y40 hrs Per SKUF5-FAS-SOCS-40H-1Y60 hrs Per SKUF5-FAS-SOCS-60H-1Y80 hrs Per SKUF5-FAS-SOCS-80H-1Y100 hrs Per SKUF5-FAS-SOCS-100H-1Y1hr for extendedworkUpgradesAdditional BandwidthSKUF5-UTL-FAS-SOCS1HAdditional Sites1YR SKU3YR SKUAdditional Bandwidth1YR SKU3YR SKUAdditional SitesF5-FAS-WAF-ADD-50M1YF5-FAS-WAF-ADD-50M3YAdd 50 Add 5 SitesF5-FAS-WAF-ADD100M1YF5-FAS-WAF-ADD100M3YAdd 100 Add 10 SitesF5-FAS-WAF-ADD500M1YF5-FAS-WAF-ADD500M3YAdd 500 Add 50 SitesF5-FAS-WAF-ADD-1G-1YF5-FAS-WAF-ADD-1G-3YAdd 1 Gbps/monthF5-FAS-WAF-ADD100S1YF5-FAS-WAF-ADD100

TAM in 2015 stands at 407M trending toward 492M in 2017 WAF Total Addressable Market WAF market growth from 306 million in 2013 to 500 million by 2018, with a CAGR* of 17.2% . - Gartner, Q4CY2013 - IDC, 2013 - Gartner WAF MQ 2014, F5 * Technavio report, titled, "Global Web Application Firewall (WAF) Market 2014-2018 " .

Related Documents:

03. Firewall Configuration 04. Hardening: Establishing a Secure Baseline Advanced Filtering Techniques Firewall Types: Stateful Packet Filters Application Proxies Application Proxies vs. Stateful Packet filters Web Application Firewalls Web Application Firewall Types Web Application Firewall Products

1.1 Purpose. This document describes the ordering guidance for the Cisco Secure Cloud Web Application Firewall (WAF) solution. Cisco Secure Cloud Web Application Firewall (WAF) is a Cisco Secure OEM solution based on Radware's Cloud WAF Service that provides a fully managed, cloud-based application firewall service.

A firewall philosophy is the part of your site's security policy that applies strictly to the firewall, and defines your overall goals for the firewall. Setting and documenting a firewall philosophy provides written guidelines that any administrator can follow in implementing the firewall deployment. If you identify how resources, applications,

Deliverable: Firewall installed per customer's requirements, according to Supported Firewall Configurations and Service Order. 2.1.2 FIREWALL MAINTENANCE Tasks include: Updates to firewall firmware as deemed necessary by Company to keep firewall operating efficiently, securely and with latest usable features and management capabilities.

Internal Segmentation Firewall VPN Gateway The FortiGate-VM on OCI delivers next generation firewall capabilities for organizations of all sizes, with the flexibility to be deployed as next generation firewall, internal segmentation firewall and/or VPN gateway. It protects against cyber threats with high performance, security efficacy and deep .

Web application firewall (WAF) are used to protect web applications without the need to modify them Can be an appliance, server plugin, or filter Commercial Trustwave - WebDefend Web Application Firewall Cisco - ACE Web Application Firewall Citrix - NetScale

Evading IDS, Firewalls,and Honeypots IDS, IPS, Firewall, and Honeypot Concepts IDS, IPS, Firewall, and Honeypot Solutions Evading IDS Evading Firewalls IDS/Firewall Evading Tools Detecting Honeypots IDS/Firewall Evasion Countermeasures 5. Web Application Hacking Hacking Web Servers Web Server Concepts Web Server Attacks .

AXG Web Application Firewall WWW3 DNS Points to AXG WAF when Asked for WWWx HTTP Internet The ACE Web Application Firewall is a full reverse proxy In other words, you can have the DNS server point to the IP address of the WAF to represent the actual Web server At that point, the WAF accepts all requests destined to the Web