If everyone is thinking the same, someone isn't thinking

Lori MacVittie

Subscribe to Lori MacVittie: eMailAlertsEmail Alerts
Get Lori MacVittie via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: CEOs in Technology, Cloud Computing, Infrastructure On Demand, Cloudonomics Journal, Infrastructure 2.0 Journal, Secure Cloud Computing, CIO/CTO Update, Telecom Innovation, Java in the Cloud, Big Data on Ulitzer

Blog Feed Post

Building a Proactive Threat Management Infrastructure One Service at a Time

Personalization is usually the first application mentioned for big data, but security may be of even more value

We (as in the corporate “we”) recently postulated that it was time “time to ratchet up the protection afforded users and the business by leveraging big data in a way that enables attacks to be prevented, not just deflected or avoided.”

Actually, it’s well past time we applied the tremendous amount of information that is available to defending and protecting corporate assets. Security experts and pundits have long posited that a proactive approach to security is called for, that the reactive approach of the past is no longer sufficient to protect the business from compromise, from revenue loss, from infection, and from breaches.

One way we can enable a more proactive security strategy in the enterprise is to start enabling infrastructure with the intelligence necessary to make real-time decisions regarding the threat posture of every single connection. No more sampling, no more guessing, no more after-the-fact alerting from monitoring systems.


This is increasingly important, as 98% of breaches documented by Verizon in its 2012 Data Breach Investigation Report stemmed from external agents – an increase of 6% over the prior year – with malware cited as a contributing to over two-thirds of the 2011 caseload and 95% of all stolen data. Perhaps if organizations involved had been able to identify that the end-point connecting was known to be infected or a known distributor of malware, many of the breaches might have been avoided.



Attempting to do just that is the reason F5 is building out an ecosystem that delivers intelligence to strategic infrastructure services. The goal is to leverage big data and cloud computing to provide key components of the context required to proactively make access decisions with respect to corporate resources. The first subscription-based service in the line-up is IP Intelligence, which provides updates on IP threats. The service draws on the expertise of a global threat-sensor network to detect malicious activity and IP addresses. Even when the BIG-IP device is behind a content delivery network (CDN) or other proxies, the IP Intelligence service can provide protection by looking at the real client IP addresses as logged within the X-Forwarded-For header to allow or block traffic from a CDN with threatening IPs.

The capability to detect the threat before it can launch an attack enhances perimeter security, including mitigating DoS attacks and preventing potential fraudulent transactions. The use of intelligent, behavioral and reputation-based context applied to connections enables protected applications to better scale and perform consistently, as well as increases downstream device throughput and ability to evaluate more efficiently those requests that are allowed past the network boundary.

All BIG-IP systems will be able to take advantage of IP Intelligence via iRules, through a new command that queries the IP Intelligence service. A simple, easy to configure interface is also available in BIG-IP Application Security Manager (ASM) that includes the ability to whitelist IP addresses, because we all know what happens when the CEO is blocked.

The intelligence required to balance legitimate access needs from anywhere to corporate resources goes well beyond a simple reputation lookup, however. It’s not always enough to simply allow or deny access based on reputation, as it may be the case that an employee is ensconced in a meeting room, far from corporate IT, on a network from which an attack has been previously launched. Further evaluation may be necessary; a combination of client, user, reputation, and location may be needed to make a final decision to allow or deny. The whole is greater than the sum of its parts, and sometimes it is the context of the request – all relevant variables – that are necessary in order to intelligently make a decision. BIG-IP enables this level of intelligence, allows operators to dig into all the factors in the equation, and make an intelligent decision based not only on pure data but data balanced with risk and business requirements.

It is the combination of employing intelligent inspection with IP Intelligence that further enables IT to proactively manage access while mitigating risk. It enables IT organizations to effectively deal with emerging threats and trends like BYOD and cloud computing with confidence. IP Intelligence enriches the already robust context-aware capabilities of the BIG-IP system and puts the ability to codify complex multi-variable policies into the hands of IT, where it belongs.

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.