|By Peter Silva||
|April 1, 2011 09:00 AM EDT||
As we’ve seen with some of the recent high profile internet attacks, like HBGary, RSA, Google, Comodo and others, no one is immune from being a target and the perpetrators are exceedingly organized, exceptionally skilled and extremely well-funded. Often, the culprits might be better trained than the IT staff deployed to thwart the attacks. The attacks are targeted, elaborate and aggressive, not to mention a bit creative. The attacks are multi-layered in that once one type of attack settles in, another can and will crop up. They are not simply looking to deface a website but they are attempting to steal valuable data. Customer data, intellectual property, state secrets, SSL certificates and other proprietary, highly sensitive information are the top targets. The malware and other penetration techniques are custom made, can adapt and can cover the tracks of those seeking the information. They may start at the network level with DNS, ICMP or SYN flood attacks, then move to the application with Layer 7 DoS, SQL injection, or Cross-site scripts and once compromised, go after the data. Often they try to leave ‘back-doors’ so they can come and go as they please before being detected. And the targets are changing. A couple years ago it was retail and financial, like Target and Heartland, that were getting attacked and while those industries are still coveted kills, security companies, sensitive corporate secrets, and the internet’s overall infrastructure seem to be especially savory these days.
Many organizations do a decent job of securing their infrastructure components but are challenged when it comes to securing their web applications, whether they are hosted in a cloud environment, in-house or both. Forester reported that in 2009, 79% of breached records were the result of web application attacks. An application breach can cost companies significant amounts of money and seriously damage brand reputation. The 2010 Symantec/Ponemon Data Breach Loss Report calculated that the average cost to a company was $214 per compromised record and $7.2 million over the entire organization. Other areas that an organization may have to address as part of the breach include compliance issues, legal actions, public scrutiny and loss of trust.
BIG-IP ASM provides the application protection you require to block the evolving threats no matter where your applications are deployed in today’s dynamic environments. One such threat is the recent ‘Slow HTTP DOS attack,’ which allows attackers to launch a DDoS attack by first sending a POST request with valid ‘content-length’ information and then slowly sending the POST message body, which leaves the server connection open depleting resources and eventually crippling the server’s ability to accept new connections. BIG-IP ASM, a high performance, ICSA certified web application firewall (WAF) can protect against this HTTP vulnerability out of the box with HF-1. Most of our competitors have addressed it through signature updates, or not at all. Signatures are great when they discover Slowloris, not so great when they encounter 5l0wl0ri5.32a.
Today, IT faces a variety of changes that require control points that can adapt dynamically and secure applications and their content as its being delivered from a variety of locations to a mass of users. This is especially true for cloud computing deployments and infrastructures that span between the cloud and the organization’s data center. F5 has the solutions to make any application deployment endeavor swift, successful and secure.
- Researchers To Demonstrate New Attack That Exploits HTTP
- Mitigating Slow HTTP Post DDoS Attacks With iRules (From Nov 2010)
- Mitigating Slow HTTP Post DDoS Attacks With iRules – Follow-up
- Layer 7 DDoS – OWASP (pdf)
- Layer 4 vs Layer 7 DoS Attack
- Denial of Service Attacks Get more Sophisticated
- In 5 Minutes – BIG-IP ASM L7 DoS & Brute Force Protection
- Comodo admits 2 more resellers pwned in SSL cert hack
- McAfee’s website full of security holes, researcher says
|Connect with Peter:||Connect with F5:|
SYS-CON Events announced today Isomorphic Software, the global leader in high-end, web-based business applications, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software ...
May. 4, 2015 07:30 PM EDT Reads: 505
DevOps Summit, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developmen...
May. 4, 2015 07:15 PM EDT Reads: 449
While Docker continues to be the darling of startups, enterprises and IT innovators around the world, networking continues to be a real mess. Indeed, managing the interaction between Docker containers and networks has always been fraught with complications. Without automation in networking, the vision of running Docker at scale and letting IT run the same apps unchanged on the laptop and in the data center or for any cloud cannot be realized.
May. 4, 2015 07:00 PM EDT Reads: 565
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete...
May. 4, 2015 07:00 PM EDT Reads: 4,260
Application metrics, logs, and business KPIs are a goldmine. It’s easy to get started with the ELK stack (Elasticsearch, Logstash and Kibana) – you can see lots of people coming up with impressive dashboards, in less than a day, with no previous experience. Going from proof-of-concept to production tends to be a bit more difficult, unfortunately, and it tends to gobble up our attention, time, and money. In his session at DevOps Summit, Otis Gospodnetić, co-author of Lucene in Action and founder...
May. 4, 2015 07:00 PM EDT Reads: 2,035
“The year of the cloud – we have no idea when it's really happening but we think it's happening now. For those technology providers like Zentera that are helping enterprises move to the cloud - it's been fun to watch," noted Mike Loftus, VP Product Management and Marketing at Zentera Systems, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
May. 4, 2015 06:45 PM EDT Reads: 3,346
“We are a managed services company. We have taken the key aspects of the cloud and the purposed data center and merged the two together and launched the Purposed Cloud about 18–24 months ago," explained Chetan Patwardhan, CEO of Stratogent, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
May. 4, 2015 06:30 PM EDT Reads: 2,848
SYS-CON Events announced today that CenturyLink, Inc., a leader in the network services market, has been named “Platinum Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. CenturyLink is the third largest telecommunications company in the United States and is recognized as a leader in the network services market by technology industry analyst firms. The company is a global leader in cloud infrastructure and ...
May. 4, 2015 04:15 PM EDT Reads: 1,124
Database apps on mobile devices shouldn't stop working when there's limited or no network connectivity. In his session at 16th Cloud Expo, Bradley Holt, a Developer Advocate for IBM Cloudant, will discuss how to bring data stored in a cloud database to the edge of the network (and back again), whenever an Internet connection is available. He will demonstrate techniques for replicating cloud databases with mobile devices in order to build offline-enabled mobile apps that can provide a better,...
May. 4, 2015 04:00 PM EDT Reads: 971
In his session at 16th Cloud Expo, Simone Brunozzi, VP and Chief Technologist of Cloud Services at VMware, will review the changes that the cloud computing industry has gone through over the last five years and share insights into what the next five will bring. He will chronicle the challenges enterprise companies are facing as they move to the public cloud. He will delve into the “Hybrid Cloud” space and explain why every CIO should consider ‘hybrid cloud’ as part of their future strategy to a...
May. 4, 2015 03:46 PM EDT Reads: 564
"Blue Box has been around for 10-11 years, and last year we launched Blue Box Cloud. We like the term 'Private Cloud as a Service' because we think that embodies what we are launching as a product - it's a managed hosted private cloud," explained Giles Frith, Vice President of Customer Operations at Blue Box, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
May. 4, 2015 02:30 PM EDT Reads: 3,611
Puppet Labs on Wednesday released the DevOps Salary Report, based on salary data gathered from Puppet Labs' industry-recognized State of DevOps Report. The data confirms that market demand for DevOps skills is growing, and that DevOps engineers are among the highest paid IT practitioners today. That's because IT organizations today are grappling with how to be more agile and responsive to the business, while maintaining the stability of their infrastructure. DevOps practices, such as continuous ...
May. 4, 2015 02:15 PM EDT Reads: 2,179
"SOASTA built the concept of cloud testing in 2008. It's grown from rather meager beginnings to where now we are provisioning hundreds of thousands of servers on a daily basis on behalf of customers around the world to test their applications," explained Tom Lounibos, CEO of SOASTA, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
May. 4, 2015 02:15 PM EDT Reads: 3,442
Docker is becoming very popular--we are seeing every major private and public cloud vendor racing to adopt it. It promises portability and interoperability, and is quickly becoming the currency of the Cloud. In his session at DevOps Summit, Bart Copeland, CEO of ActiveState, discussed why Docker is so important to the future of the cloud, but will also take a step back and show that Docker is actually only one piece of the puzzle. Copeland will outline the bigger picture of where Docker fits a...
May. 4, 2015 02:15 PM EDT Reads: 5,230
In a world of ever-accelerating business cycles and fast-changing client expectations, the cloud increasingly serves as a growth engine and a path to new business models. Dynamic clouds enable businesses to continuously reinvent themselves, adapting their business processes, their service and software delivery and their operations to achieve speed-to-market and quick response to customer feedback. As the cloud evolves, the industry has multiple competing cloud technologies, offering on-premises ...
May. 4, 2015 02:00 PM EDT Reads: 3,031
In his session at DevOps Summit, Andrei Yurkevich, CTO at Altoros, provided an overview of all the benefits and opportunities, as well as drawbacks of deploying Cloud Foundry PaaS with Juju and compared it to BOSH. Discover the features that overlap, and understand what Juju Charm is, what it is not, where you use one or the other or where you use both BOSH and Juju Charms together. Andrei Yurkevich is Cloud Foundry protagonist and CTO at Altoros. Under his supervision, the Altoros engineering ...
May. 4, 2015 01:30 PM EDT Reads: 3,501
SYS-CON Events announced today the DevOps Foundation Certification Course, being held June ?, 2015, in conjunction with DevOps Summit and 16th Cloud Expo at the Javits Center in New York City, NY. This sixteen (16) hour course provides an introduction to DevOps – the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will res...
May. 4, 2015 01:30 PM EDT Reads: 3,311
Avnet, Inc. has announced that it ranked No. 4 on the InformationWeek Elite 100 – a list of the top business technology innovators in the U.S. Avnet was recognized for the development of an innovative cloud-based training system that serves as the foundation for Avnet Academy – the company’s education and training organization focused on technical training around top IT vendor technologies. The development of this system allowed Avnet to quickly expand its IT-related training capabilities around...
May. 4, 2015 01:30 PM EDT Reads: 597
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
May. 4, 2015 01:26 PM EDT Reads: 486
The Internet of Things Maturity Model (IoTMM) is a qualitative method to gauge the growth and increasing impact of IoT capabilities in an IT environment from both a business and technology perspective. In his session at @ThingsExpo, Tony Shan will first scan the IoT landscape and investigate the major challenges and barriers. The key areas of consideration are identified to get started with IoT journey. He will then pinpoint the need of a tool for effective IoT adoption and implementation, whic...
May. 4, 2015 12:00 PM EDT Reads: 1,069