AUTHORS
Articles by Carina Weyer
Breaches like this give us the opportunity to think about how pervasive APIs are, how critical they are for organizations today, and the unique role they can play in the security (or insecurity) of any application and thus an entire organization.
The C family programming languages have been the standard for systems code for decades, but they're memory unsafe. Lack of memory safety is the largest single source of security vulnerabilities in software, and it's urgent the industry moves to memory safe languages for new systems code.
While security concerns drive the demand for web application firewalls (WAFs), it can be difficult for enterprises to decide which WAF best fits their needs.
Scammers love to leech onto distraction. And the Super Bowl has plenty of that. With emotions high and sense of awareness lower, threat actors will launch some of their favorite tactics, like phishing campaigns and ransomware attacks, to try and make even the most cybersecurity savvy slip up.
F5 has successfully completed the FIPS 140-2 validation process for BIG-IP version 15.1, providing the U.S. public sector and other customers in highly regulated industries with solutions to help them seamlessly operate and stay in compliance.
F5's Bohdan Olinares shares his reaction to the invasion, decision to go to Ukraine, and reflection on the experience.
To secure legacy and modern apps across hybrid and multi-cloud environments, organizations constantly deploy and tune numerous security controls. Since applications are only as secure as the infrastructure they run on, security needs to be extended across the entire architectural stack, from apps and APIs to the underlying cloud-native infrastructure.
DNS (Domain Name System) may be a familiar term to most people, but DNS Load Balancing, also known as GSLB (Global Server Load Balancing), probably is not. In a nutshell, it is a more intelligent version of DNS, enabling the steering of traffic based on applications’ health and client source IP addresses.
The siloes experienced by business and IT can be bridged with the incorporation of Site Reliability Engineering (SRE) into modern enterprise architectures, thereby supporting the transformation journey into an efficient and scalable digital business.
The year 2022 will be remembered as the year the industry finally reconciled itself to the fact that IT is and will be for the foreseeable future, hybrid. The question is, what does that mean for security and, specifically, for app and API security.
Experience is based on perspective, and since you can't build perspective, focus needs to be directed toward architecting a digital service that addresses the technical requirements of a positive digital experience: availability, security, and performance.
Today's enterprise architectures lack the necessary factors of agility, scale, security, and observability, which are key to driving technological change, but these six core capabilities will help businesses manage risk and challenges throughout their digital transformation.
Since F5’s participation as a launch partner in both the AWS Marketplace Consulting Partner Private Offers (CPPO) and standard Private Offer programs, we have continued to advance our cloud-enabled security solutions to become the trusted provider for protecting applications on AWS.
Attention online retailers and e-commerce vendors: When it comes to protecting client-side data and online payments against digital skimming and Magecart attacks, there’s a new sheriff in town.
Why has online fraud become so severe? Changes in consumer behavior, such as a rise in online shopping along with greater adoption of digital payments, have provided more targets for fraud. Buy Now, Pay Later has also become increasingly popular, growing by 300% per year since 2018. Experian predicts this will be a major fraud target, as criminals use stolen or fictional identities to buy items without paying.
Tech prediction roundup for 2023, from cloud computing trends to cybersecurity threats.
While digital transformation efforts continue to accelerate, industries face a major challenge: ensuring application security against malicious bots to minimize business impact. The first task? Explaining the quantitative and qualitative impacts bots have on your business to your board and C-suite.
F5 is proud to announce and celebrate the winners of the F5 North America 2022 Partner Awards. This year’s honorees continuously adapted in an evolving industry, distinguishing themselves with noteworthy accomplishments throughout the year in a variety of areas, including revenue attainment, culture, and innovation.
Adopting a curiosity mindset means replacing, conceptually, the outcome of learning with the process itself. In cybersecurity, this can be a critical trait because bad actors actively aim to exploit the unknown, so exercising feverish curiosity about their next move is how to keep up and even get ahead.
Learn how artificial intelligence and machine learning aid in mitigating cybersecurity threats to your IT automation processes.
Kara Sprague is the newly appointed chief product officer at F5. We recently caught up with Kara to learn more about her new role, F5’s adaptive applications vision, and what steps she and F5 are taking to help customers simplify their operations and secure, deliver, and optimize their applications—today and in the future.
Powered by technology from Threat Stack, F5 Distributed Cloud AIP delivers comprehensive telemetry and high-efficacy intrusion detection for cloud-native workloads. Customers can now better address a larger threat surface with increased visibility and support in securing both modern applications and the infrastructure they run on.
F5 Threat Campaigns is an intelligence service that accurately detects and blocks current and ongoing attack campaigns with virtually no false positives. It leverages a team of security experts dedicated to finding, analyzing, and dissecting real ongoing attacks in the wild, with a tool arsenal that includes a worldwide network of honeypots constantly attacked and targeted by threat actors.
CISO Gail Coury reflects on her recent attendance of the World Economic Forum Annual Meeting on Cybersecurity, combining perspectives of security experts from different sectors and regions to prompt a larger discussion on cybersecurity resilience.
The explosive and expansive use of APIs is contributing to the rise of headless architecture and providing GraphQL a prominent place in this neomodern application architecture.
Fraud keeps increasing in sophistication, often carried out by organized gangs of cybercriminals. As threat actors relentlessly change techniques to bypass security defenses, IT security teams find themselves constantly on the defense—pushing their already-strained resources to the brink.
Each F5er has played a part in building a more diverse and inclusive company and it will take all of us to continue the momentum. We know it’s not perfect and the list of things to accomplish is much longer than the list of those we’ve achieved. But today, we take note of both where we’ve been and where we’re going. And we appreciate the commitment to working together to build a culture where each one of us can be who we are—and where everyone can thrive.
Deloitte projects that e-commerce sales will grow by 12.8% to 14.3%, year-over-year, during the 2022-2023 holiday season. That’s a lot of activity on your e-commerce apps—and not all of it will be from happy holiday elves checking their shopping lists.
With all the greatness digital transformation initiatives can bring, they also come with considerable challenges. In the public sector, this has slowed adoption of many modern investments over the years, but new directives from the highest ranks are reversing this trend.
F5 Chief People Officer Ana White is spearheading an ambitious plan to transform F5’s culture—making the company both human-first and high-performance.
F5 Distributed Cloud Web App and API Protection (WAAP) is dedicated to ensuring that NetOps, SecOps, and DevSecOps professionals can access holistic views with their favorite SIEM vendor platforms.
Application Programming Interfaces, or APIs, are all the rage. While APIs are not new, recent phenomena such as accelerated digital transformation during COVID-19, enhanced software integrations, and efforts to replatform legacy apps for the cloud, has resulted in continuous API sprawl—impacting management, security, and even architectural choices organizations make in order to succeed in the modern digital economy.
Jay Kelley, Senior Manager and Security Product Marketing Lead at F5, flags some of the top World Cup scams and IT challenges to look out for.
Cyberthreats have become increasingly prevalent and sophisticated, giving security teams little choice but to invest heavily in the latest and greatest technologies to protect their application portfolios and data. For many, this leads to deploying a medley of disparate solutions—generally from a multitude of vendors—to achieve a robust security posture against a wide range of threats.
Businesses are on a digital transformation journey and the quality of their digital services impact the digital experience of their consumers—be it human, software, or system. App delivery and security is critical to supporting these digital services and enabling companies to compete in a digital world.
The evolution of monetization capabilities is a frequently overlooked but critical element of the BSS function. That’s why F5’s Service Provider team is partnering with MATRIXX Software and their Digital Commerce Platform (DCP) as a proven solution in production that ignites revenue acceleration as well as improves performance.
To understand why—or why not (yet)—companies have implemented TLS 1.3, F5 sponsored the Enterprise Management Associates (EMA) research report, “TLS 1.3’s Fourth Anniversary: What Have We Learned About Implementation and Network Monitoring?”
Why Digital Transformation in the Public Sector Remains a Major Focus this Year – Part 1, Priorities
With so many competing priorities within public sector agencies, both in IT departments and agency-wide, it can be difficult to realize any meaningful digital transformation gains. Nonetheless, agencies stand to gain significant improvements from digital transformation, despite resource constraints.
Simply put, criminals who utilize bots follow the money, and during the holiday season, that unfortunately may include targeting your e-commerce site.
In part two of our Q&A with Dan Woods, Global Head of Intelligence at F5, we explore what bots do, the risks to be aware of, and how organizations can adapt to the (evolving) challenges.
Applications—how they are built, the infrastructures they run on, and the data that fuels them—are ever-evolving, adapting, and changing. As a result, they open a range of potential new vulnerabilities, expand your attack surface, and present new security requirements that your teams need help solving.
In a recent report, KuppingerCole evaluated many vendors' Web Application Firewall offerings. F5 scored high for attributes including API protection, core WAF capabilities, bot management, DDoS protection, and Admin & DevOps support.
Learn how telcos are modernizing distributed cloud architecture by adapting Kubernetes to support network interoperability with cloud-native infrastructure.
Read how the Threat Stack DevSecOps team increased the stability and improved operational efficiency of the Threat Stack Data Platform by leveraging Apache Spark and Amazon EMR.
Overloaded government agency IT teams face increasing cybersecurity concerns and tight budgets. When you combine this with state and local agencies being some of the most highly targeted organizations by hackers—including malicious state actors and fraudsters—the risk of not having the best protection in place is too great to ignore.
Secure Adobe Commerce applications with F5 Distributed Cloud Services, including bot defense, account protection, and authentication intelligence solutions.
Our Global Head of Intelligence discusses his career to date, his work at F5, and which cybersecurity trends to look out for.
The results of our latest survey—including hundreds of top financial services organization leaders and practitioners from across the globe—reveal what modernization trends tied to digital transformation are top-of-mind, both at the moment and for the near future.
While the topic of public cloud repatriation may be taboo, more organizations are doing it. And our research and data indicate companies applying SRE practices are the most significant 'offenders.'
Given the critical role of DevSecOps in securing the modern enterprise, it follows that bot management should be included among the responsibilities of that particular discipline. Not only is bot management essential to security and thus core to the mission of DevSecOps, but DevSecOps is also ideally positioned to ensure that organizations are well protected against malicious bots.
Public cloud is no longer the bright new shiny toy, but it paved the way for XaaS, Edge, and a new cycle of innovation.
Many of us are finally starting to plan our long-awaited holiday trips and vacations—perhaps the first chance for a real getaway since the pandemic started. You may plan on redeeming those long-untapped air miles or hotel points that have sat gathering dust in your loyalty programs. Imagine your surprise if you find the loyalty points have been siphoned away by cybercriminals who have defrauded or compromised your loyalty accounts.
Dan Woods: When I consider the volume and velocity of automation we’re seeing today, the sophistication of bots that a given set of incentives is likely to attract, and the relative lack of countermeasures I saw in my own research, I can only come to one conclusion. In all likelihood, more than 80% of Twitter accounts are actually bots.
With F5's participation, the Global Privacy Assembly recently published the first intergovernmental guidelines on credential stuffing asserting that this type of threat poses a risk to personal data on a global scale and that data protection laws require that organizations protect against it.
F5 announces our 2022 Tech for Good grant recipients—25 NGOs working to build more vibrant communities around the globe.
Cindy Borovick: As organizations mature in their digital transformation journey, application security and delivery technologies have emerged as a core capability. In parallel, we have learned that organizations' most precious digital assets—apps—need a full range of helpers under the umbrella categories of performance, availability, security, and identity.
You think you solved your bot problem. While performance, analytics, and logs look good, something seems off. All your efforts to improve the digital experience have not borne fruit. Maybe you've taken your bot mitigation vendor through our initial list of items to watch for...but it doesn’t hurt to keep them on their toes.
As workload deployments proliferate across diverse environments and app architectures, organizations want to be able to enforce consistent security controls across all applications, anywhere. F5's vision is to offer a unified suite of market-leading web application firewall tools, enabling organizations to deploy the correct WAF for their use case while sharing policies, telemetry, and insights.
The future of Cloud-Native Cybersecurity arrives with ThreatML with supervised learning. Detection-In-Depth goes beyond anomaly detection to help DevSecOps teams predict threats, vulnerabilities and risks. ThreatML with supervised learning classifies and labels rules to “teach” an inference engine not only how to detect anomalies, but to predict behavior.
Josh Goldfarb explores how enterprise fraud and risk management programs can avoid high levels of false positives and other ‘noise’ that reduce their effectiveness.
Increasingly complex financial services ecosystems are showing new cracks in traditional cyber defenses, and criminals are ready to pounce. Thus, new security efforts must be taken into consideration—and not only for both the financial institution and the FinTech data aggregator, but the customer in the middle as well.
Full-stack observability is possible today, but at a price: cost efficiency and efficacy. eBPF is about to become ubiquitous—supporting Linux and Windows—and change that equation in the process.
Use Threat Stack’s new ThreatML with supervised machine learning / deep learning for cloud security to gain high-efficacy alerts and intrusion detection for compliance audits while avoiding false negatives/positives causing alert fatigue for DevSecOps teams.
NFT marketplaces, and organizations considering other Web3 business models, need to understand and address the fast-changing security requirements of doing business in the metaverse. To be successful, these new digital exchanges will need to offer dynamic security defenses against bot and other cyberattacks to safeguard their NFT investments, marketplace reputation, and the activities and experiences of customers.
Evidence shows a significant shift toward identity-based security, driven by accelerated transformation and the growing importance of APIs. An end result is the eager embrace of zero trust as a foundational approach to security.
Need compliance help? This video explains how supervised machine learning / deep learning for cloud security gives high-efficacy alerts and intrusion detection for compliance audits while avoiding false negatives/positives. No alert fatigue for DevSecOps teams.
Learn how to prevent fraudulent healthcare claims and payouts by mitigating common identity theft and account takeover attacks with these tips and F5 solutions.
Many organizations are planning to deploy data and app distribution workloads at the edge, but to do that will require an edge application platform capable of supporting those workloads. That platform will need to meet the needs of new application patterns and focus on both the ops experience and flow of data and control.
Edge computing is under pressure to simultaneously evolve with each wave of the internet. As we ride the third wave, this next evolution demands the creation of a platform to support new capabilities within the edge ecosystem. A platform that cannot simply be bolted together, but requires a new approach with design considerations at the architectural level.
F5 Labs recently published its annual Application Protection Report, synthesizing data from several sources to understand the evolution of the threat landscape over time, the relationship between organizations’ characteristics and the attack techniques they face, and—most importantly—what security practitioners can do to mitigate the risks.
Not even the stealthiest threats can hide from F5's Advanced Threat Research Center of Excellence. The team conducts rigorous research to unravel the details of today's cybersecurity threats and then shares their insights to help shut them down.
Christine Puccio looks at market and industry trends that point to the value F5 creates in broadening the ways customers can leverage popular commercial marketplaces to procure, consume, and expand the use of solutions from the company’s growing software and SaaS portfolio.
Today, security must fulfill multiple roles: enabler of digital transformation, steward of customer trust, and bulwark of organizational reputation. As an essential element of business success, aligning a company's perception of security as a mindset instead of just a feature represents a cultural change that requires time and effort.
It's been two years since Dan Woods flagged 7 notable cybersecurity myths plaguing organizations. Since then, the world has been shocked economically, politically, and technologically, bringing into focus an additional 7 myths that continue to trip up IT teams.
Guest blogger Sean Wright explores the purpose of certificates and why they play an important role in securing TLS connections.
This year’s State of Application Strategy Report aims to uncover what it takes to be a digital transformation leader. These Digital Innovators are at the forefront for how they interact with customers, how their organizations create products and services, and how their internal operations teams and technology stack deliver these experiences.
The need for multi-cloud and edge deployments stems from the growing digital landscape and accelerating business requirements.
Existing security for the software supply chain is lacking, and it's only going to get worse as organizations modernize ops with SRE approaches. Organizations wanting to survive their digital transformation journey should take this deficit seriously, incorporating secure software supply chain approaches to tooling and operational software from the start.
To help address security needs amid increasing cyberattacks and global supply chain shortages, F5 has teamed with Amazon Web Services (AWS) to offer High Performance Virtual Editions of BIG-IP SSL Orchestrator deployed on AWS. Catherine Newcomb details why SSLO Orchestrator on AWS may be the best choice for you.
Enterprises can help mitigate risk by adopting zero trust architectures and stopping credential stuffing attacks using F5 Distributed Cloud Bot Defense and Account Protection.
Ensure Salesforce Commerce Cloud security by defending and protecting from bot attacks and more with F5 Distributed Cloud Bot Defense, across any channel.
If the intergalactic spacecrafts from our favorite sci-fi shows were to incorporate the core beliefs of Zero Trust when securing their critical systems, they would have successfully prevented a substantial amount of systems attacks and malfunctions.
At the recent TechNet Cyber 2022 conference, F5 presented a session on DoD Edge 2.0, sharing key insights around edge computing and providing additional context for the exciting benefits innovative edge platforms offer the DoD and others. Chad Davis details the highlights.
Complexity is synonymous with operating in multiple clouds. Magnified by the use of APIs and the increasing skills and tools deficit, this complexity isn't going away, but it can be managed.
The enterprise architecture frameworks used by business, established nearly half a century ago, are not sufficient to support today's digital transformation. To successfully become a digital business, business and IT need to modernize their enterprise architecture.
Helping others fills our soul with love and hope. It creates a more meaningful existence, for both ourselves and those we touch through our contributions. Volunteering is one of the most beautiful aspects of being human.
Performance reigns supreme, so much so that businesses would exchange security to see its improvement. In addition, performance presents a significant obstacle to realizing the benefits of multi-cloud strategies and is definitively driving businesses to extend to the edge.
As part of the Amazon Web Services (AWS) Service Ready Program, this designation recognizes that the F5 Distributed Cloud Bot Defense SaaS offering has demonstrated successful integration with Amazon CloudFront, giving joint customers enhanced security in the cloud.
Supervised Learning, ML’s next step, delivers relevant and prioritized threat alerts to SecOps, DevOps, and other security teams, to focus on what’s vital.
Ahmed Guetari explains how a carefully designed cloud can prove transformational for telcos.
Frank Kyei-Manu provides surrounding context on recent reports from Forrester, as well as topics every enterprise should consider when evaluating bot mitigation strategies.
It's become clear that to continue the momentum of their digital transformation journey, organizations need to renew their focus on business functions. While customer-facing experiences are still priority, enabling business functions such as legal, HR, and finance to digitize is necessary. This means CIOs are taking the driver's seat as digital transformation transitions from modernizing aps to modernizing ops.
Discover the major trends of F5's 2022 State of Application Strategy Report to see how businesses adapt app modernization, security, and delivery for the future.
Just when we all thought it was safe to dive back into application development after the pain and churn caused by the Log4j vulnerability and the Log4Shell attacks, here comes yet another beast of a vulnerability to take a chunk out of security and devour valuable resources.
Bart Salaets explores how telcos can make the most of multi-cloud networking.
Dirty Pipe, a vulnerability that takes place in the Linux kernel, allows for overwriting data in arbitrary read-only files, which can lead to privilege escalation by injecting code into root processes. This means that Dirty Pipe can focus on the infrastructure level, but with a comprehensive view of the full environment, vulnerabilities like these can be properly managed as they emerge.
If you’ve tried to buy a car, washing machine, or laptop in the last six months, you know that the global chip shortage is lengthening lead times for consumer hardware pretty much across the board. And the world of IT (including F5) is unfortunately no exception. However, F5 can help you adapt quickly to related supply chain challenges affecting your business with innovative tools like the F5 Journeys Migration Utility.
Digital acceleration punctuates each set of opportunities and challenges that organizations face. Business leaders seek to improve customer experience, transform the business, and differentiate through application portfolios. At the same time, IT operators wrestle with ever-growing security threats, legacy applications and infrastructures, and crushing complexity.
Traditional cybersecurity methods and tools are falling behind as a digital world offers nearly unlimited targets for attackers. Security companies need to capitalize on new hardware and technologies that leverage AI/ML for real-time detection and mitigation of threats at scale.
At a time when speed is of the essence however, IT organizations are increasingly being hampered by lengthening component lead times brought about by the global semiconductor shortage – much to the frustration of developers.
Through the F5 and Promon partnership, customers can quickly and easily implement the full functionality of F5 Distributed Cloud Bot Defense for mobile apps through Promon’s no-code, hassle-free SDK integration platform. This means that Android and iOS apps can be quickly secured (within minutes) without touching the app code. Once secured, the app is immediately ready for distribution via public app stores.
Like most of the global community, we are witnessing the intensifying war on Ukraine with a mixture of shock, grief, and anger. Our hearts go out to the people facing the invasion of their homeland, separation from loved ones, and displacement from the land they love. While world governments determine how to respond to this act of aggression, those of us in the business sphere must address the war on Ukraine as not just a commercial concern, but as a moral imperative.
F5 Distributed Cloud WAAP (Web App and API Protection) is a multi-layered solution that delivers leading WAF capabilities combined with DDoS mitigation and bot protection as well as API protection. By combining all these capabilities into an easly deployed SaaS solution, F5 delivers leading-edge security, enabled by a simplified set of controls, to protect applications and APIs against a wide range of threats.
Achieving security with resiliency and undisrupted availability are the benchmarks of proactive cybersecurity, with the understanding that threats will never stop evolving.
BIG-IP Cloud-Native Network Functions (CNFs) focus on security as part of the migration path to modernize networks, with a zero-copy architecture.
The line between operation and digital systems continues to blur as homes and businesses increase their reliance on connected devices, accelerating the convergence of IT and OT. While this trend of integration brings excitement, it also presents its own challenges and concerns to be considered.
New F5 systems and BIG-IP software offerings are well aligned with the company's vision for adaptive applications as we invest in building solutions that empower customers to manage, modernize, secure, automate, and deploy their applications—whether traditional or modern—across any environment.
Without a doubt, compliance efforts at most financial services organizations are vigilant and ongoing, but even then, they can often fall short in critical regulations and standards. So, what can institutions do to improve their effectiveness? This article identifies three proven approaches and key discussion points to include in regular compliance team planning sessions.
AI is quickly being recognized as integral to the success of digital business with adoption across business, operations, and security. An area not as extensively discussed is the benefits of incorporating AI into development for pattern recognition and modeling.
Leslie Hubertus discusses the recent enhancements and changes driving the new DevCentral, F5's online technical community, highlighting collaborative capabilities designed to help users share IT knowledge and get the most out of their F5 technologies.
F5 Distributed Cloud Web Application and API Protection secures web apps and APIs deployed in multi-cloud and distributed environments, bringing together four key components critical to securing the digital experience for today’s modern enterprises: Web Application Firewall, API Security, Bot Defense, and DDoS Mitigation.
The launch of F5 Distributed Cloud Web Application and API Protection (WAAP) represents significant opportunities for our partner ecosystem and joint customers. This new SaaS offering represents the latest evolution in application security and extends our commitment to securing your enterprise apps—including instances where you work with our partners to maximize security and value.
The modern application landscape continues to evolve into a world of multi-cloud, microservices, and APIs coexisting with legacy, data center-based apps. Security practices are far more challenging because of process complications and increased time pressures on app development. Organizations need to simplify their approach, with F5 Distributed Cloud Services poised to help.
Operating a digital business requires analysis of data for insights. Data bias - the opinionated collection of data - impacts the ability to glean insights for performance, availability, and security, resulting in missed or "false" insights. To achieve a fully digital business, IT and business must develop a data and observability strategy.
Most of us, sharing the trait of being human beings, have experienced what’s commonly referred to as “fight or flight”—an often intense autonomic physical reaction manifesting with a racing heart, tense muscles, and sweaty palms. A sense of panic can accompany the reaction, as well as a decision paralysis that renders our ability to think logically virtually non-existent.
The convergence of technology, knowledge, and process has come together to dramatically accelerate the speed of digital value creation. As we strive to maximize the value of modern application delivery platforms, we must enable app developers and operators with streamlined abilities to enhance and update application services while also ensuring security.
Alix Leconte, VP for Service Providers (EMEA), outlines five important trends for telcos to watch in 2022.
Nearly half of federal government IT executives reported that their agencies are shifting toward identity-centered, or Zero Trust, security strategies to protect their digital resources. The accelerated use of this model coincides with the growing realization that traditional methods to secure a network’s perimeter are no longer sufficient.
Digital business functions are just as critical to supporting customer experience and legal is starting to get the much-needed attention it deserves. Organizations far along their digital transformation journey are taking a step back to phase one, addressing functions that have remained manual through recent rapid digitization.
In a digital as default world, operations is still too reliant on manual methods and needs to evolve to enable adaptive applications. This evolution requires significant change across all of IT. It needs AI-enabled adaptability that will maintain availability, optimize performance, and ensure security.
It’s been a tough few weeks for many in the IT world. On December 9, a critical zero-day vulnerability was discovered and announced in the ubiquitous logging library from the Apache Software Foundation used for Java applications known as Log4j.
Rather than a one-time lift-and-shift, deploying to the cloud has become another option in the app deployment lifecycle, and applications are evolving to make better use of resources by being “cloud-native.” As organizations are increasingly adopting multiple clouds and mutli-cloud, it’s important to ask what other aspects also need to change in the apps and operations realm.
We’re proud to announce and commemorate the winners of our F5 North America FY21 Partner Awards. This year’s honorees distinguished themselves with noteworthy accomplishments in a variety of areas, including revenue attainment, culture, and innovation.
What do you do when SD-WAN over the Internet isn’t enough? Move that automation to a physical network and connect it everywhere.
Collector-stealer is an active piece of malware used across the globe. It uses a variety of mechanisms to infiltrate user systems and quietly steal sensitive data. Our security experts have uncovered its secrets and expose how it works in this latest threat research.
As December comes to a close, tech pundits dust off their crystal balls and share their predictions for the coming year. For Peter Silva's annual list, he's compiled a collection of what the industry is saying (and anticipating) for 2022.
Vulnerabilities, exploitations, mitigation, and remediation are always disruptive, and it’s F5’s mission to do what we can to provide expertise and support for customers. Teams across F5 have been actively working on tools and guidance to help already overburdened application and security teams mitigate this significant industry threat.
As distributed modern apps become more common, so will app to app connections, such as hybrid cloud, cloud to cloud, and edge to cloud. Scalable architectures will require a method of dealing with IP overlap that can cleanly be automated.
Companies cite many reasons for why public cloud environments are appealing: scalability, a variety of consumption options that can yield cost savings, and improved agility, to name a few. However, whether an organization is migrating existing applications, building a scaled operation for new applications hosted in the public cloud, or both, the architectural approach taken can make or break the business case.
Even though the adoption of multi-cloud strategies in the public sector space is growing, there remains a gap in effective solutions that address the many challenges faced by the agencies executing on them. One such challenge is the secure interconnection of workloads hosted across multiple providers, which F5's approach to distributed cloud seeks to address.
F5 marks this World AIDS Day with a humble commitment to its staff, customers, community, and partners, that we must take part in the efforts to break down the remaining stigma about living with HIV.
At F5, we’ve turned Giving Tuesday into a week-long celebration, and it’s become one of our company’s most important giving campaigns—one that generates positive results for hundreds of nonprofits worldwide.
Microservices are the norm in today’s software deployment world. As applications are decomposed into different services, the number of applications that an organization needs to deploy increases. Often the number of services increases hundreds or thousands of times. If I have one hundred applications today, this often becomes thousands of microservices.
Back in the day enterprise architecture was physical and singular, conveniently located in the one place, which could easily be managed and made secure.
As the digital economy grows so does the processing of payments through financial services institutions, and malicious actors are taking notice of the lucrative opportunities this presents. The digital payment ecosystem relies on the use of APIs to facilitate digital financial transactions and the number of API security incidents are growing yearly. Digital firms, especially those in financial services, need to increase focus on securing their APIs to protect their customers and business.
What we call ourselves in this world matters. And when our lives and identities change, our names often do too. In the quarter century since F5 Networks was founded, we’ve gone through many evolutions, but our name has remained the same. It’s time for a change.
Staying ahead of the growing sophistication of criminal organizations and their attacks is difficult, especially with staffing and resources in short supply. It’s time to look inward and outward. Bringing together cybersecurity and fraud management into an integrated team and leveraging external expertise provides compelling benefits.
Companies must be prepared to defeat modern cyberattacks and protect their e-commerce business to ensure a seamless and secure user journey to checkout. Accordingly, organizations should connect their security and fraud solutions and teams to provide real-time monitoring and intelligence that mitigate both human and automated fraud before it impacts the business—without disrupting the customer experience.
Assuming customer experience correlates only to uptime is a faux pas. CX is impacted by perception, which stems from the overall interaction, not just whether or not the power is on. And CX is not relegated strictly to customer facing apps. Apps primarily accessed by non-human entities (machines, script, etc.) still have a human somewhere in the process. The result: CX is an increasingly important part of digital transformation and pertinent to the development lifecycle.
Each year, F5 awards STEM Education Grants to nonprofits in the U.S. and around the globe. We recently sat down with Ana White, Chief People Officer at F5, to discuss these grants, their impact, and the need to encourage more women and girls of color to pursue STEM careers.
Services like AWS Transit Gateway have significantly simplified cloud networking. F5's Volterra further extends the concept of multi-tiered hub-and-spoke networking to the global level, effectively functioning as a multi-cloud transit gateway to connect public and private clouds.
Enterprises are naturally siloed with information shared on a need-to-know basis. As enterprises expand, so do the various business units, product teams, and operational teams. In essence, the business sprawls, limiting overall effectiveness and efficiency. Because teams and business units today rely significantly on APIs, a similar effect is nearly inevitable: API sprawl.
F5 is making a change in how we handle the public communication of security issues in our software products. We're moving to a predictable quarterly cadence when we have CVEs or exposures to disclose. These new Quarterly Security Notifications will align the public communication of vulnerabilities and security exposures across all F5 products to one pre-announced date each quarter so customers can plan for possible maintenance activities to ensure they are protected.
Digital transformation and adoption of Cloud technologies is causing changes in application architectures. These changes introduce new attack surfaces, which are being targeted by advanced, highly organized, and financially driven attack methods. Utilizing NVIDIA's Morpheus framework, F5 is researching techniques to detect these advanced threats with real-time telemetry and AI-powered analytics.
The ability to leverage existing financial services products to build new offerings in spaces like lending, payments, and insurance has made it vastly simpler for consumers to complete transactions, manage their financial lives, and control their personal data. At the same time, open API protocols are driving innovation across financial services, and creating significant revenue streams for financial institutions. But where there’s reward, there’s invariably risk.
How to achieve operational freedom by mixing and matching cloud providers and app services
According to Forrester’s 2021 State of Application Security Report, a staggering 39% of all cyberattacks last year targeted web applications, and for good reason. The public-facing nature of web apps, their sprawling surface area, and the ever-present risk of code vulnerabilities make them notoriously difficult to protect—increasing the chances that attackers will find success.
David Warburton looks at the good, the not so good, and the just plain bad in terms of how organizations are using encryption, sourced from F5 Labs' 2021 TLS Telemetry Report.
Volterra was listed as a Gartner Cool Vendor in Cloud Computing for 2020. Find out why Gartner is still talking about us in 2021 for Cloud Networking.
Managing and securing workloads is a complex task as enterprises move towards a
connected cloud strategy. Find out how F5 is meeting the demand for a new approach to multi-cloud networking.
Justin Brister outlines how a secure cloud architecture can enable financial services organizations in the UK (and beyond) to meet their regulatory and security obligations without compromising on innovation.
Observability, aka Monitoring 2.0, is a significant step forward in this technology journey for operators and digital business as they strive to understand and stabilize the relationship between user experience and business outcomes. But it’s only half the battle, and the other half involves analytics and automation.
When it comes to ensuring every security product in your stack is in the position to do what it does best, an approach that centralizes all SSL management and intelligently steers traffic to your security devices will be the foundation of your orchestration solution.
Cultural Survival is using an F5 2021 Tech for Good Grant to rebuild its website as it strengthens its advocacy for Indigenous cultures around the globe.
Astonishingly, a little over a year has passed since F5 launched the BIG-IP VE for SmartNICs solution, which as a reminder, is the product of an integration between the BIG-IP Virtual Edition and an Intel SmartNIC that elevates performance and efficiency while lowering costs.
Compute power in not limitless, and if there’s a limit to our ability to increase size and space as we move to the edge, then we must instead focus on optimization. When we have needed to improve capacity in the past, there’s been an introduction of optimized hardware components. Hardware-optimized computes will be a necessary capability for any application-centric platforms looking to support organizational enablement at the edge.
A recipient of an F5 2021 Tech for Good Grant, Sacred Valley Project is purchasing 27 laptops to help indigenous girls in remote areas of Peru apply for university and study for college entrance exams.
Astonishingly, a little over a year has passed since F5 launched the BIG-IP VE for SmartNICs solution and during this time, both the internet and application landscape have continued to rapidly evolve.
The banking and financial services industry has been experiencing digital transformation for several years and customer digital expectations combined with COVID-19 are accelerating key initiatives, such as Open Banking and Platform Banking.
As businesses continue to move toward a “digital as default” operating model the ease of operations results in an increase of complexity – task automation requires more code, digital expansion requires more connections, AI-assisted business requires more data. And complexity is the enemy of security. Therefore businesses will have to adapt their security stack to keep up.
Over the past several years, many organizations have been going through a digital transformation, a process which has accelerated due to the COVID19 pandemic.
The HTTP protocol is, for the most part, running the web. It is the communications protocol that drives most internet traffic. New ways of network optimizing internet communications are emerging.
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
One of 20 recipients of an F5 2021 Tech for Good Grant, Thriving Families is using these funds to help new mothers obtain the mental health support and community connections and resources they need during the COVID-19 pandemic and beyond.
In a simpler time, securing organizational infrastructure was relatively easy: Most if not all applications, services, and resources necessary for a user – usually an employee – to be productive were available on the network.
The explosive growth of automation and digitization along with a trend toward hybrid work models will accelerate the momentum away from IP-based security toward identity-based access strategies.
Offices across the world are opening up again. But how do we optimize them for hybrid working?
How Threat Stack's User Interface and alert context changes can reduce key security metrics like mean-time-to-know (MTTK)
How Threat Stack monitors Amazon EKS and ECS on Fargate to help DevOps, SecOps and other cloud security teams guard against threats like data exfiltration.
As business approaches a default-digital model, it necessarily relies more and more on data. Eliminating bias in that data will be a critical step in ensuring that decisions based on that data will lead to the best outcome possible for customers and the business.
The DNS (Domain Name System) is one of the most important protocols on the Internet — it’s often referred to as “the phonebook of the Internet” (although most DNS experts despise this description).
The first in a two-part series around how Threat Stack approaches its UI design for cybersecurity use cases.
F5 Labs recently collaborated with the Cyentia Institute, leaders in security data science, to publish a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, ‘the state of the state of.’ This blog from Sander Vinberg comments on the degree of consensus and clarity within the world of application security researchers.
It was recently confirmed by the U.S. Department of Defense (DoD) that NGINX Plus has received formal authorization from the DoD’s Enterprise DevSecOps Initiative, Iron Bank. This gives DoD teams expanded capabilities as part of a verified digital infrastructure, while also signaling the company’s growing presence in the Federal sector.
Savvy CIOs know that the interface is just that: a means to a much more comprehensive digital experience that crosses functional and organizational boundaries. With most organizations firmly entrenched in the second phase of digital transformation—digital expansion—the need to digitize the entire enterprise architecture should be clearly rising as an inevitability.
The Microsoft Partner of the Year Awards honor companies that demonstrate excellence in innovation and implementation of customer solutions based on Microsoft technology. This is an especially meaningful award for us because it recognizes F5’s marketplace sales and marketing expertise, as well as consistent, high-quality, predictable delivery to marketplace customers.
The Dark Night. Lord of the Rings: The Two Towers. Thor: Ragnarök. The Empire Strikes Back—sequels are frequently better than the originals. Sometimes writers need an additional opportunity to build out a fictional world or refine plots and characters. Similarly, in technology it seems the story is never quite over, with solutions like F5’s SSL Orchestrator well positioned to take advantage of industry narrative developments.
Most organizations employ automation with infrastructure as code but still retain control over deployments. Looking forward, we’ll see more of an event-driven approach, where the trigger itself is automated based on an event. This is a significant part of what will make applications adaptive in the future—the ability to react to automatically to events and adapt location, security, and capacity to meet service-level objectives.
While technology can help nonprofits extend their social impact, the social services sector spends far less on digital tools than for-profit corporations. To help bridge the gap, F5 recently awarded 20 Tech for Good Grants to nonprofits working to accelerate their digital transformation.
AppDev teams, like their NetOps and SecOps counterparts, start and end their day with a primary goal: ensuring that applications remain healthy, secure, available, and performing well. It’s not so easy, though, to always have visibility into app service performance.
Combining the power of Threat Stack and Squadcast will help you quickly detect and respond to security and compliance risk across your cloud workloads, making an enormous contribution to drive down KPIs such as MTTK and MTTR.
F5 is a proud supporter of Molo Mhlaba Schools, which has been an F5 STEM Education Grant Partner since 2019 via our Global Good Program. To coincide with Youth Month in South Africa and International Women in Engineering Day, we caught up with Co-founder and Director, Dr. Rethabile Mashale Sonibare, to learn more about her career, the impact of Molo Mhlaba schools, and her plans for the future.
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Telcos can help enterprises realize the full potential of edge computing. But what tools do they need to make it happen?
It should be no surprise that just as the emergence of cloud gave us cloud-native applications, edge is driving a set of edge-native applications. These applications, however, will not reside solely at the edge. Simultaneously, new architectural patterns are emerging that take advantage of applications residing in the cloud and data center.
The delayed Euro 2020 Championships are finally underway! Here are some of the key cybersecurity threats to look out for…
As application technology evolves, so does the threat landscape. Robust security measures must follow suit. Unfortunately, sophisticated web application attacks are a reality and happen every minute worldwide. In addition, new attack vectors that target mobile apps and APIs are emerging. Now, more than ever, comprehensive web and API security tools are needed.
The path that application delivery has taken over the last 20 years is a story of convergent evolution. More specifically, this era has seen the development of multiple delivery technologies that—when looked upon in hindsight—have revealed themselves to be the initial, nascent evolutionary steps towards what is becoming the application edge.
Let’s say your cat has wandered off. You can’t find them anywhere and tasty treats are not working their magic today. Then imagine that you could leverage the video doorbells in your neighborhood—i.e., idle compute and processing power from endpoints and nodes at the edge—to find them.
Stemming from recent attacks, the May 12 Executive Order on Improving the Nation’s Cybersecurity takes a multi-pronged approach to mitigation. With modern threats, any gap in detecting, reporting, employing timely protections, and ultimately defending an attack can cause a cascading effect of failure. In other words: Attackers only need to be right once. Cybersecurity professionals need to be right all the time.
As 5G becomes more widespread, an underlying question remains: How will you be able to monetize your investments? Service providers will need modern edge strategies not only to attract different enterprise verticals, but also to deliver on the promise of 5G—increased bandwidth and lower latency close to end users.
Cloud computing has long sought to remove the need to deal with infrastructure, with APIs and drag-and-drop configuration tools to help keep those adverse to the network and infrastructure from getting their hands dirty. But we can't just ignore it either, or its profile as a key attack target.
BIG-IP APM and Azure AD combine to enable seamless, secure access to all applications, regardless of where they’re hosted—in the public cloud, as native cloud or SaaS applications, on-premises, in a data center, or in a private cloud. The integrated solution allows employees to securely access all authorized applications, whether those applications support modern authentication standards and protocols or classic authentication methods, such as Kerberos or header-based methods.
In the increasingly API-driven world of banking, Red Hat OpenShift and F5 are changing the conversation about scalable and secure open banking cloud infrastructure.
It's an all too common scenario where you're not able to login to an e-commerce site without jumping through hoops (forgotten password, reauthentication, email verification—but which email?). This post explores strategies organizations are implementing to spare authentic human users from all this friction, and avoid the associated lost revenue.
Cybercriminals targeting the financial services sector are focusing more of their attacks on application programming interfaces (APIs). At the same time, different development teams working on multiple applications often use disparate tool sets, pointing to the increasing importance of industry standards. F5 works closely with financial services customers worldwide to implement and secure the APIs driving open banking.
You suspect that you have a bot problem, and—after preliminary investigation—you’ve decided to call in professionals to help reclaim some of your time. You’ve narrowed it down to a few vendors, but how do you decide? Here are some good questions that can give you an idea if a bot mitigation vendor’s solution is the right fit for your environment.
Encryption, while helpful in protecting users’ data privacy, can create serious risks for enterprises if not properly decrypted and inspected for malicious payloads. While no-cost and readily available TLS certificates allow application hosts to cheaply protect their users’ data privacy, bad actors can also hide malware behind a certificate. And it’s becoming increasingly easier for them to do so.
F5 celebrates the contributions that generations of Asian Americans and Pacific Islanders have made to American history, society, and culture.
User, within the context of the application domain, has always referred to the entity that interacts with an application. Just as shifts in application architectures drive changes in the technologies that deliver and secure them, shifts in the definition of user have driven changes in where apps are deployed.
Edge is one of the hottest topics in technology right now. An increasingly distributed society, workforce, and reliance on digital interactions have driven edge to the forefront of conversation as business faces challenges with security and delivery of the digital services that connect us all.
You might have noticed a few changes at F5 over the past year. First, we’re just F5 now. Not F5 Networks. Just F5. Because honestly, we’ve never been centered on the network.
As enterprises pursue DNS solutions capable of supporting adaptive applications, they look for solutions that match their need for automation, speed, and ability to respond to infrastructure changes in seconds rather than hours. F5 Cloud DNS promotes modern DevOps practices, helping to speed new application rollouts by adding DNS updates seamlessly into surrounding process elements.
Maintaining a healthy application portfolio is a like maintaining a healthy body. Both are subject to endless stresses and unanticipated conditions. Both require specific care, proactive maintenance, and targeted interventions. Over time, eating right and exercising regularly go a long way toward keeping your day-to-day running smoothly, and the same is true metaphorically for your apps.
Case studies how cloud-native security + compliance improves ROI: Save time plus increase revenue and productivity
Every organization wants the same thing from their applications: the best performance for their users and exceptional security to prevent losses and harm. It's a simple concept, but delivering comprehensive security that doesn't slow the speed of innovation isn't easy given the complexities of the modern digital business.
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Automation is a critical component of digital transformation. It is the automation of tasks via applications that is the focus of the first phase of the business journey known as digital transformation.
On any journey, knowing where you are is just as important as knowing where you’re going. But for many companies on their digital transformation journeys, the past year was so full of on-ramps, express lanes, forks, and detours that they can no longer locate where they are on the carefully planned roadmap they started out with. In addition, their destination may well be different today from what it was 12 months ago.
Organizations know that F5 delivers leading Web Application Firewall (WAF) products, but they might not be as familiar with technology partner Stellar Cyber and their industry-leading Open XDR platform. That will soon change, as the companies have been working hard to smoothly integrate our two offerings.
Digital transformation and the associated data generation are threatening to overwhelm the systems and companies that rely on data to create value. Accordingly, organizations are looking for more efficient, modern computing architectures that can support multi-tenancy and deliver applications at data center scale with all the necessary levels of performance and security.
Vincent Lavergne recently caught up with the founders of NuCorder for a live jam session and to learn more about their pioneering artist collaboration platform (including how NGINX is playing a supporting role in bringing it all to life).
In an exciting proof-of-concept (POC) project, F5 partnered with SoftBank Corp. to demonstrate the viability of Multi-access Edge Computing (MEC) in a satellite communications environment, utilizing F5 caching technology to implement MEC and broadcast content in bandwidth-limited communications conditions.
At its annual identity conference, Oktane21, technology leader Okta highlights exciting news about its partnership with F5: new features and capabilities that enable Distributed Cloud Services and NGINX solutions to be more powerful—and more efficient—than ever.
This specific blog describes a key challenge of configuration drift faced by an operations team when making configuration changes across a large number of clusters or sites. I call this challenge, “Time to Effect.”
Like Greek and Roman gods, multiple manifestations of the same persona are evident throughout many mythologies. At the core, each incarnation is a new face to an existing persona. A similar reality is true in the digital world; what we call “applications” can often be considered as incarnations of existing functionality.
Mobile networks are becoming increasingly more complex, with multiple generations of networks coexisting alongside security risks that have been inherited from previous implementations. When building out your 5G network, security must be incorporated as part of the planning phase to avoid damaging and costly security missteps.
Insights come from analysis of data. Consider that right now, as you read this, your human body is generating about 11 million bits of ‘data’ per second.
Cindy Borovick examines how application security and delivery deployments mature and expand in lock-step with related technology shifts, with the top technologies planned pointing to strategic priorities and how organizations are progressing through digital transformation.
We are living in an unprecedented time. Technology innovations routinely disrupt existing business models, and in some cases, completely replace existing industries—continuously and fundamentally changing the way we live and interact with each other. This post identifies three areas where AI is currently having a major impact on the enterprise.
Ian Jones explores how we’re adapting to the hybrid world of traditional and remote IT professional services.
The first in a series of blogs that looks at application-related technologies whose tide will be coming in during the next few years, especially as we evolve toward a more fully dispersed application delivery fabric and the emergent role of the edge. We’ll begin by examining where we are today (and the paths taken so far).
The American Rescue Plan provides agencies with a once-in-a-generation opportunity to leverage government support to improve IT services that will last for years. F5 can help you identify areas in need and prioritize your funds so you get the most value out of your allocation.
The fight for anti-racism in support of our friends, family, and coworkers of Asian and Pacific Islander ancestry is part of a much bigger battle. We are fighting for a world that is radically inclusive—where we, as a global community, don’t just tolerate differences, we celebrate them.
This framework maps the technology evolution that accompanies the business journey from physical to digital models. Each phase is marked by a business initiative that is enabled by technology.
Keiichiro Nozaki takes a closer look at regional results and variations among the responses received for F5's 2021 State of Application Strategy report.
Beginning April 5, 2021, healthcare providers and payers must give patients easier access to their health data—and lock security standards in place to guard that data. F5 Silverline’s Managed Security Services (DDoS, WAF, and Bot Protection) can help organizations roll out a comprehensive, HIPAA-compliant solution on a short timeline with minimal effort.
Education is the key to changing a life trajectory—and F5 is thrilled to support Rainier Scholars as it prepares students of color for long-term academic success and lives of leadership.
F5 remains fully committed to equipping our customers and the cybersecurity community at large with information about vulnerabilities to strengthen our collective defenses against cyberattacks.
While there’s a tendency to focus on applications that directly implement a customer experience, every business domain will see the rise of applications that ultimately become critical to their digital presence. These applications, then, become the modern equivalent of a monolith.
IBM Cloud Satellite is designed to bring cloud services to where clients’ data already resides—and help them bridge to where they want to go. This aligns with F5’s ambitions for Edge 2.0 and our vision of distributing applications—at the data center, in the public cloud, and at the edge—to help assure a seamless, consistent, and secure user experience.
Join Dan Woods (VP for the Shape Security Intelligence Center at F5) and Sander Vinberg (F5 Labs Threat Evangelist), as they delve into F5 Labs' new Credential Stuffing Report with DevCentral’s John Wagnon and Jason Rahm.
BIG-IQ 8.0 enables better management and visibility of F5 security solutions, improving overall security posture and threat protection. The latest version introduces several security administration and visibility enhancements that help security pros not only lower the risk of a new breach but also simplify and streamline day-to-day management tasks.
EVP Kara Sprague: The pandemic has affected every aspect of our lives, including the way we work, how we learn, and the ways we connect with each other. That's why it's striking to me that the results of our 7th annual State of Application Strategy report show not so much a sea change as a dramatic acceleration of the digital transformation initiatives that were already in motion well before COVID-19 swept across the globe.
Like many proverbs, the origins of "necessity is the mother of invention" is muddled. Often attributed to Plato, it is also ascribed to a variety of other well-known writers. Lacking an authoritative source, however, makes the proverb no less true.
Every organization is now in the digital experiences business—meaning that good UX, high performance, zero downtime, secure transactions, and a high degree of personalization are no longer differentiators; they're expected.
In today’s fast-paced, what-have-you-done-for-me-lately world, changes in business must happen in the blink of an eye or have significant negative impact. For security solutions in particular, rapidly increasing capacity or quickly changing configurations can be driven by the need to add new applications or adapt existing ones, or by an immediate and massive influx of remote workers.
As Black History Month comes to a close, F5's Scot Rogers pays tribute to 7 groundbreaking LGBTQ+ Black American activists, artists, and writers.
The last 12 months have been a source of pride, in many senses of the word, but we are really only getting started.
It's been a year since we launched the UKI chapter of F5 Pride, and a lot has happened since then. Scott De Buitléir reflects on our progress to date.
Providing a great digital customer experience is a business imperative in the COVID era. Today's customers are used to fast, easy, and, in many cases, contactless experiences, and they expect the same from every brand they interact with.
QUIC has broad industry support and the potential to be the basis of most applications that deliver business value over the internet. Anyone delivering applications over the internet should start thinking about how their operations should change to reflect the new threats and opportunities that these protocols bring.
By combining the right tools with collaborative development culture, it is more possible than ever before to deliver powerful, consistent protection that matches the pace of modern app development.
According to the Chinese zodiac cycle, the year of the (Metal) Ox has arrived. As the second animal in the zodiac, the stabilizing influence of the Ox points to a calmer atmosphere. Peter Silva gives his thoughts on the months to come and what they might hold for the industry.
There are many tropes in film and television. We're aware of them, even if we don't implicitly recognize them. A common set of tropes revolves around the hero of a story.
How operators can take full advantage of Kubernetes for deploying and managing IT and Telco workloads.
It's no surprise that we all have at least a few devices in our homes that can and do connect to the Internet. What's surprising is that most of us—and most businesses, too—don't include the "IoT" as part of digital transformation. They should because digitizing products is absolutely a part of the business journey.
F5’s completion of its acquisition of Volterra marks the beginning of the next phase of edge computing, ushering in the Edge 2.0 era. We envision that in the Edge 2.0 era, digital business in every industry sector will adopt edge computing platforms to deliver applications and to process and analyze data. The edge platform will be an essential component of the user experience for all digital services.
In partnership with the 5G Open Innovation Lab and other leading vendors, F5 is providing technology support for The Food Resiliency Project in Snohomish County, Washington, with ties to the Coronavirus Aid, Relief, and Economic Security (CARES) Act.
From a business perspective, a horizontal telco cloud architecture has several advantages over more traditional approaches. In addition to overall flexibility, it enables the telco to bring its telecoms and IT systems into a common infrastructure. That means that CapEx and OpEx investments are spread over telecoms and IT workloads, reducing costs.
With the level of encrypted traffic today, the need to ensure user and consumer data privacy, and the computationally intensive task of decryption and re-encryption, leveraging a traditional security solution to pull double-duty to deliver security by simply decrypting and re-encrypting traffic can be a very bad idea.
You are likely quite familiar with the most common threats that put your data at risk, such as using insecure passwords, sharing passwords, and not installing required security updates on your devices. But there are many other privacy risks that go beyond these typical cases.
A perfect storm of fraud has been created in the economic fallout resulting from the COVID-19 pandemic, the pressure on state and government agencies to provide unemployment benefits, and the lack of anti-fraud infrastructure within those agencies. While the present situation isn’t good, there are, thankfully, clear paths forward for combatting unemployment fraud.
The payoffs of a well-constructed data architecture go beyond operational process. The benefits extend into strategic operational efficiencies, deeper business insights, and the ability to reach adjacent business opportunities, all executed in a more agile manner.
Volterra's universal, multi-cloud technology enables industry-standard containers to execute anywhere, across any public cloud, private cloud, or enterprise data center. Together with F5’s industry-leading application security and delivery technology, we will introduce the first Edge 2.0 platform, providing an edge that meets the demanding needs of enterprises and service providers.
The pressure is clearly on for organizations to implement the tools and skills needed to thrive in whatever brand of normal lies ahead, creating a range of opportunities for channel partners. Here are some key trends and developments to look out for in 2021.
The pandemic has accelerated the digital shift that was already underway, presenting fraudsters with unprecedented opportunities to commit unemployment fraud on a massive scale while enterprises and government organizations struggle to keep pace with the speed of the shift.
During the last year and half, we have been working with a few major global banks to test and evaluate our solutions. To be honest, we were approached by these banks as they started to see the need to create an edge strategy and also start to think about consuming multiple clouds (buzz word – ‘Multi-cloud’), mostly in a private way.
Advanced threats require an advanced WAF equipped with live and actionable threat intelligence to make security controls smarter—controls that automatically detect and block active attack campaigns and malware.
Phishing and spearphishing attacks drastically increased in 2020, driven by the threat of a worldwide pandemic, nations under quarantine or lockdown, work from home mandates, and contemporary political events. Jay Kelley examines modern threats in the context of F5 Labs' recent Phishing and Fraud Report, as well as how organizations can better protect users, applications, and data.
With Volterra, F5 will transform how customers deliver digital experiences and address the application security and delivery challenges we’re seeing from existing edge technologies. F5+Volterra creates a new paradigm that unifies security and applications across cloud and edge with global consistency.
In order to further this dream, I’m excited to announce an important step in our journey. F5 has announced today that they will be acquiring Volterra and our ability to deliver the world’s most advanced edge-as-a-service platform and accelerating the creation of Edge 2.0.
In 2018, Epic Games landed a $15B USD valuation. Many attributed this incredible event to its viral video game, Fortnite. With over 200 million users across the world, the game pulls in billions of dollars a year through microtransactions.
Whether we’re talking digital transformation, application architectures, or the importance of telemetry in maintaining a digital business, the soon-to-be-released results of our annual survey help shape F5's understanding of the market and strategic decisions. This year, we gave respondents a bit more latitude in providing freeform answers. They did not disappoint.
Multi-cloud computing, wherein data and applications are distributed across multiple cloud services, is becoming an increasingly popular strategy in the world of software development.
As each year comes to a close, tech pundits blow the dust off their crystal balls and share their predictions for the coming year. For Peter Silva's annual list, he's compiled a collection of what the industry is saying (and expecting) for 2021.
Kubernetes may be free to download and run, but it’s hardly free of cost to own. Like other major open source platforms that are “free” only in a simplistic sense, Kubernetes will almost certainly cost you money to deploy and operate.
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
Given DNS is a foundational networking service, it’s not a stretch to claim that digital transformation begins with DNS. Unfortunately, DNS is the last frontier of networking technology modernization. F5 Cloud DNS Service empowers network operations teams and DevOps teams to take advantage of these tectonic shifts in culture (DevOps) and technology (elastic consumption of computing and networking infrastructure).
This is the reality of cloud properties. They all use the same mechanisms – APIs, consoles, processes – to perform common operational tasks. This is one of the benefits of cloud. And in terms of onboarding new technology professionals, it can dramatically reduce time required for onboarding.
Amazon Web Services (AWS) customers can now find and purchase consulting and training services from F5 in AWS Marketplace, a curated digital catalog of software, data, and services that makes it easy to find, test, buy, and deploy software and data products that run on AWS. As a participant in the launch, F5 is one of the first AWS Partners to quote and contract services in AWS Marketplace to help customers implement, support, and manage their software on AWS.
We recently crested the third wave of cloud. Concurrently, the pandemic has shifted a lot of enterprise attitudes. One has been the approach to remote work. Another is that toward public cloud. In fact, just about every survey out there now says the market is full steam ahead on cloud migrations—but, while certainly related, an important distinction exists between cloud migration and cloud adoption.
Kubernetes is an open source platform. You might think, then, that it's a vendor-agnostic platform, meaning that you can easily move from one Kubernetes implementation to another.
The promise of modern apps is the ability to develop, deploy, and deliver applications rapidly, ensuring customers have access to the applications they need whenever they need them. For your teams, this means faster and more frequent deployments by integrating reusable security and networking policies into CI/CD pipelines, freeing developers to focus on creating business value through app development.
You can barely read a tech blog these days without finding an article that sings the praises of multi-cloud architectures. There are good reasons for that: multi-cloud provides a range of benefits, from cost-savings to increased reliability and beyond.
Video games are more influential than ever. We caught up with Sacha Coward, a prominent museum and heritage professional, historian and escape room designer, to explore the importance of identity and representation in the gaming world.
Public cloud solutions offer a lot of well-known benefits, but they also pose the occasional challenge. For example, organizations are used to having precise control over all the network traffic in their data centers, and they count on that level of control to perform critical security checks. As corporate workloads move to the public cloud, IT operators are challenged to ensure that their security measures come along as well.
When it comes to 5G and innovation, one's imagination is the only limit. We all know that 5G is largely meant to satisfy the insatiable appetite for lightning-fast speeds and real-time (sub-millisecond) latencies. But it’s also the fundamental basis for enterprise vertical industries and academia enabling the development of some really remarkable technological advances.
BIG-IP excels at inspecting, analyzing, filtering, and reporting on network traffic, it creates a lot of very useful data. However, parsing and extracting insight from this stream of information can be no small feat. This was one of the primary drivers for the development of the Splunk Add-on for F5 BIG-IP.
Nathan Kurtz, VP of Performance & Strategy at F5 and Executive Sponsor for the company’s Military Veterans Employee Inclusion Group, reflects on the significance of Veterans Day in the U.S., expands on what it means as an F5 employee, and identifies related resources.
F5 is delivering on the vision of adaptive apps for both traditional and modern applications. We define “traditional applications” as those that have a monolithic, client-server, or three-tier architecture. In contrast, “modern applications” are architected as distributed cloud- or container-native services that interact via APIs.
Gaming accounts and microtransactions are valuable enough to have become substantial targets for hackers. Given that these accounts—like those in other industries—can be used across platforms (website, console, mobile phone), they can pose lucrative opportunities with multiple attack vectors for those savvy enough to go after them.
Kara Sprague: While I enjoyed many advantages and privileges growing up, the fact remains just as it does today—girls are chronically under-represented in STEM. And the situation, I am sorry to say, is getting even worse, and most especially when it comes to girls and women of color.
Whether through a mobile app using APIs to interface with an existing monolithic mainframe app or via message queues that connect Slack to a traditional client-server based customer service application, the task facing enterprise IT today is not merely to transform monoliths to microservices, but to make microservices talk to monoliths.
The world of banking is waking up to the potential of open innovation to help solve some of its biggest challenges—making services available to unbanked users or underserved small and medium-sized enterprise (SME) customers. By the end of the decade, it is foreseeable that we may have as many services enabled by our banks as we have apps on our mobile phone.
The advantages just aren’t about defense; careful control over entry points also results in a multiplicative increase in the efficacy of defenders. It’s no surprise, then, that these principles are often applied in the world of digital security.
Today we are very happy to announce that Volterra is able to serve its customers with PCI DSS Level 1 compliant services. Our entire team has achieved a tremendous amount of work over the past few months to deliver this capability.
COVID-19 has profoundly changed the way partners go to market and engage with customers. We caught up with IDC to learn more.
As organizations ramp up their generation of data and seek to extract business value from it, analytics and automation powered by AI and ML will certainly be on the table as technologies put to the task. These are exactly the type of workloads that will benefit from optimized infrastructure, and yet they are the ones least likely to be able to take advantage of it today.
CMMC, as it’s rolled out over the course of five years, is meant to reduce, if not eliminate, vulnerabilities and address a critical national security challenge. The defense industrial base (DIB) includes more than 300,000 companies, over which there has been a glaring lack of previous oversight. These companies access and store sensitive defense information on their own systems. CMMC represents an important step toward protecting this information.
It’s hard to find an enterprise company who hasn’t considered cloud native technologies to help meet user demands or to be more agile. So, what's holding organizations back? Some are wary of the critical parts of the cloud native stack that are open source. Others hesitate upon finding the cloud native market saturated. The choices can be overwhelming—and the downside of making the wrong bet on a soon-to-be-obsolete technology can outweigh the potential upside.
Many companies have seen years of transformation take place in just the past several months. While adapting to a global crisis has been a catalyst, the long-term requirements have remained the same while the urgency has increased. Organizations want to deliver a superior customer experience. They want business agility, the ability to respond rapidly to changing market conditions. And, ultimately, they want return on their investments.
A thoughtful and deliberate data strategy is fundamental to enabling the quality and cost-effectiveness of the most important business workflows. Further, when the workflows are instrumented to transmit their observed data exhaust to a collection and analysis infrastructure, the workflows themselves can be continuously analyzed and improved, resulting in constantly adaptive and optimized business workflows.
A key component of improved federal cybersecurity is visibility, which is being addressed through the Cybersecurity and Infrastructure Security Agency's Continuous Diagnostics and Mitigation (CDM) program. Last year, Congress upped CDM funding, setting aside a total of $213.5 million for the program. As these funds are actually funneled into technology investments, agencies generally recognize the fact that no single vendor is able to solve the entire CDM puzzle.
This blog concludes a two-part series celebrating National Hispanic Heritage Month through the voices of our employees and members of F5’s Latinx e Hispanos Unidos Employee Inclusion Group (EIG). Alejandro (Alex) Figueroa, a manager at our Security Operation Center based in Guadalajara, shares his story and thoughts on the importance of this celebration.
While it's true that 2020 has seen different DDoS attack patterns emerge, what is also true is that DDoS attacks at the infrastructure layer are still DDoS attacks. They are what we might call "traditional" attacks. What is changing are targets and opportunities that come with a distributed workforce, along with considerations around 5G and Edge computing.
Jay Kelley: For those unfamiliar, the F5 Edge Client is an SSL VPN client used to provide access to enterprise networks for employees working from home or remote locations. The most exciting new feature of F5 Edge Client 7.2.1 is its ability to deliver single sign-on (SSO) across web and remote access applications.
If you removed the case of your desktop computer back in the 1990s, one of the first things you’d see is a network interface card (NIC). Unlikely as it may sound, the humble NIC is now set to help the telecoms industry, and its customers, combat a huge global surge in distributed denial of service (DDoS) attacks.
By its industry definition, SOAR comprises “technologies that enable organizations to collect inputs monitored by the security operations team…SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.” But it is far more than just a set of tools.
There's a big difference between knowing something's wrong and knowing what to do about it. Only after monitoring the right elements can we discern the health of a user experience, deriving from the analysis of those measurements the relationships and patterns that can be inferred. Ultimately, the automation that will give rise to truly adaptive applications is based on measurements and our understanding of them.
In this era of proliferating fintech apps, open banking has emerged as the preferred way for financial institutions to share data with third-party providers. The latest open banking protocols favor the use of application programming interfaces (APIs) to boost performance and reduce latency, but as with any digital data-sharing process, security is of paramount concern.
National Cybersecurity Awareness Month is happening now. For nearly 20 years, the Cybersecurity and Infrastructure Security Agency (CISA) has devoted every October to telling Americans how to be safer and more secure online. In all that time, has anything changed?
Each year, Gartner recognizes innovative technology companies as Cool Vendors across various market segments. Volterra is both humbled and thrilled to be named a 2020 Cool Vendor in Cloud Computing.
Back in 2018 the Office of Management and Budget introduced a new strategy designed to provide organizations with a roadmap to migrate their applications to the cloud, dubbed Cloud Smart. The message is clear: the traditional definition of a network perimeter has eroded; applications are the new network edge. We have entered into a new phase of digital transformation that is dominated by cloud services and multi-cloud applications.
COVID-19 has forced many to tear up the rulebook and (virtually) start again, as the lines between field sales and digital operations continue to blur beyond recognition. The pandemic has put a rocket behind sales’ natural evolutionary trajectory, just as previous societal and technological shifts moved organizations away from Rolodexes to Salesforce, or from landlines to mobile phones and videoconferencing.
The industry saw nearly 250,000 attempts of credit card fraud in 2019. That breaks down to about one attempt every two minutes. Detecting fraud today requires a correlation of data, collected from as many points in the digital workflow as possible, and the ability to analyze it at speeds far greater than manual data processing can offer.
Early this year, our team was asked to augment our existing security tools and software dev+test practices for PCI-DSS and SOC-2 compliance. One of the key areas we had to augment was vulnerability scanning for our K8s-based microservices and a couple of monolithic services.
This fusion of BIG-IP Access Policy Manager and Azure Active Directory means support for identity federation, centralized user access (via single sign-on), and increased application security (via multi-factor authentication) for mission-critical applications as well as cloud-based and SaaS apps. This approach simplifies setup and deployment, reduces management overhead, and enhances the overall administrative experience.
Lupita Vallejo: Mexico is a country rich in culture, language, music, artifacts, and far more. We are more than our world-renowned food, historic landmarks, and perfect weather. What really defines my Mexico is something far more important: the people.
The central problem with measuring site performance today can be summed up as: "We don't measure the cost of slow. We measure the cost of downtime." Humans tend to work toward what they're measured on. This is not a new concept and, in fact, it's one of the tenets of DevOps and the reason the methodology includes a shift in measurements toward what matters most. Today, that means more than just available—it means fast and reliable too.
National Coding Week – A Q&A With Kara Sprague, EVP and GM of BIG-IP and Girls Who Code Board Member
Kara Sprague discusses the power of coding – and why everyone should have an opportunity to participate.
When the Modernizing Government Technology Act (MGT Act) was signed into law in 2017, its purpose was to provide agencies with funds they can apply to their IT modernization efforts, including those around cybersecurity. Agencies could apply for funding from the Technology Modernization Fund, which was designed to help them move on from legacy systems and invest in agile, transformative technologies. As it turns out, the establishment of the MGT Act has proven even more visionary than anyone could have imagined.
While there are a multitude of fancy new cyber-attacks that can disrupt and harm, it is a distinctly “old school” threat that remains among the most prominent (and disruptive).
One of the biggest impacts of digital transformation is the disruption to application development. Historically, the introduction of new architectures into app development generally takes several years before it kicks into high gear and sees mainstream adoption.
The solutions team at Volterra designs and maintains many potential use cases of the Volterra platform to demonstrate its potential value. These use cases are often made into instructional guides that customers use to get first hands-on experience with Volterra.
The Trusted Internet Connections (TIC) initiative’s 3.0 guidance marks an excellent opportunity to review your security approach. Because of evolving threats, federal government security experts know it’s important to stay vigilant. While technology changes, the ultimate goal remains the same—to protect your agency, partners, and customers.
The issue of remote access has become a priority as our response to the pandemic continues to encourage, if not require, working from "anywhere but the office." The first wave of remote access concerns was focused on users. How do they access ...
Over the past decade, the quest for faster development cycles, high availability, selective on-demand scaling, and decoupling in general has steered technology-driven organizations to the microservices architecture.
While SaaS is not really all that new, what is new is the range of activities being commoditized and packaged as SaaS. All manner of business functions are joining CRM, SFA, productivity, and communications as SaaS offerings. And we anticipate that organizations will quickly jump at the chance to offload the operation of such software to a provider.
Despite changes in architectures and location, security problems do not change. Customers still need to protect applications, ensure availability, and defend against DDoS attacks. Application security is just a bigger challenge now due to the expanding attack surfaces and vulnerabilities.
Entrepreneur, author and TED alumna, Valerie Alexander shares her journey and insights on unconscious bias with the wider community in this interview.
Agile processes enable rapid releases to deliver customer value quickly and seamlessly; and new technologies make it viable to deliver daily releases, particularly for customers operating on a massive, global scale. Open source provides a model that offers the flexibility, agility, and stability companies need to efficiently deliver applications to their end-users—without the restrictions of vendor lock-in.
Automatically grow, shrink, defend, and heal your modern adaptive applications. Learn how F5 helps you scale and secure your apps for an extraordinary customer experience.
As offices gradually re-open across the world, the question arises of how many of our old working habits we will return to.
There are two walls in the delivery path for applications. The first (which has been the cause of much friction) is between development and production. And while DevOps methodologies have begun to break down this wall, the other—the one between production and delivery to consumers—is not so easily breached.
Decision-makers need to ask more of themselves, their people, and their investments. Most importantly, they need to connect priorities, teams, and budgets to achieve the greatest impact.
Learn how Threat Stack’s new Fargate support can augment your existing AWS security controls.
Over the years we've seen a lot of industry trends come and go. Two—cloud and mobility—fall into what we might call "mega trends." These are movements within the industry that have...
This blog is the start of a new blog series on real example problems faced by enterprises and describes how Volterra’s App Delivery Network (ADN) addresses the problems outlined.
Most organizations are operating in multiple cloud properties in addition to their own on-premises private cloud. For the past three years we've asked about the challenges and frustrations professionals in every role within IT experience while operating in this mode.
In the three phases of digital transformation, the first phase is all about automation. The focus on digitizing of workflows in phase two will ultimately offer business a path forward to the third phase, where data-driven services will generate actionable insights that improve efficiency, reduce process friction, and increase both productivity and profits.
Online privacy is no longer about simply staying away from prying eyes. Encryption on the web plays a key role in affording us our privacy, and it is constantly changing.
With this new offering, companies get the visibility, detection, and mitigation outcomes they need to slash fraud; reduce cloud hosting, bandwidth, and compute costs; improve user experiences; and optimize their business based on real human traffic.
First confined to the data center, Application Performance Monitoring (APM) has become increasingly context-driven around web-based user experiences. Today, it isn't enough to identify what went wrong after the fact. Businesses need to identify where trouble might occur before it happens.
If you’re a Fastly CDN user, Shape’s industry-leading log analysis capabilities are just a flip of the switch away. There is zero impact on production traffic, so there is no risk of negative consequences—just straight up information gathering.
There is an ebb and flow to technology cycles. Its inevitability is extant in many theories, such as the S-curve of innovation and a certain well-known analyst firm's hype cycle. Cloud is subject to these same waves. We've seen two very strong cycles over the past ten years, and it appears that a third wave is beginning to crest.
Based on our research, you are almost certainly in the 87% of organizations that operate applications across multiple cloud providers. Of that majority, you're also most likely to employ between two and six different public cloud providers. More than half (51%) of organizations do.
For service providers and enterprises transitioning to 5G network infrastructure and modern cloud architectures, virtual environments can now be hosted on low-cost, standards-based servers while moving specific functions to a Smart Network Interface Card, thereby boosting performance and lowering latency in the core and at the network edge.
EVP Kara Sprague: The pandemic has raised the stakes overnight on digital experiences. The playbook for thriving has four distinct phases, which I’ve heard consistently from both customers and industry observers. Several organizations are applying this approach to enhance their operations with new digital processes that will drive ongoing differentiation.
To mark this year’s Women in Engineering Day, we connected with Sara Boddy, Senior Director of F5 Communities (F5 Labs and DevCentral), to discuss her career to date and why we need to continually strive for more diversity in tech.
The term 'cloud-scale' is often tossed around blithely. It's used in marketing a lot to imply REALLY BIG scale as opposed to, I suppose, traditional not-as-big-but-still-significant scale.
I’ve been the Executive sponsor of the F5 Pride employee inclusion group since its inception in 2016. When people ask me why I feel so strongly about advocating for LGBTQ+ F5ers, I tell them, “Because I loved and was loved by someone who taught me—through his life-long example—the importance of embracing all people for who they are, as they are, and wherever they are on their life’s journey.”
At F5, our commitment to the fight against racism is a foundational part of our culture as a company. We consider diversity and inclusion part of being an F5er. Today, our F5 Appreciates Blackness (FAB) employee inclusion group, the Diversity & Inclusion team, alongside our Exec Team, shared the steps we are taking as a company, and the pledge we are taking as individuals.
While it is true that adoption rates have fallen short of initial predictions, there is plenty of evidence to suggest that NFV is as relevant as it’s ever been. Perhaps even more so.
Data comes from a variety of sources across the code-to-customer path. Applications. Platforms. Application services. Infrastructure. Devices. All are capable of emitting data that can be turned into business value by the right solution. The elephant in the room during any discussion on the use of data is, of course, privacy.
The first step in a discussion about data architecture is to define what the concept of “data architecture” encompasses. Unsurprisingly, the answer turns out to be nuanced—it is layered and multifaceted. To help ground the discussion, it is useful to start by thinking about it in terms of the journey of collected telemetry data.
We want to share this powerful message to F5ers from our FAB employee inclusion group leaders as a blog post to help channel our collective energy into concrete action. F5 stands in solidarity with the Black community and those who protest in support of social justice around the world.
Digital payments have become as common as cash used to be. Shutdowns due to the COVID-19 pandemic have only accelerated the rate consumers rely on such services. But it has also accelerated digital payments on the corporate side. After all, businesses still have accounts payable and receivable whether they're open to the public or not.
Perhaps the biggest impact on operations due to the abrupt migration of consumer and employee to digital experiences is availability. Certainly, a significant percentage of organizations struggled with remote access as workers moved from the office to the home. But only some workers wound up working from home while entire populations were suddenly reliant on digital equivalents of day to day life.
With the development of container orchestration technologies, working with containers is easier and more programmatic than ever. But orchestration is only half the battle. Effective container strategies also require solutions for the different elements tied to applications, such as networks, storage, security, traffic management, and DNS.
Today, F5 offers the most comprehensive application services along the code to customer path. For the future, we are doubling down on application telemetries and analytics to help our customers discover insights about their applications, business flows, and user experiences. As we build out our cloud analytics capabilities, we'll further leverage ML/AI to help our customers to improve their business services.
In a get-it-done-now kind of environment, you need a fast and easy way to make sure your web apps are covered by fundamental protections. F5 recognizes the pressures those on the frontlines of the COVID-19 crisis are under, and we don’t want new technology to be another one.
Zero Trust is a powerful strategy that can help a business go faster and be more secure. While not a new concept, it is one that has taken on particular relevance for today's application-driven businesses and multi-cloud environments.
It may seem like a million years ago since we hosted our first EMEA LGBT+ @ Work Symposium in London (which included the official launch of the UK & Ireland branch of F5 Pride), but our work behind the scenes has continued apace. In many ways, our mission is only just getting started.
As part of our SaaS-based Control-plane, we have built and run our own global backbone (AS35280), using multiple 100G and 400G links between our PoPs.
It should be no surprise that as there evolves a new generation of application architectures that a new generation of load balancing accompanies it. Since the birth of load balancing, just before the turn of the century, the technology has moved in a predictable pace, which means it is time for innovation.
As we begin to grapple with the fact that our rebound will not happen as quickly as we’d all like, we are coming up with innovative ways to keep businesses moving forward. We are offering new tools and resources for our partner community to help solve customer challenges with remote access and security.
Jay Kelley looks at how organizations are beginning to shift their technology concerns from application access and maintaining user productivity toward application security. The article also notes how cybercriminals are adapting and what you can do about it.
How many times have you found yourself emailing a sensitive file to your accountant, lawyer, friend, relative, or co-worker and immediately feeling remorseful? Or perhaps you uploaded the file to some cloud storage provider and emailed or Slacked the link.
Together, Azure Active Directory and BIG-IP APM offer unified security and user experience between modern and classic applications, providing a single identity control plane and delivering SSO from any device to all applications, whether they are hosted on-premises or in the cloud, and whether or not they support modern authentication and authorization.
With F5’s portfolio of visibility solutions, customers can collect and analyze application metrics no matter where the application or app services are deployed. They can connect to applications wherever they live, scale analytics natively, and close unknown gaps in application visibility to expand and strengthen security and reliability.
Recently, I was reminded of the importance of calibrating measurements when I re-entered the realm of reef keeping. Like rapid changes in the application landscape, reef keeping has dramatically changed in the past five years.
With the impacts of COVID-19, organizations need to ensure that their now home-based and remote employees are able to securely and seamlessly access the applications they need to be productive—especially with all the new challenges they’re facing every day. F5 BIG-IP APM and Azure Active Directory simplify the user experience for application access by enabling users to log in once and access all applications they have the right to access in any location.
Mika Yamamoto, Chief Marketing and Customer Experience Officer, previews F5's virtual Agility conference, the industry-leading event for architects, engineers, and developers to learn how building, managing, and securing applications in multi-cloud environments can accelerate digital transformation and deliver better customer experiences.
This new partnership area is significant as it casts a global spotlight on the shared values of both F5 and IBM to enable Service Providers with broader choices of modern architectures and infrastructures—with both hardware and software options to enable open source hybrid cloud containers and innovate toward rapid network transformation.
Amid this pandemic, the systems processing unemployment claims in many U.S. states found themselves in peril. Developed using COBOL, the systems faced overwhelming demand, prompting urgent calls for those proficient in a programming language dating back to 1959. In parallel, many applications driving contemporary digital transformation efforts are microservices-based. These apps, like their COBOL forebears, are likely to be so critical that they, too, may still be running in 50 or 60 years.
Culture is not something that can be switched on in response to a crisis. Digital transformation, first and foremost, is a response to a business need. So, the initiatives that support it need to be designed with business outcomes in mind. And those business outcomes are informed by organizational culture.
The expansion of applications tied to organizations’ digital transformation efforts also increases the number of attack surfaces for bad actors to target, with the effects of the current pandemic further accelerating this growth. Coupled with users’ tendency to reuse passwords, you’ve got an unfortunately prime environment for credential stuffing attacks. This article highlights established best practices that can help both businesses and consumers protect themselves.
In days gone by, the app services (the data path) delivering apps was straight and narrow. All apps basically traversed the same set of services over the same network.
In light of digital transformation initiatives quickly becoming a “checkbox” for modern enterprises, effective management of app services—and the devices that power them—is paramount. It’s also not easy, simple, or straightforward, especially in the multi-cloud world. That's why F5 is so dedicated to delivering end-to-end app visibility and control from code to customer with BIG-IQ 7.1.
In prioritizing health and well-being, organizations all over the world are finding out how they can work effectively together even when their employees are separated by physical distance. Ian Jones, head of F5’s global Professional Services and Training Services teams, highlights the ways organizations are meeting today’s demands, and surfacing lessons that will apply long after the pandemic ends.
The modern-day network is often made up of an on-premises data center as well as SDNs and public clouds. In such heterogeneous environments, it’s all too easy for the rules and objects associated with the devices that make up the network to proliferate, adding complexity and risk. To help address this, AlgoSec has worked closely with F5 to extend rich visibility and orchestration capabilities across the entire multi-vendor network security fabric.
Extraordinary times call for extraordinary measures. Many people have uttered this phrase since COVID-19 forced us from our offices into our homes to work remotely. One of those extraordinary measures has been ...
An insertion point is an architecturally distinct location in the code to customer data path at which it makes sense to add functionality that is often outside the purview of development or operationally more efficient. Insertion points include the client, infrastructure, and the app itself. So, what we're looking for are app services that are both operationally and cost efficient at the point of insertion; in this case, we're focused on the app server (platform) itself.
This blog will deal with techniques we use to secure the platform against targeted attacks from the network — from the Internet as well as from inside. Since apps are no longer constrained to any physical location, traditional perimeter-based firewalls and signature-based security solutions are no longer effective.
Kunaciilan Nallappan, RVP of Marketing for Asia Pacific, shares his thoughts on F5’s initial response to the COVID-19 pandemic and the continuing importance of putting employees, customers, and communities first as we navigate these times together.
For mobile service providers, COVID-19 has been the catalyst recently for dramatic traffic growth as enterprises and consumers follow mandatory stay-at-home guidelines. Fortunately, many OTT providers have throttled their video streams to reduce the strain on the network, but this has highlighted to service providers the importance of being prepared in the future with intelligent traffic management and video optimization solutions.
Perennially important, virtual private network (VPN) security is now imperative given the current COVID-19 pandemic. Remote working has fast become the new normal and, correspondingly, the demand for VPN capabilities has skyrocketed. Unfortunately—if unsurprisingly—attacks on VPNs have risen sharply alongside.
As organizations rapidly mobilize a global workforce to work from home, they are considering the performance, availability, and security of their corporate applications. In our conversations with customers and partners around the world over the past month, we interestingly see a renewed focus on some of the same application services that topped the list in 2015—load balancing, network firewall, anti-virus, and most importantly, identity and access.
This componentization of IT is like the componentization of the applications it is tasked with securing and delivering. Estimates range from 80 to 90% of modern applications are composed of third-party components; most of which are open source.
Now in its sixth year, the State of Application Services (SOAS) report reveals that 91% of surveyed EMEA organisations now have specific digital transformation execution plans in progress. Against this backdrop, the SOAS report found that 66% of surveyed EMEA organisations said they depend on applications to run their business—indicating that digital transformation has clearly shaken up application-based decision making.
F5 EVP Kara Sprague: One of the reasons why application-level visibility remains so elusive is because application data paths are complex. There are generally several operational silos along the data path for a single application, and even more operational silos for each of the application architectures and infrastructure environments used within any multi-cloud architecture. And where there are silos, there is limited visibility.
As COVID-19 continues to make its impact felt on a worldwide scale, F5’s Chief Human Resources Officer Ana White and Chief Marketing & Customer Experience Officer Mika Yamamoto reflect on implementing response and readiness efforts reaching employees and communities worldwide.
The COVID-19 pandemic has created a new work reality almost overnight. Globally, companies like F5 are finding new ways to reinforce flexibility and innovative collaboration as key elements of employee culture. In this article, Jay Kelley takes a closer look at the activities of the Technology Services team at F5 during the course of March 2020 to meet the changing needs of the company and its customers.
The dominance of video and SaaS traffic today is, in part, why remote access services are being overwhelmed. In parallel, the rise of telemedicine during this pandemic is increasing and along with it, live video traffic. One way to increase capacity and improve performance for remote users is to update your remote access configuration to reflect the modern makeup of application traffic.
"Data is the new oil" or "Data is the grease of the digital economy." If you're like me, you've probably heard these phrases, or perhaps even the more business school-esque phrase "data exhaust monetization," to the point of being clichés. But like all good clichés, they are grounded in a fundamental truth, or in this case, in a complementary pair of truths.
A new reality brings new vulnerabilities. With nearly 100% of staff telecommuting, what becomes the most important link in the connectivity chain? When exponentially more customers rely on the Internet to order products, what part of an organization’s operations suddenly becomes the most critical? Of course, it’s the network.
As governmental responses to the COVID-19 pandemic range from prevention and protection to mitigation, organizations must respond quickly to the dramatic changes these efforts have had on business. Whether you’re struggling to respond to spikes in usage, communicate effectively with a newly remote workforce, or ensure that all employees have access to the applications that allow them to do their jobs, here are some simple tips to help you adapt to our new reality.
For more than a decade now, the term cloud has promised agility as one of its primary benefits. Surveys and studies often cited the elusive and nebulously defined "agility" as a key adoption driver of all forms of cloud.
The inescapable truth of this survey is that the life of a network operations professional is increasingly automated. From configuration changes to ...
Spurred by the coronavirus, a mass shift in teleworking has been one of the most notable ways companies like F5 are moving quickly to make sure customers are up and running. But as this shift takes hold industry-wide, complexities emerge in other areas as well. F5 Cloud Services GM Calvin Rowland examines the impact of DNS and how customers are handling related efforts in the current climate.
Keiichiro Nozaki shares region-specific results of F5's 2020 State of Application Services Report, including perspective on country trends and digital transformation priorities.
If you’re an IT professional, the impact of COVID-19 presents a host of new business continuity challenges, along with its myriad interpersonal adjustments. You need to respond quickly to unprecedented changes in work schedules, remote access to applications, and spikes in networking and data demands. Any of these can result in sluggish application health and performance due to over-taxed resources—affecting your ability to serve customers as they adapt to new realities.
F5 EVP Kara Sprague: Today's organizations are trying to reconcile an extreme pace of change with rising demands—serving users who don’t always know what they want, while facing constant pressure to innovate, compete, and respond to market developments. For many of our customers, these rapidly changing dynamics have become a catalyst to embark on large-scale transformations.
Before you dive in, we wanted to reiterate that DevOps is unique. If you think they're just developers who write scripts and manage CI/CD pipelines, you'd be wrong. If you thought they were just operations ...
For additional background on how F5 is responding to COVID-19, I wanted to share a copy of the email I sent to our customers worldwide.
F5’s BIG-IP APM can help you and your team remain productive and secure while working from home or remotely during the COVID-19 outbreak.
When organizations adopt new architectures and develop new apps, they don't throw away ones that already exist. While there's always some culling of the portfolio that's taking place over time, it’s generally true that apps put into service years ago using traditional architectures are still ...
In advance of International Women's Day, Lori MacVittie takes a moment to discuss her career to date, tips for women looking to get into tech, and reasons for additional optimism on the horizon (particularly in the cloud computing space) in this Q&A with EMEA's Neil Jaques.
The benefits of migrating away from hardware-dominated environments to cloud and software-defined architectures are well known—increased scalability, operational agility and economic flexibility, to name just a few. But there is also the common misconception that in order to realize these gains, organizations are forced to make a sacrifice regarding the performance of their apps.
When we dig into the state of application services each year, we don't just focus on app services. While that's certainly our primary interest, there are a plethora of trends and technologies that impact app services in general.
F5 announced the launch of the UK and Ireland (UKI) branch of its F5 Pride Employee Inclusion Group (EIG) this week. It also hosted the company’s first pan-EMEA F5 Pride: LGBTQ+ @ Work Symposium, highlighting best practices for diversity and inclusion, as well as mapping out plans to further bolster company-wide support for LGBTQ+ staff.
Cloud-native, while still a term with many definitions, can be thought of as a methodology and approach, not a specific technology. And the importance of firmly instilling that into your organization can’t be overstated. The priority for teams and individuals involved in digital transformation is to ensure they agree on and understand the business outcome, using it to inform technical designs/solutions.
In this post, Blaine Connaughton uses Threat Stack’s data portability feature to dive deeper into security analytics using Jupyter PySpark notebooks.
Are we just using telemetry because it sounds sexier than data? Ultimately both data and telemetry are organized bits of information. To use them interchangeably is not a crime. But the reality is that, if you want to be accurate, there is a difference. And that difference will become increasingly important as organizations march into the data economy.
F5 kicked off the RSA week in brilliance and style at Microsoft Security 20/20. This gala event celebrated and honored their top partners within the Microsoft Security ecosystem. It’s extremely gratifying to be recognized for the customer obsession we have at F5 with the Customer Impact Award, given security is a critical initiative and core competency for both F5 and Microsoft.
Threat Stack’s latest Threat Intelligence Report and live attack simulation show how Threat Stack Cloud SecOps Program analysts investigate the downstream actions of automation tools when conducting forensics that require user attribution.
While we largely have Hollywood and science fiction to thank for our popular understanding of the complex topic, put simply, one can define artificial intelligence as “teaching a computer how to mimic aspects of human intelligence.” To understand how AI and application services will work together in the future, it’s first necessary to examine three distinct types of AI: Strong, Weak, and Assistive.
A growing number of app services are an integral component of a cloud-native architecture. This is, in part, why we see a shift in responsibility for app services away from IT operations toward DevOps.
Andrew Warren discusses best practices for writing automated system integration tests using containers in order to effectively gray box test microservices.
Months of analyzing over 2600 responses to our State of Application Services survey have culminated in a fascinating look at the impact of digital transformation on organizations around the globe. Companies are in progress on a technological transformational journey. Four in five executives told us they are acting on digital transformation initiatives, and that those initiatives are driving adoption of cloud-native architectures and app services—with automation and security also top-of-mind.
To ensure that customers use Amazon Elastic Container Registry (ECR) and AWS Systems Manager securely, we have added default alerting rules for ECR and Systems Manager to Threat Stack.
In the service provider realm’s not-too-distant past, there was a distinct line in the sand. On the one side, networking and security teams spearheaded the evolution to an NFV architecture, with a strong focus on virtualising network and security functions. On the other side, developers enthusiastically embraced cloud platforms, DevOps methodologies, and automation via CI/CD pipelines. The edge is where they come together.
As organizations march steadily on their journey through digital transformation, the issue of integration becomes critical. In addition to the obvious ...
F5’s Tim Wagner draws parallels between Secure Cloud Architecture and urban planning in his latest blog, pointing out key considerations, items to account for, and—crucially—questions to ask at the outset that can help bring about desired results.
The inability to verify the integrity or correctness of data should be of significant concern to those organizations pursuing digital transformation efforts (which rely heavily on data). That data will be used not only to conduct business but it also forms the basis for pattern and behavior recognition. Accordingly, it will power advanced analytics that automatically make operational and business decisions without human intervention.
The new NGINX Controller 3.0 brings enhanced enterprise features that go beyond what both traditional and cloud-native solutions can offer. By giving customers (that span DevOps to NetOps) the ability to automate functions across deployment models and locations, we are opening up a new set of self-service capabilities that will increase agility, mitigate risk and enhance the experiences organizations are able to deliver to their customers.
This specific blog describes how Volterra helps users operate their applications and infrastructure like a fleet. We will explain how our control-plane based approach eases operations of a large fleet of app clusters and compare it with other multi-cluster management-plane approaches like Google Anthos, Azure Arc, Rancher, etc.
At present, it’s not unusual for DevOps engineers to use cloud-native tools, open source solutions, or other types of inexpensive (or free) resources that don’t require significant investment or interaction with the procurement team. But what if you need to advocate for a richer IT investment to drive needed efficiencies as well as to ensure better security and performance for your apps?
API stands for Application Programming Interface. Over the years, it has evolved from a tightly coupled imperative specification to a loosely coupled declarative model. Regardless of implementation and the mode of invocation, APIs tend to be associated with app development. But another API economy has been steadily expanding. It lies within operations. And in that domain, the "A" in API stands for automation.
Threat Stack has introduced additional runtime attack detection to its Cloud Security Platform to further protect web application, microservice, and API workloads against path or directory traversal attacks, and remote code execution.
Agility is the way of IT these days. We all strive for developers and operations to go faster, to unleash creativity, unhindered by the burdens of provisioning app infrastructure and resources. The trick is balancing our need for app delivery speed with the need to stay secure and compliant.
Drawing on lessons learned from its successful 2017 and 2018 Type 2 SOC 2 examinations, Threat Stack further optimized its people, processes, and tools to accommodate scope changes and successfully complete its 2019 Type 2 SOC 2 examination with zero exceptions.
The use of APIs have the potential to be transformative by enabling new business models and revenue streams. Implemented without adequate guardrails, however, APIs also have the potential to disrupt and put businesses at risk. Concluding his two-part blog series, Mark Campbell outlines steps that organizations can take to help address the industry’s present API security gaps.
Application architectures have evolved several times since the early days of computing, and it is no longer optimal to rely solely on a single, known data path to insert application services. Furthermore, because many of the emerging data paths are not as suitable for a proxy-based platform, we must look to the other potential points of insertion possible to scale and secure modern applications.
The value of accurate, insightful data is realized by detecting and acting upon a threat before the attack occurs, not a month after the breach. The F5 Threat Campaigns subscription offering provides a glance into a hacker’s preliminary approach to block attacks proactively.
The transformation from monolithic applications to ecosystems of microservices has made APIs a strategic and critical element of business success. APIs are typically designed to be externally exposed and accessed by business partners, customers, and microservices. Just like web applications, though, APIs can be a doorway for unauthorized access to sensitive data. And as with many technology advances, security considerations often trail behind.
François Locoh-Donou shares a copy of the email sent to global staff announcing F5’s agreement to acquire Shape Security.
At Volterra, the SRE team’s job is to operate a global SaaS-based edge platform. We have to solve various challenges in managing a large number of application clusters in various states (i.e. online, offline, admin-down, etc.) and we do this by leveraging the Kubernetes ecosystem and tooling with a declarative pull-based model using GitOps.
Consider this: 54% of containers live fewer than five minutes. Predictably, this leads to security topics. If you’re trying to secure access (and you should be) and trying to protect the app or API running in that container, you've got to make sure your security services are constantly adjusting policies to match the current state of the cluster. That's a lot of change going on, which means a lot of operational overhead.
For app developers, working alongside a large infrastructure-platform team can be a blessing or a curse. When that team provides infrastructure, networking, and security services in a managed, self-service model—thereby relieving developers of the toil of managing infrastructure—it's truly a blessing. But if the infrastructure team’s primary delivery is a week(s)-long backlog and a revolving door of handoffs, developers can feel cursed.
Omada Health uses Threat Stack’s Cloud Security, Oversight, and Insight Services to provide data and systems security, and HIPAA compliance.
A good way to think about how digital transformation and DevOps practices are influencing app deployment is to picture an application factory. Instead of handcrafted policies and manual review processes, network and security experts need to define reusable policies for developers to deploy with their applications as part of an automated deployment pipeline.
Since many of these applications are mission-critical, our customers expect that we not only deliver multi-layer security but also have the ability to make continuous improvements to keep their distributed clusters secure.
F5's Peter Silva: As each year comes to a close, tech pundits blow the dust off their crystal balls and share their predictions for the coming year. As someone who has (let's generously say) repurposed others' since 2012 rather than thinking up my own, here's what some of the smart folks I read expect to happen...
“With great power comes great responsibility.” Acknowledging Voltaire and Churchill, the quote is best known from the Spider-Man comics, attributed to Uncle Ben. Of course, part of the line’s cultural prevalence is that it can be applied to any number of situations and topics, including TLS inspection.
Digital transformation is about moving technology from business interactions to processes to new models. At first, it's about apps. But as app portfolios expand, it turns to focus on automation and orchestration. With the increase in data generation, transformation becomes the pivot point for new business opportunities.
The future of security rests on telemetry that is more than technical data points picked out of packets. It requires a holistic view of interactions from client to application to behavior. Machine learning requires enormous amounts of data to establish and recognize patterns. This is why programmable proxies are such a critical part of an advanced security approach.
For many enterprises, new working patterns need to coexist alongside applications, teams, and technologies that have taken root over time and are now firmly embedded into the fabric of IT delivery. Zach Westall takes a closer look at how F5 and BIG-IP help DevOps teams (and the groups they work with) deploy services throughout the application delivery stack in support of CI/CD practices.
A Dimensional Research survey of more than 3000 mobile app users confirmed what many of us believe about customer expectations today.
This blog is the second in a series of blogs that cover various aspects of what it took for us to build and operate our SaaS service.
F5 believes that there doesn’t need to be a conflict between community and commercial solutions. A balance can be achieved, but it requires a commitment to work together and constantly refine that balance as new challenges and innovations arrive.
Did you know that when Sysdig looked at its customers this year it found more than two million container instances running on-premises and in the public cloud? More exciting (for us, at least) was the data point that NGINX was running in 60% of those containers. That’s a lot of NGINX.
Robert Haynes highlights the "2019 State of DevOps Report" from Puppet, drawing on its contents and his professional experience to note: The advantages of shifting security left into the software lifecycle rely on shifting those DevOps behavior principles into the security teams as much as, if not more than, moving security tools into the pipelines.
Our customers are building complex and diverse sets of business solutions — like smart manufacturing, video forensics for public safety, algorithmic trading, telco 5G networks — and thus we need to deliver an always-on, connected, and reliable experience for these applications and their end-users.
Business Needs a Smarter Mousetrap to Catch Next-Generation Attacks.
At NGINX Conf 2019, we conducted more than 50 recorded sessions covering various subjects. This blog shares takeaways from one of the hottest topics in the industry: Site Reliability Engineering (and also the related topic of Chaos Engineering).
Cloud-native applications are being built at a good clip. While they're not quite dominating app portfolios just yet, they are increasing in number.
Soon, every organization dealing with multiple interconnected devices and rapid data processing demands will need an edge computing strategy, not to mention the technology to make it all work.
The pressure to transform digitally has become universal. Whatever your strategy is, the trick is to figure out how to deploy and manage applications in a consistent way across all your different infrastructure silos. The best way to do this—and to get visibility into your code-to-customer pathways for all of your applications—is to leverage a consistent set of multi-cloud application services.
APIs create value through their ability to abstract at the application layer. For example, the use of an API to abstract access to internal systems and data provides a way to simplify and automate access to legacy IT systems.
After more than two years of working with customers around the globe, heads-down development of a major platform, and yes, many long nights, we have hit a key milestone for our company -- launching.
Software as a Service (SaaS) offerings are becoming increasingly prevalent across all industries as organizations look for ever more dynamic and flexible ways to leverage software while ensuring operational stability, cost transparency, dynamic scale and agility.
TJ Maher examines 10 reasons why his team uses the ThoughtWorks Gauge cross-platform test automation framework to set up acceptance tests at Threat Stack.
All cloud journeys are unique and can be complicated, with very different objectives, strategies, and hurdles. So let’s take a look at how F5 can help you and your applications wherever you are in your cloud journey.
It doesn’t matter how fast you can deliver if deployment delays release. While NetOps are warming up to automation and orchestration, there are significant challenges facing their efforts to speed up deployment.
In recent years, enterprises in every industry sector have been embarked on a digital transformation journey in one way or another. Business enterprises are taking advantage of the proliferation of digital technologies to define new business models or to improve business productivity with existing models.
Visibility is an often-cited challenge typically referring to the ability to inspect traffic, transactions, and errors that occur during an application's execution.
F5’s Maggie Miller chats with an industry analyst on the trends driving optimism in the channel, how today’s buyers are different, and advice for F5 partners in this ever-changing market.
We are thrilled that Intel has named F5 as a 2019 Leaders Board partner in the Intel® Network Builders program. Our strategic partnership with Intel has, for more than 15 years, enabled F5 to use Intel technology to deliver optimized, highly performant application services for both enterprises and service providers.
Digging through Sumo Logic's latest data - compiled from actual usage of more than 2000 customers - we see an increase in Kubernetes usage specifically in AWS.
For seven weeks in July and August, F5 partnered with Girls Who Code to host 20 high school junior and senior girls in our new downtown Seattle headquarters with two goals: teach them coding skills and prepare them for a potential career in technology. In saluting their accomplishments on the International Day of the Girl, Kara Sprague provides a retrospective blog detailing this effort tied to F5's Global Good Program.
Today, "machine" also includes code running independently on devices, APIs, containers, serverless architectures, and of course VMs. Because they are software-defined, these machine types are easily created, changed, and destroyed throughout the day, every day, making software-defined machines an important part of the app development workflow.
Breaches abound. Vulnerabilities are discovered on a daily basis, and the patch gap doesn't seem to be getting any smaller.
F5 has a cloud-based solution available called the F5 DNS Load Balancer Cloud Service that leverages the AWS SaaS Enablement Framework and is now available in AWS Marketplace. While load balancing has traditionally been handled on-prem quite successfully, Roger Barlow outlines the many advantages of a SaaS-based approach.
Peter Silva provides a quick introduction to NCSAM 2019, highlighting the theme of “Own IT. Secure IT. Protect IT.”, and also touching on resources F5 provides to help customers better secure applications.
The open source movement has always focused on freedom. The freedom to choose the solution that works best for you given skills, budgets, architecture, and goals.
Our understanding of the role of application services in an increasingly application-centric business world has grown considerably thanks to the thousands of respondents who take time to respond every year.
The average person now has more than 80 apps installed on their phone. That same person interacts with an average of nine of those apps every day, and thirty over the course of a month.
[Guest blog post] To promote app delivery automation, HashiCorp Terraform enables network operation teams to treat the F5 BIG-IP platform ‘as code,’ so the network infrastructure can be provisioned automatically when new services are deployed. Consul’s central service registry and service discovery capabilities track the real-time network location and health status of all backend services.
Researchers from the University of Kansas and the Stevens Institute of Technology are focused on developing a new metrics framework for security operation centers (SOCs) that measures and validates SOC performance against enterprise network security. Peter Silva provides more detail on this project and its connection to F5.
This post shares insights into 10 automated testing tools that Threat Stack uses to make sure that all the functional areas of its platform are being tested effectively and efficiently.
Through Unity+, F5 is collaborating with our partners to better meet their business needs and serve our mutual customers with flexible licensing models, greater deal registration differentiation and easy-to-consume sales and pre-sales technical learning paths.
Who reading this is running OpenStack in their production environment? Prometheus? Perhaps you're generating Grafana dashboards? GitHub. GitLab. Nagios. Jenkins. Ansible. Puppet Enterprise?
Following the popular 2018 Application Protection Report, F5 Labs (the company's security threat intelligence research team) is introducing a portal for its Application Protection Research Series to cover longer timeframes and the big-picture threat landscape. In addition, the team is rolling out an Education series centered on foundational concepts in information security, designed for people new to the industry or interested in exploring a particular niche.
Along with the larger container ecosystem, service meshes continue to plow forward toward maturity. We're still in early days, though, and there are a variety of approaches being applied to solving the problem of intra-container traffic management with service meshes.
Predictions that the data center is dead - or at least on its death bed have been made many times since the ascendancy of cloud to the majority industry mindshare. And it continues to be wrong.
F5 and NGINX are not just integrating to go to market in the same old way together. The fundamental inspiration behind the acquisition was the fact that there’s a ton of value we can deliver together as a combined portfolio. Jointly, we deliver solutions that span the entire application lifecycle for monolithic, three-tier, and microservices-based apps alike.
Peter Silva notes some of the ways that the capabilities of our five primary senses are being recreated using sensors. Today, gadgets (and IoT technologies) are being built that work in conjunction with, or completely replace, capabilities of the eyes, ears, nose, tongue, and hands.
In this post, Tim Buntel explains how Threat Stack’s Application Security Monitoring satisfies the two distinct needs of PCI DSS Requirement 6.6: 1) Reviewing applications to proactively find vulnerabilities (and then make sure they get corrected), and 2) Detecting and blocking attacks in real time.
Businesses want speed. One of the impacts of digital transformation - and the associated pressure to succeed in an app economy - is the desire to move at speed.
At VMworld 2019 in San Francisco, F5 polled attendees at its booth to find out what their most formidable challenges were in their jobs. Focused around the functions of NetOps, DevOps, SecOps, and AppDev, this in-the-moment research reveals how various IT teams are thinking about automation, security, digital transformation, and collaboration between the separate groups.
The first thing to note is that cloud-native, despite its name, does not require cloud.
Deploying applications at the speed of users can paradoxically be something of a slog. IT, DevOps, and SecOps organizations may spend hours/days/months trying to figure out ways to simplify the delivery of applications while providing the safety and security required by today's users. This blog gets into one way that F5 and technology partners are addressing the associated challenges.
This September, in Seattle, NGINX will be hosting its annual conference. I'm already booked to go and you should (very seriously) consider attending, too.
At this point, you’ve probably noticed some common security themes across this topic. While there are a number of security issues that are specific to containers – like those dealing with configuration and images – most of the basics for container security are techniques you’ve used elsewhere to secure traditional apps and infrastructure.
One of the interesting – and more frustrating - things I've noted over the years is the differences between how network engineers and application developers see apps. We've seen this in the way applications are depicted on network diagrams and, conversely, the way networks are shown on application architecture diagrams.
The key to simplifying multi-cloud architectures is to standardize elements wherever possible. By employing tools that can be used across environments, much of this complexity is abstracted away as you move from a cloud-specific to a cloud-agnostic service portfolio.
Workload is a fairly recent term that is often used to describe applications but can also refer to infrastructure services. That’s important, because there can be a variety of ‘workloads’ running in your container clusters that aren’t necessarily coming from your developers.
In the days of yore, transmissions in cars were manual. Some might have referred to them as a "stick" thanks to the mechanism by which you shifted gears. In those days, an automatic transmission was something special that you often had to order.
The orchestration layer of container security focuses on the environment responsible for the day to day operation of containers. By the data available today, if you’re using containers, you’re almost certainly taking advantage of Kubernetes as the orchestrator.
To manage application capital effectively, companies need to start by establishing a companywide application strategy that sets policy and establishes a basis for compliance. The application strategy should address how applications in the enterprise portfolio are built, acquired, deployed, managed, secured, and retired.
In traditional network infrastructure there are generally three architectural planes associated with network infrastructure: data, control, and management.
Threat Stack’s Application Security Monitoring detects and blocks real-time attacks at runtime while also giving developers the context they need to build in security that can help prevent future attacks.
In an era of application capital, the CI/CD pipeline is a critical component upon which rests the speed and security of the applications it builds and delivers.
Have you ever tried to drive somewhere as fast as you can, but you hit every red light along the way? Murphy’s Law, right? Well, the same thing can happen when you’re deploying your applications—either in your private data center or in a public cloud.
When it comes to breaches involving apps and data exposure, fingers are almost always pointed at developers. Many times, this is the right direction. Injection attacks and stack-based exploits are almost always the result of insecure code.
Container adoption continues to accelerate across (almost) all areas of IT. But what does container security really mean?
Threat Stack’s Application Security Monitoring embeds security in development processes with no negative impact on agility or speed of application development and deployment.
Lori MacVittie continues our blog series surrounding F5’s acquisition of NGINX, discussing the concept of operational simplicity.
What is Magecart? Magecart is really a term given to a group of cybercrime units. At least a dozen groups are responsible, and each have their own specialty. F5’s Peter Silva examines how it was also last year’s #1 root cause of retail, tech, and manufacturing breaches.
F5's Tom Atkins provides a quick snapshot of relevant cloud security topics leading into this week's inaugural AWS security, compliance, and identity conference in Boston.
Let's stop spending so many cycles on what to call each other that we miss the opportunity to create a collaborative environment in which to deliver and deploy apps faster, more frequently, and most of all, securely.
When it comes to multi-cloud consistency, Lori MacVittie discusses why a failure to recognize the two different types of consistency - functional and operational - and their importance is at the root of the problem with implementation.
The path to production is not a product. It's a process. And it's a process that needs to be collaborative and delivered in parallel whenever possible to improve time to value and enable successful application deployments.
It seems like the whole world is encrypted. That can be a very good thing, as encryption keeps our personal info safe. But, encryption also creates security challenges, such as blind spots where hidden threats like malware and malicious payloads can lurk. Fortunately, F5 and Cisco have a solution.
It is the use of cloud-provider security services that can dramatically impact the operational costs of doing business in the cloud - especially when it comes to managing application services infrastructure. Lori MacVittie discusses how augmentation and strong password practices will help constrain the cost of doing business in the cloud.
F5 SVP Calvin Rowland explains how F5 and Cisco are bringing ACI and BIG-IP closer together.
Because such transitions take time - we're still almost all operating in a multi-cloud model today, after all - it's important to find and take advantage of architectural options that maximize benefits without compromising on core customer needs like availability and security. Using a two-tier architectural approach provides both without constraining containerization efforts.
Peter Silva summarizes a recent report on how organizations are moving quickly to adopt the new standard of Transport Layer Security (TLS) 1.3, while addressing both operational and security concerns as a result of the transition.
With a staggering 60% of users experiencing a container security incident in the past 12 months, if you aren’t already practicing safe containerization, Lori MacVittie shares five steps to consider putting into practice.
There’s nothing like a large conference or event to really show you how new technologies and solutions are impacting the real world. And often, the most meaningful interactions are not with vendors or sponsors, but with the attendees—the people responsible for implementing all the exciting new tools that the rest of us work so hard to develop.
We look at the trends and changes in application services usage – across security, performance, and identity/access – from the first quarter of 2019.
Right now, DevOps is the topic for developers and network experts. The next step in understanding the state of the market was our recent webinar series, Why Application Modernization Matters to Digitalization, in collaboration with experts in this topic. What did they have to say?
F5 SVP Calvin Rowland recaps last week’s Red Hat Summit in Boston, highlighting the continued partnership between the two companies that resulted in F5 being honored with a Partner Technology Innovation Award by Red Hat.
The majority of organizations across the globe and in every industry are currently in process of digital transformation. Lori MacVittie looks at the latest trends surrounding the digital economy and supply chains to better understand how enterprises are changing how they develop apps, when they deploy apps, and with what architectures.
Employees are often frustrated with corporate security policies and in general, most people’s primary jobs are not security related. F5 Security's Peter Silva discusses why it's important to devise security policies that work for, rather than against employees.
Operations needs integration. Without it, we can't automate processes (which is what orchestration is) because processes necessarily span multiple systems, services, and devices—each of which likely has its own operational domain and toolset.
Our Bridging the Divide series continues with Robert Haynes addressing the long-standing myth within the networking and security communities; that secure software architectures are inflexible, and agile-delivered software is less secure.
We are nearly numb to breaches today because they happen with such alarming frequency. At the same time, we are so enthralled by our own brilliance in cryptography that we forget that most data at rest—tucked away inside databases—is unencrypted.
Bringing together F5 and NGINX, we will be able to satisfy the requirements for “reliability” no matter the definition. Whether that applies to the reliability of small, developer-driven deployments scaling modern applications or large deployments scaling application services and traditional apps alike, a combined portfolio will offer customers the ability to use the right tool for the right app.
There is a growing demand for APIs. Whether helping to fuel the digital economy by enabling mobile apps or internally pumping up productivity through automation and orchestration initiatives, APIs are everywhere.
As the world of container technology matures, so does the integration of the enterprise-class technology required to support it, encouraging traditional offerings to move in the direction of container orchestration environments like Kubernetes.
Today, both traditional and modern architectures are valid and necessary for business to succeed in delivering digital capabilities faster and more frequently and, most importantly, in the most efficient way possible to support its most valuable asset: a multi-generational portfolio of applications.
Digital transformation is driving growth of application portfolios and changing the way in which they are developed, delivered, integrated, and ultimately even consumed.
If you have already started automating F5 application services, you are likely familiar with using automation tools such as Ansible. To support more use cases and make application service deployment easier, F5 is releasing Application Services 3 (AS3) as part of the F5 Automation Toolchain.
The challenge of consistent security across applications remains. One of the culprits appears to be that application services aren't always moving with the applications they protect.
Not every customer is at the same place in the journey to automation, so we’ve built F5's Automation Toolchain as a set of components that can be broken apart and used independently, then brought together as a unit when the time is right.
We've seen too many articles that pit DevOps teams and NetOps teams in opposition to each other, almost at the personal level. That’s not helpful, and this isn't one of them.
With consistent services and policies in the Alibaba Cloud, and across other supported cloud environments, operations teams can comfortably secure and optimize any app while providing developers the architectural flexibility to pick and choose their cloud of choice.
With the general availability of GKE On-Prem (a core component of Google Cloud’s Anthos), F5 reveals its integration with this new solution, allowing its users to get one step closer to crafting a truly hybrid cloud architecture.
In recent years, there’s been a volley of sorts about data replacing oil as the world’s most valuable resource. And, as you might imagine, there is far from uniform agreement on the topic.
F5’s Hitesh Patel: In this environment, the bar for success is no longer releasing a new product. It’s continually engaging and listening to all of the product constituents—customers, partners, F5 engineers, support staff—in a constant lifecycle of innovation and improvement.
Componentization is great for development and certainly aids in speeding up time to value. But it can have a negative impact on performance - and security.
Looking forward, F5 and NGINX can enable enterprises to address one of IT’s most pressing needs: fast, frequent deployments across a varied set of application architectures residing in multiple cloud properties. We believe that doing that successfully depends on NGINX remaining open source and being driven in large part by the community that built it.
F5 CEO François Locoh-Donou introduces a blog series to explore the divide that has existed between modern, open source applications developed in (and for) the cloud and the traditional, mission-critical applications that are often the last to migrate out of the enterprise data center.
DNS remains one of the least appreciated application services in existence. Its role is so important, that its failure is considered catastrophic.
Venu Aravamudan, SVP & GM, F5 Cloud Services: F5 Cloud Services accelerate application delivery through a frictionless, intuitive multi-cloud platform. These SaaS solutions are optimized for cloud-native applications and microservices.
With the launch of F5 Cloud Services, Principal Product Manager Roger Barlow walks you through the specific advantages of the DNS Cloud Service, offering secondary authoritative DNS.
Building on the trio of managed rules for AWS’ native WAF delivered in the fall of 2018, we are excited to announce another ruleset which focuses solely on the protecting your APIs against existing and emerging threats, including XML external entity attacks and server-side request forgery.
We have to move from relying on Moore's Law to increase our capacity and speed to relying on a system of systems that scales itself to process more data, more frequently, and faster than ever before.
SVP of Business Development Calvin Rowland shares his excitement around F5’s acquisition of NGINX and looks ahead at the promise of combining technology partner ecosystems with open source efforts to benefit customers and deliver end-to-end application services.
Today, your applications are your business, and they are also the gateway to your data for cybercriminals. Protecting your data, and your business starts by thinking app security first.
Keiichiro Nozaki reflects on DevSecCon Singapore 2019 and the evolving roles of DevOps and Security teams, as well as the benefits of collaboration for both.
Given the slow but steady adoption of HTTP/2 and the security challenges posed by HTTP/3, the latter is likely to face a long, uphill road to adoption for the foreseeable future.
Fail fast is the mantra of speed today. Whether DevOps or business, the premise of operating in a digital economy demands uptime as close to perfect as you can get it.
F5 collaboration drives deeper integration for greater application services, development and security across Microsoft Azure Stack environments
Team structure matters. Not just because of the need to encourage a more collaborative culture, but because of the way it impacts decisions - including technology choices.
I am thrilled to announce we have signed an agreement to acquire the open source leader in application delivery, NGINX.
Microservices and Function as a Service (FaaS) often facilitate Agile development because a relatively small team can design, develop, and then refine a service much more quickly than they can a large, monolithic application. But there's another interesting benefit of microservices and FaaS that isn't being touted as much as it should: security.
For five years we've asked thousands of respondents across every role in IT and around the world a simple question: What one thing would you never deploy an application without? In other words, what's the most important thing you can provide for your applications?
No one wants to abandon the substantial investments made in 4G, but no one wants to fall behind in the race to deliver 5G either.
By layering an F5 Advanced WAF in front of a 3scale API gateway, you can benefit from additional security measures that include the use of IP intelligence to identify threats faster and more accurately, the ability to offer a secure API façade internally or externally, and protection against a variety of application layer attacks.
As the telecom network evolves to support a wide variety of use cases across different industry verticals, we note telecom respondents are raising their technology profile as leaders.
While most of the focus of programmability is on operations today, there remains a significant amount of data path programmability that's vital to enabling consumers to interact with applications.
If you don’t like change, IT is a bad place to be. There are those that might argue that, even if you readily embrace change, IT can still be pretty challenging. However, despite the continuous, incremental changes, there are key inflexion points worth calling out.
Function as a Service (FaaS) is quickly finding use in a variety of operational and development contexts. And while the rising star of cloud computing is often mentioned in conjunction with APIs and IoT and mobile apps, there is significant use outside development for the technology.
When we received and started analyzing the results in The State of Application Services for 2019, we took a close look at some of the items on organizations’ agendas. It shows that while our part of the world has much in common with the rest of the planet, there are some important differences.
SVP Calvin Rowland digs into a joint solution with Equinix that enables high-speed key retrieval, allowing BIG-IP to decrypt and orchestrate SSL traffic for any application regardless of its location—on-premises, private or public cloud—thereby drastically simplifying multi-cloud key management…and giving you one less thing to worry about.
The Year of the Pig is upon us! Peter Silva offers his thoughts on the coming year and what it might represent for businesses, security, and the larger industry as 2019 unfolds.
We know that just about half of the traffic on the Internet today is generated by bots. Some good, mostly bad. Operational efficiencies from automation and machine learning—usually discussed in a more positive context—are also being weaponized to perform reconnaissance probes and attacks alike.
The strategic importance of data can only be realized through an application. And an application can only fulfil its purpose by interacting with data. This strategic codependency can be clearly seen in this year’s State of Application Services report.
BIG-IP Cloud Edition gives you role-based access to build and configure F5’s market leading application services for your apps.
Container adoption has been a steady course to consume budget for a couple years now. What may be a surprise is the reasons behind that adoption. Spoiler alert: it isn't really about microservices.
As DevOps has continued to press its case inside of IT, we've seen the adoption of automation and "as code" methodologies, including growing use of CI/CD tools like GitHub enterprise and Jenkins within the production pipeline. This post from Lori MacVittie and the Office of the CTO takes a closer look at Infrastructure as Code and what F5 is doing to enable and support it.
APIs are the new CLI. Increasingly, it is through an API that infrastructure and application services are provisioned, configured, and operated. Between automation and integration into deployment pipelines, the API is a critical component that every device—hardware, software, on-premises, or cloud—must have.
As a global solution architect at F5, I have the opportunity to look at a lot of access architectures and while many are aspiring, few have achieved their Zero Trust goals.
In a recent survey conducted by Appian, one in 5 respondents reported a backlog of over 50 application requests, and 72 percent don't believe they can scale up to meet demand.
Five years ago, the industry was questioning the role of traditional IT – today IT organizations are embracing cloud and investing in the skills and toolsets required for automation. Cindy Borovick looks back at the industry’s progression in the context of the just released 2019 State of Application Services report.
Diving into application services alone is (almost) always interesting. But delving into the applications, environments, trends, and technology that drive organizations to use an average of 16 different applications services gives us a valuable glimpse of what IT and business will look like in the next year.
Lori MacVittie comments on the role of cloud and application services in the context of F5’s upcoming State of Application Services report. In all its forms—public, on-premises private, and SaaS—cloud has maintained its place of strategic importance, impacting the application services deployed, the tools and technologies used to automate and orchestrate IT, and even in the evolution of team structures inside organizations. Will this year continue the trend?
Lori MacVittie: For as long as I can remember—which is a long time—the siren call of a single pane of glass through which to view and operate infrastructure has lured IT. Like the Holy Grail, it has never been discovered and a good many IT professionals have become cynics as to its existence.
Serverless is the rising darling of the cloud world, but it's often misunderstood and attributed with almost supernatural powers to reduce costs, speed time to value, and make you breakfast in bed. And if that wasn’t enough, it’s also frequently conflated with Function as a Service (FaaS).
Learn about the 3 payloads associated with flatmap-stream and how they can be exploited.
The growth of container app development incorporated into DevOps pipelines is nearing peak adoption across the app landscape, but some challenges persist. F5 declarative automation and orchestration solutions combined with ecosystem integrations are capable of delivering app services anywhere, including as Ingress into container environments.
As the worlds of DevOps and NetOps collide and container environments subsume definitions traditionally used in the network, let’s explore the use of the often-confusing term "ingress" in terms of the data path and container environments.
Regional VP of Channels Lisa Citron congratulates the winners of the 2018 North America Partners of the Year Awards, recognizing the exceptional performance of strategic resellers, service providers, and distributors in providing training, solutions, and support to further extend the value of F5 technologies for customers.
Ankita Bhalla revisits the importance of understanding the industry’s use of third-party hardware, highlighting F5’s iHealth and new Remote Attestation for TPM Chain of Custody feature as examples of how F5 helps keep you and your applications protected.
Cloud showed us a better way to onboard, provision, and operate network and application infrastructure—aspects that have been steadily pushing their way into the data centers of organizations worldwide. But the digital transformation that began with cloud is now seeping into on-premises systems to bring about something far more interesting: the breakup of the network.
Coupled with Cisco Firepower series’ threat mitigation and performance capabilities, SSL Orchestrator performs the computationally heavy workload of decrypting traffic before distributing it to other devices in a security stack, so those same security devices are now able to cost-effectively scale.
Keiichiro Nozaki, regional marketing architect/evangelist, recently attended the Gartner Symposium/ITxpo 2018 Asia Pacific on the Gold Coast, and asks the question: How many organizations are ready for digital transformation?
It’s important to recognize that it’s not always NetOps teams that get in the way of deploying the latest thing/app/service. Impediments to speed are often due to a failure to adopt all the premises of DevOps as organizations seek to transform IT operations.
A KubeCon dispatch from F5’s Robert Haynes: One of the enabling technologies behind the adoption of platforms and working practices has been the systems that link intent to action in an automated, integrated way. Application services have to be part of this chain, and this represents a more fundamental shift than simply a change in runtimes.
This week sees the release of BIG-IQ 6.1, the latest evolution of F5’s management platform. Dan Schrader walks through the benefits of this new version, focusing on declarative technology for automating the delivery of network services, as well as updated security reporting and dashboards.
It’s the time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Peter Silva collects his picks of notable prediction lists making the rounds as 2018 comes to a close, along with brief commentary on each.
With “machine identities,” we’re simply talking about how to ensure that an automated process can identify itself, and how other automated systems and processes grant the appropriate level of access to relevant resources. This concept is not new. What is relatively new is the scale at which it needs to be implemented.
Lori MacVittie: There remains a tendency to equate containers with microservices. And by equate, I mean “use interchangeably.” This is a bad assumption.
SVP Kara Sprague discusses the increasingly important role of containers amidst developer scarcity in the age of Application Capital, also noting F5’s just released open beta for Aspen Mesh, a fully-supported service mesh built on Istio.
Timed to coincide with next week’s KubeCon in Seattle – one of the biggest DevOps-focused conferences of 2018 – we’re highlighting a dozen of our favorite pieces of DevOps-related content from the past year.
As the dust from the recent re:Invent conference settles, Tom Atkins reflects and takes a closer look at the most notable advances from what has been another dynamic and productive year for F5 on AWS.
Shawn Wormke from Aspen Mesh explains how service mesh is a glue that helps unite Development and Operations teams, providing one place in the stack that you can manage microservices at runtime without changes to the application or cluster.
The stability and speed of today’s networks enable application services to act within a scalable system. Instead of a system deployed on a box, application delivery can embrace a modern, stack-based design. It can now be distributed to better take advantage of advances in technology and software, while continuing to benefit from expertise gained in previous years.
2018 brought us larger breaches, bigger DDoS attacks, and intensifying challenges for organizations to face when defending their infrastructure from criminals. Applications were notably a primary target, and as 2019 rounds the corner, we need to be prepared for the continuous evolution of both cybercrime and security.
Mainframes have a bad rap in IT. They are viewed as dinosaurs, when the reality is that they provide a significant source of computing power for many organizations—computing power that’s growing in use. They also have more to do with DevOps, Agile, and other modern methodologies than you might think.
Companies developing and deploying applications in the cloud can face inefficient IT operations, scarce developer resources, rising app experience expectations from users, increasing security risks, and cloud migration challenges—just to name a few. SVP Kara Sprague digs into the role chaos plays in spurring IT innovation and how F5 solutions enhance and protect organizations’ most valuable assets: applications.
Lori MacVittie highlights F5 Labs research on global attacks against IoT devices from January–June 2018, pointing out the sobering implications. Not only do IoT devices continue to be exploited, but they are being transformed into attack platforms, meaning attackers can better take advantage of what’s emerged as a guaranteed growth market.
Modern security is a multi-vendor proposition. F5’s industry-leading Web Application Firewall solutions (such as Advanced WAF) can now be integrated with AWS Security Hub, allowing predefined alert information from blocked traffic (such as attack type, source, etc.) to be escalated to this central console for further review, alongside inputs from other security products.
A particularly compelling advantage of applying machine learning to application security is that it focuses on constantly learning what is normal and identifying what is not. Lori MacVittie explains how layer 7 Behavioral Denial-of-Service (DoS) protection is like a flu vaccine that's capable of detecting the virus responsible based on its behavior rather than its actual composition.
Before the start of AWS re:Invent, we’re excited to share the new Quick Start integration between F5 and AWS. F5’s Tom Atkins discusses how the service launches, configures, and runs the AWS compute, network, storage, and other services required to deploy your workloads on AWS.
Cryptography is naturally a computationally expensive process, meaning it takes more CPU cycles to encrypt or decrypt a message than to execute business logic. For cloud deployments, these added CPU cycles have been an accepted cost because the point is to shift capital costs to operational expense. But decrypting and encrypting a message multiple times—at a non-zero cost each time—can really add up.
F5’s Robert Haynes looks forward to AWS re:Invent, sharing his perspectives and tips on how to avoid an ‘enthusiasm hangover’ after the conference when returning from a week’s worth of heady discussions around cloud innovation, enhanced features, and new opportunities.
In technology, simplification means abstraction, with declarative interfaces serving as a good example of that abstraction. By simplifying the interfaces used to provision, configure, manage, and integrate infrastructure today, declarative interfaces democratize infrastructure and open up opportunities for both NetOps and DevOps.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer. Of note this quarter again is a continuing rise in use of bot defense services, as well as growth around analytics-related services.
Generally speaking, “ignore vulnerabilities” is not something you expect to hear from a security company. And you certainly don't see “ignore vulnerabilities” paired with the notion of “improving security.” But now you have. F5’s Lori MacVittie is kind enough to elaborate.
When approaching your production pipeline “as code,” it’s a certain bet that multiple sets of operators and developers will be responsible for it. This lies at the heart of the push for standardization—especially as NetOps takes the plunge into developing and maintaining systems to automate and orchestrate elements of the network and application service infrastructure.
So how does one flesh out a detailed digital transformation plan? First, take a quick look at the relationship between applications and your ambitions around digitalization. Then, work with partners and vendors who have been guiding the application-focused evolution of business processes for years and have delivered tangible results.
Just as it’s true that the application platform—the web or app server or app engine—must be provisioned first, so too must the network and application service platforms be provisioned before they can be configured. Increasingly, and especially in cloud environments, that provisioning and configuration process is driven by systems like HashiCorp's Terraform.
The Open Web Application Security Project is a non-profit organization dedicated to providing unbiased, practical information about application security.
In this series of webinars, learn how F5 can help you navigate the sea change in network and application management.
Speculation continues around why businesses and industries formerly reluctant to officially encourage open source software use have suddenly embraced it. Most often, the legacy culprit is assumed to be a fear of legal liability. But another catalyst is the driving force of digital transformation.
Serverless means developers don’t need to worry about infrastructure. And the business, too, sees value in its speed and efficiency. Combined with the frictionless nature of deploying code with serverless, you can be out the door with functionality in hours rather than weeks or months.
F5 is one of an exclusive group of launch partners of AWS’ Consulting Partner Private Offers Program, giving partners extended capabilities in making F5 application services available to customers via the AWS Marketplace.
Infrastructure, Configuration, Pipeline, Operations. Suddenly everything is “as code.” Lori MacVittie attempts to sort through the terminology and identify the different components within a continuous IT stack.
Chief Architect Dave Schmitt and the Office of the CTO reflect on the importance of hardware security expertise in the context of the recent Bloomberg piece on Super Micro. The article also includes questions to ask your vendors to help make sure your systems are protected.
Lori MacVittie explores how the industry has found itself with a strange hybrid of Service-Oriented and Microservice architectures that leaves many wondering where one ends and the other begins.
When we recently polled IT ops practitioners on the ‘State of Network Automation,’ we found the market experiencing a number of challenges. Among those cited specifically by NetOps professionals was a lack of integrated tools with which to move forward with automation efforts.
While the adoption of cloud and containers have disrupted typical network architectures, applications remain tethered to the data for which they are the primary interface. CTO Ryan Kearny explains how a cause-and-effect relationship between apps and data is critical to the future of application delivery, particularly as we find ourselves on the verge of generating more data than we can move.
The goal of automation in almost any industry focuses on optimization and eliminating bottlenecks. In the world of IT, that typically means addressing the in-between steps of an operational process.
From day one of development through post-deployment, the choices we make regarding the security of the entire application stack play out with far-reaching consequences.
A closer look at recent enhancements to the F5 Labs site, and how the team is improving access to application security and threat analysis research.
For many IT groups, the pressure to migrate to public clouds is immense. An F5 collaboration simplifies applications running across Microsoft Azure Stack regions into a consolidated infrastructure for business operations.
F5 is highlighted in this year’s 2019 TAG Cyber Security Annual, designed to provide advisory guidance to security professionals.
APIs are not integration. They are a means to implement integration. And judging by the challenges seen in the industry, they aren’t enough for IT to get continuous.
The evolution of F5’s annual survey now emphasizes the application services you need rather than the platforms you use to deliver them. Learn more and participate in the survey today!
Learn how to intercept and modify JavaScript on the fly using Chrome’s devtools protocol.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer.
Lori MacVittie comments on a recent report from Lacework highlighting the need to reiterate one of the common core security rules: Thou Shalt Not Leave Admin Consoles Open
Just as previous app architectures have driven responses in the network infrastructure, so are containers and microservices. Only this time the changes aren’t coming in the form of a new box. What’s happening now is the move to integrate the application services developers need into the container environment.
During F5’s recent Agility conference in Boston, a group of industry participants from the global service provider community met to discuss and debate topics such as the role of emerging SDN infrastructures, automation, and security.
For decades, application services have been deployed on shared platforms. But emerging application architectures such as microservices are forcing changes in the production pipeline that better map to modern deployment schedules and operational practices like infrastructure as code.
From F5’s Office of the CTO, Lori MacVittie draws connection points between DevOps practices and F5’s new declarative interface that decreases reliance on APIs and increases the ability to implement a fully automated, continuous deployment pipeline.
Lori MacVittie explores the potential of achieving an ‘MVD’ for an application by adopting a per-app architecture for its tightly coupled app services.
The association of a singular identity with an IP address is so tightly ingrained in our heads that we tend to apply it to other areas of technology. Even when it’s utterly ineffective.
SVP Kara Sprague explores the emergence of Application Capital in the context of customer expectations, industry trends, and F5 innovations.
The data shows that despite the challenges inherent in automation, NetOps aren't nearly as far behind as some posit.
Sometimes I love reading commentary from El Reg on IT and technology. Delivered with just the right amount of bite, their bark is often right on target. Other times, though, they miss the mark.
One of the interesting things about the cyber security industry is the degree to which vendors essentially wind up on the same side.
So says the data. It would be easy to dismiss the importance of network automation by claiming that the size of your organization
Or is that ‘tears’ of frustration? ¯\_(ツ)_/¯ Perhaps it’s both.
There is a relationship between network and application architectures. Usually we like to talk about how changes and shifts in application architectures impact the...
In a more balanced world, application users would have the same level of concern for the security of their data as they do for their access to it.
Oh yes. It’s happening. Consider making it a part of your overarching cloud strategy to make the process less painful. What do the following have in common? Salmon, Canadian Geese, Monarch butterflies, and applications. If you guessed all of...
Multi-cloud is one of the hottest buzzwords in IT today. 85% of organizations are committed to a multi-cloud architecture. The other 15% are probably doing it by accident.
Back in 2015, I noted that Software was Eating IT. That was based on data culled from a variety of industry sources included RightScale, HBR, PWC, and others. From development to deployment to delivery, software was taking over everywhere. But...
A full-proxy for both SSL/TLS and HTTP, SSL Orchestrator can make intelligent decisions to steer inbound and outbound traffic to service chains within the security stack. No other solution can do that.
Frank Strobel highlights the role of F5's partner ecosystem in strengthening security, increasing scale and availability, and reducing operational costs.
What do terms like Identity Perimeter and Zero Trust actually mean for you? Graham Alderson takes a look in the context of F5's new Access Manager.
Sure, a data breach may cost more (at least right now) and it certainly forces your failure into the limelight (you gotta notify) but security can’t be just about data exposure. These days you only hear about a breach if there’s been a data...
As a developer, my favorite editor for writing code is vim. I know, I know. But it’s fast, I can get around in it, and it isn’t emacs. (Yeah, I went there.)
Perfect for development and test purposes, these instances provide true cloud-native operational flexibility with no long-term commitments or contracts.
Brian McHenry looks at F5's diversity of WAF services and web application security capabilities in the context of a recent analyst report.
There’s an old business axiom we all know that goes like this: The customer is always right. In this digital economy, it turns out that axiom has to change to read: The customer’s data is always right. Let me illustrate with a little...
There are days when the jargon coming out of container land makes your head swim. With each new capability or feature offered by related solutions – service mesh, orchestrators, registries – seems to mandate a new term or phrase.
These virtual editions protect applications and data with complete feature parity across on-premises and multi-cloud deployments.
F5 rounds out its appliance portfolio with improved price/performance, along with enhanced security and compliance features.
Back in 2013, we were introduced to the concept of an immutable server. An immutable server is, as the term immutable suggests, static. Its configuration is fixed and cannot (or at least should not) be changed. If changes are required, a new...
The Hunt for IoT by our own F5 Labs threat researchers continues. Its latest report exposes not only an active search for vulnerable IoT devices, but the targeting of build infrastructure.
When I was a wee lass getting ready to deliver my company’s very first Internet-enabled application, I learned a valuable lesson. It wasn’t about technology. It wasn’t about the Internet. It was about processes and how frustrating they can be t...
With F5 BIG-IP virtual editions, IoT-focused organizations can seamlessly deploy in public or multi-cloud environments with maximum flexibility.
Confidence in the public cloud is on the rise as the market and platforms mature, thanks in part to certification and competency validations from major providers.
AWS has just announced enhanced F5 managed security capabilities on AWS WAF around Bot Protection, CVE Vulnerabilities, and Web Exploits.
It’s time again to dig into the application services organizations are actually using to make apps faster and safer. Of note is a rise in use of bot defense services and the slow but steady inroads being made by HTTP/2. While not an application..
Changes to the EU’s roaming regulations and raised awareness of security risks are fueling dramatic increases in GPRS Tunneling Protocol (GTP) traffic.
Apps are under siege. Attacks occur with alarming frequency – every 39 seconds according to research conducted by the University of Maryland
Network slicing is one of the most important 5G innovations available to mobile operators, allowing them to subdivide one physical network into multiple logical networks.
Introducing Per-App offerings of F5 BIG-IP Virtual Edition for local traffic management and web application firewall services.
DX for BFSI industry Summary blog from Analyst Communication in APCJ theater by Kei.
Discover the key findings of F5's fourth annual State of Application Delivery report.
With our 4th annual SOAD report published, we look back and share how the market has evolved, and what we have learned.
Lori MacVittie continues her series on “The Art of Scaling Containers”, after touching on discovery and distribution, this blog digs into retries.
Like multi-cloud, automation can be (and should be) strategic. In a perfect IT world, we would see the smooth road of (internal) digital transformation follow a predictable path to success. It would start with the selection of platforms and...
Apps are the strategy upon which business has staked its digital survival, and F5 Labs research shows they will remain under siege in 2018. This year, let’s resolve to be vigilant in their protection, no matter whether they lie over hill in the...
As December brings 2017 to a close, it also marks an opportunity to be retrospective and look back on the year that was. This past month, we’ve been highlighting some of our blog posts, security research, reports, F5 Labs threat intelligence, and...
Lori MacVittie decided to put down in digital ink what the data and technology cycle is showing will be pretty much a given in 2018.
Peter Silva looks into the crystal balls of IT industry pundits and compiles a list of annual predictions for the coming year.
F5's Chad Whalen reflects on the significant advancements F5 has made with AWS following an amazing week at AWS re:Invent.
The BIG-IP Virtual Edition showcased its ability to ensure performance, availability, and security for business-critical applications hosted within the AWS cloud.
Whether we like it or not, HTTP is the de facto application transport protocol of the modern age. We use it everywhere. It’s as ubiquitous as IP and TCP, and serves much the same purpose. Its only goal is to transport the digital gold of today’s...
This year we hosted a series of Cloud focused events in the region and were fortunate to be able to connect with a number of customers. In this blog, I would like to summarize where those customers are, in terms of their Cloud shift, and wrap up...
Back in 1983, a group of like-minded folks in the computer and telecom industries got together to create a detailed specification they called the Open Systems Interconnection (OSI).
When considering vulnerabilities, remember application security is a stack. You may have heard me say this before, but sometimes we need a reminder that modern applications are never deployed alone.
The data path contains multiple insertion points at which a WAF can be deployed. But that doesn’t mean every insertion point is a good idea.
Okay, NetOps. As you’re getting all automated up and scripting your hearts out, it’s time for a gentle reminder about security. I’m not talking about firewalls and WAF or other security services you may be responsible for.
For most enterprises, the concept of cloud is well in the process of crossing the “chasm” from early adoption to early majority.
Learning online is big. Especially for those who self-identify as a developer. If you take a peek at Stack Overflow’s annual developer survey...
We are, I think it’s safe to say, universally delighted by technology. The mundane is transformed into the magical by the mere introduction of technology. The novelty wears off after a time, of course, but by then there’s some other task that has...
It has been said – and not just by me – that encrypted malicious code is still malicious code. The encryption does nothing to change that...
Along with their just-opened San Jose data center, Equinix leverages F5 BIG-IP for application services to support multi-cloud interconnection.
content="The Ansible community requires everyone to be nice to each other, to be empathetic and to be kind. This is best evidenced by the Ansible Code of Conduct for events. One excerpt: “Ansible is dedicated to providing a harassment-free conference..."
Over the past year, F5 and Ansible have been working hard to bring network automation solutions to our customers.
In successive releases, Ansible has introduced more and more network automation functionality, including persistent connections,...
Don’t let anyone tell you hardware doesn’t matter. Hardware is everywhere. In every mobile phone. Every Fitbit and techno-gadget we own. In our cars. In our laptops and tablets. Increasingly, it’s in our appliances. In our watches. And apparently,...
To untangle the complexity inherent in IT automation today, we need to find a better way to construct the workflows that represent the processes used to deploy, manage, and configure IT infrastructure.
It’s no secret that security is the leading concern for the majority of public cloud users, but for some organizations and government agencies, it is even more paramount. For these groups, highly stringent regulatory and compliance requirements...
IT has to embrace standardization of the code that makes IT go or risk creating systems that syphon off the financial and efficacy benefits of IT automation. I spent nearly a decade developing software. Embedded software. Web software....
F5's David Holmes looks back at the recently concluded DC25 and ponders future attendance.
In January of 2017, the very popular MongoDB suffered what seems to be becoming a fairly predictable tactic for attackers: taking data hostage. Subsequent investigation noted that for the most part, attackers had exploited … nothing.
Much is made of the archetypical relationship between DevOps and NetOps. We are constantly barraged with a litany of “us versus them” rhetoric that pits the one against the other...
F5's principal threat research evangelist puts on his reporter hat to bring you some insights from one of the oldest hacker conferences there is.
There are two sides to every coin, so the old adage goes. It goes without saying that both sides of the coin are the same color even if they bear different images. So we discovered when we dove into the middle of DevOps and NetOps. W...
While apps represent opportunities to improve productivity and increase profits, poor performance and annoyed users bring these gains to a halt.
The slow but steady migration to cloud-based environments has had an impact on many aspects of IT. One we rarely make mention of is administration. But we should.
F5's APAC team explores a number of security-themed statistics around IT viewpoints, challenges, and opportunities.
SVP Calvin Rowland breaks down what it means for organizations to deploy multi-cloud solutions, touching on DevOps topics as well.
Developers are having a greater impact on how applications are architected, and in many cases, making unilateral choices that are in effect making business decisions for the company. While nearly two-thirds of enterprise IT managers believe they should be the deciding vote in selecting a public cloud service, moving apps to the cloud, or creating a private cloud, business units disagree about 40 percent of the time. CIOs need to manage this.
Organizations use CAPTCHA to prevent automated attacks like credential stuffing. Learn how cybercriminals bypass it and how to mitigate the risk.
Digital transformation is the application of new technologies to build new business models or processes by leveraging the convergence of people, business, and things.
F5's APAC team presents a stylized guide with tips on protecting yourself from cyber criminals and specific attacks.
Nearly one in five of report respondents have security titles. F5's David Holmes takes a closer look at what's important to them.