F5 looks to squelch ‘ball of fire’ that is application security | Network World

F5 is enhancing its tools for enterprise customers that are struggling to combat rising security threats against on-premise and cloud-based applications.

The vendor announced web application scanning for its core Distributed Cloud Services, new firewalls for its BIG-IP intelligent traffic management and load balancing service, and NGINX App Protect for open source deployments. F5’s Distributed Cloud Service is a SaaS-based platform that enables application management, infrastructure management, and security services across customers’ public cloud, private cloud and edge sites.

The new capabilities are designed to help enterprise customers protect widely distributed and increasingly complex application resources – a job that faces growing pressure, according to F5 executives.

“The current state of application security and delivery for large enterprises has IT teams in crisis,” said F5 president and CEO Francois Locoh-Donou during the company’s second-quarter earnings call this week. “The increasing complexity and the associated cost and risk they are battling is not incremental. It is untenable, and it is growing even more so by the day.”

“Manual tasks, inconsistent security controls, operational silos, lack of available talent, escalating cloud costs, and inefficient traffic routing are slowing them down,” Locoh-Donou continued. “We have affectionately named this set of escalating challenges, the ‘ball of fire.’”

On average, organizations are operating across 4.5 different types of environments, which adds to the challenges, Locoh-Donou said.

“Most organizations have hundreds of applications, each with a set of associated APIs distributed across these multiple environments,” Locoh-Donou said. “And because modern applications have decomposed monolithic applications into smaller components, those components are more fragmented and distributed. As a result, APIs and data also are more distributed. The result of this expansion and distribution is amplified security risks across a larger attack surface area.”

These challenges will be further intensified by the inevitable widespread adoption and proliferation of AI, Locoh-Donou said.

As for its new enhancements, F5 said it has integrated web scanning technology it recently acquired with Heyhack into its Distributed Cloud Services. Customers can now access automated security reconnaissance and penetration testing capabilities to look for and discover web application vulnerabilities across multicloud environments.

F5 said in the future it will deepen this integration to deliver more adaptable app and API security through automated vulnerability discovery, threat identification, and remediation.

On the vendor’s BIG-IP side, it rolled out a new container-based Web Application Firewall (BIG-IP WAF) that has the ability to receive and deploy upgrades more frequently. If customers can apply updates faster, it will enable them to stay ahead of the skyrocketing number and growing intricacy of exploits and threats, F5 stated.

F5’s WAF includes policy development, creation, and migration that can be distributed across its WAF offerings. Customers with dispersed, hybrid application estates can manage an application security policy in one place—no matter where their applications and WAF deployments reside, F5 stated.

The company also unveiled a new version of F5 NGINX App Protect WAF. According to F5 the NGINX WAF now features a smaller footprint and separates the control and data planes, which significantly reducing the attack surfaces. The package can reduce the cost of breaches by 80% because its declarative policies can be implemented directly into security-as-code packages, F5 stated. Version 5.0 of NGINX App Protect WAF supports both NGINX OSS and NGINX Plus and can be fully integrated into software development CI/CD frameworks, F5 stated.

The new developments are just the latest for F5. Earlier this year F5 reinforced its Distributed Cloud Service platform with a new API discovery and protection service that’s aimed at giving customers a simple way to discover API endpoints, monitor traffic for vulnerabilities, provide testing, and protect applications.

Michael Cooney is a Senior Editor with Network World who has written about the IT world for more than 25 years. He can be reached at michael_cooney@foundryco.com.