New security threats and the importance of application-aware context

By Nick Bowman, F5.

  • Monday, 21st October 2013 Posted 11 years ago in by Phil Alsop

You’re probably getting tired of hearing experts bang on about ever-evolving security threats and the need for the security industry to keep up with them. But there is a reason we bang on about them: we need to.
Let’s look at some of the big stories dominating the security world recently:
• Someone with “insider knowledge” of Vodafone Germany’s IT system hacks a database and steals names, addresses, dates of birth and limited banking details of around 2 million customers
• The on-going revelations about the NSA from whistleblower Edward Snowden
• Rising numbers of attacks against mobile devices running Android
• Continuing DDoS attacks against major websites across the world
The point here is that attacks are coming from all angles and are being targeted at a wide range of vulnerabilities. Some, such as the Vodafone and Edward Snowden cases, aren’t vulnerabilities in the infrastructure but are the result of a person doing something they shouldn’t by accessing a part of the company’s systems that they shouldn’t have been able to.
One of the keys to surviving new and emerging threats is to keep your business-critical applications and networks secure. By providing policy-based, context-aware access to users businesses can ensure that they only give the right access to the right people and that at all times they have valuable insight into who is on their network and what they are doing.
Something like the BIG-IP Access Policy Manager (APM) can consolidate remote access, web access management, virtual desktop infrastructure (VDI) and more into a single policy control point. This means a business will know who is on their network and what they are doing, and be confident that they are not accessing anything they shouldn’t.
Having an access policy that is geared towards protecting your critical infrastructure is vital, but it is truly effective if that policy can be repeated across the many servers and applications that businesses run these days.
It’s also vital to know which sort of devices are attempted to access your network, and where they are located. BIG-IP APM can do this, which helps build up what we call access profiles. This gives the business a view of the essential information: who, what, where and when.
Just think about the number of different devices used to connect to a network and the huge number of different applications and servers workers need to connect up to in order to do their jobs. A business needs to be fully aware of what’s going on; a business that has such a wide view and in-depth knowledge of what’s happening on its network and who is doing it, is a more secure business.