ENSURE APPLICATION AVAILABILITY AND INTEGRITY WITH F5 BIG-IP APPLICATION SECURITY MANAGER AND IBM SECURITY APPSCAN Ron Carovano, Manager, Business Development, F5 Networks Diana Kelley, Application Security Strategist, IBM Security Systems Shauntinez Jakab, Product Marketing Manager II, F5 Networks Darren Conway, Business Development Manager, F5 Networks
45
Embed
ENSURE APPLICATION AVAILABILITY AND INTEGRITY WITH F5 BIG-IP APPLICATION SECURITY MANAGER AND IBM SECURITY APPSCAN Ron Carovano, Manager, Business Development,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ENSURE APPLICATION AVAILABILITY AND INTEGRITY WITH F5 BIG-IP APPLICATION SECURITY MANAGERAND IBM SECURITY APPSCAN
Ron Carovano, Manager, Business Development, F5 Networks
Diana Kelley, Application Security Strategist, IBM Security Systems
Shauntinez Jakab, Product Marketing Manager II, F5 Networks
Darren Conway, Business Development Manager, F5 Networks
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from F5 Networks.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
Magic Quadrant for Application Security TestingNeil MacDonald, Joseph Feiman July 2, 2013
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The link to the Gartner report is available upon request from IBM.
Gartner has recognized IBM as a leader in the Magic Quadrant for Application Security Testing (AST)
“The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market.”
40 out-of-the-box compliance reportsExtensive Reporting capabilities Covering: PCI DSS, HIPAA, EU Data Protection
Directive, ISO 27001, OWASP Top Ten 2013 and more
What is Privacy? Personally identifiable information (PII) Ensuring secure collection and storage of PII Informing people how their PII is used
AppScan Enterprise provides information about: What kind of PII your web site collects How the PII is collected (forms, cookies, etc.) If the PII is collected in a secure manner If the PII is shared with 3rd parties If the user is provided with a privacy statement
Compliance Health Insurance Portability and Accountability Act (HIPAA) Children Online Privacy Protection Act (COPPA) US "Safe Harbor" Rules (EU Harmonization)
Attack expert system makes responding to vulnerabilities faster and easier: Violations are represented graphically, with a tooltip to explain the violation. The entire HTTP payload of each event is logged.
Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions.
F5
mit
iga
tio
n t
ec
hn
olo
gie
s
Application (7)Presentation (6)Session (5)Transport (4)Network (3)Data Link (2)Physical (1)
This provided the enablement their network security team needed to move forward with a mitigation strategy without having to rely entirely on the applications teams to configure ASM suitably”
When we told them that ASM can leverage the data obtained from IBM Appscan to build the ASM security policies to mitigate the vulnerabilities in play, they were palpably relieved
Of course we can, but one of the major challenges for their network security team, not being savvy with the applications themselves, is how to configure ASM to mitigate these vulnerabilities
They turned to F5, inquiring if our ASM product could potentially help mitigate these vulnerabilities
With a slow and sometimes challenging SDLC, mitigation has proven to be an ongoing challenge
They are an IBM Appscan customer and Appscan has given their network security team visibility into these vulnerabilities
“A branch of the Canadian Government has an array of web applications, some public, some private, that suffer from various vulnerabilities
• Solution White Paper: Vulnerability Assessment with Application Securityhttp://www.f5.com/pdf/white-papers/vulnerability-assessment-asm-wp.pdf
• Solution Technical Manual: Using Vulnerability Assessment Tools for a Security Policyhttp://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-3-0/4.html
• Solution Video Overviewhttps://devcentral.f5.com/articles/appscan-redux#.Ul2nCFAgfAk
• IBM Security AppScanhttp://www-03.ibm.com/software/products/us/en/appscan