Security attitudes lag behind attacks: F5's Kurt Hansen

Attacks on corporate networks are becming more sophisticated, but defences are not.

Attackers and attacks are changing, but attitudes to defence are not, according to Kurt Hansen, managing director of F5 Networks in Australia and New Zealand.

The company has jumped into the new year with a number of new product launches, and as collateral for its approach, it conducted a survey of 300 CIOs across six APAC countries (including Australia) covering subjects like application availability and response, and security.

The study, conducted by Frost & Sullivan, found a persistent belief that more bandwidth is the solution to all network problems. However, Hansen was more concerned at the "false sense of security" that still prevails among CIOs.

"Attackers are moving up the stack", he said - rather than breaking the infrastructure, as was once common, the expansion of botnets and the prevalance of criminals now focus on attacking applications with the aim of stealing user data.

In spite of this, he said, "75% of the security dollar is still spent on network security", the firewall at the front door, while Web applications still depend on simpler approaches (all the way down to user ID and password).

F5's pitch is in the form of new policy management capabilities for its flagship BIG-IP platform. For access to the data centre, F5 says it can provide a single point of control for access to all Web application servers behind it - amounting to a single sign-on solution that exists separately from discrete applications. Hansen added that the access policy manager can integrate with a wide variety of authentication environments, including token-based systems, Active Directory, Radius servers and others.

"Customers get lower cost compared to coding this kind of access and identity management into each application," he said.

Access management is further supported in the BIG-IP Edge Gateway system, which integrates access management, policy creation, authentication and endpoint inspection into a single environment, along with SSL encryption shipping as a standard inclusion in the platform (customers expand the SSL capacity by adding licenses; new modules are not required).

BIG-IP is also to get new ADC (application delivery controller) capabilities aimed at data centre needs such as lower infrastructure costs and simplified access management. The second release is a BIP-IP Edge Gateway, which puts SSL VPN access, dynamic access, optimisation control, and application acceleration for remote users onto a single platform. Its management solutions, the Engerprise Manager 2.0 software system and Enterprise Manager 4000 hardware platform, round out the launch.

A key feature of the new BIG-IP release are an access policy manager which, among other capabilities, adds IP address-based geolocation. This targets organisations with distributed data centres, allowing them to serve applications from the data centre closest to the end user.

The company has also introduced a new WAN Optimization Module for BIG-IP designed for replication between data centres, supporting transfer speeds of up to 1 Gbps.



Read more on Network security management