Rafael Venancio, F5 Networks channel and alliances manager, talks about its new software-defined application services, and about why it's good that the future of IT is "complicated, confusing, and riddled with security threats."
Q: Rafael, F5 Networks recently launched a range of software-defined application services aimed at helping data centers protect themselves against distributed denial of service, zero-day, and application-level assaults. Give me an idea about how these SDAS solutions are different from competing products.
Rafael Venancio: First of all, our idea of SDAS is to support and help our customers to pay for the applications services by demand. If a customer requires a WAF service only during the Black Friday day, we'll be able to provide that and charge it accordingly without the need to build up a full data center structure to support it. Besides that, F5 Networks has a more powerful DDOS and zero-day solution now because we're able to direct or re-direct the malicious traffic from the customer data center to the cloud and manage it accordingly. It gives the customers some benefits such as "clean the pipe" as the link won't be full with malicious traffic and the real users will be able to continue to access the applications. F5 will be able to handle these attacks in the cloud and away from the customer's servers and applications.
Q: Your CEO, John McAdams, has been quoted as saying that the future of IT is "complicated, confusing, and riddled with security threats - and that's a good thing." What did he mean by that?
Venancio: F5 Networks solutions are known as the best-of-breed solutions and, for us, the more complicated, confusing, and complex the customer environment, the better! It might sound strange, but it's good in different ways because we'll be the unique vendor or one of the few vendors that will be able to handle this scenario and solve the customer's problems. We have different solutions in our portfolio to address the different needs and issues of our customers. There's no other single vendor with these many security solutions that can run in only one appliance or hardware. F5 solutions are located on a strategic point of control inside the data center to ensure that we'll help to make it safer, simple, and reliable.
Q: You've been expanding your efforts to invest in the channel, announcing several new sales and technical sales accreditation programs. What are the benefits of that strategy and who benefits from it?
Venancio: We believe in offering F5 Networks customers the best of breed in services and solutions. In order to do so, it is mandatory to enable our partners on our solutions and to continuously improve their technical and sales skills. F5 Networks is committed to guaranteeing the enterprise application world quality service. This is an ambitious goal and demands excellence in internal process at F5 Networks and at our partners as well. F5 Networks sales accreditation programs help the partner sales team have a perfect understanding of every customer's needs, to have a deep knowledge of the F5 Networks portfolio, and to be able to build the best cost-effective solution according to each case. F5 Networks technical accreditation programs -- like the F5 Security Technical Accreditation -- help F5 Networks partner technical executives to have a comprehensive view of the customer technical demand and, based on that, to be able to build the perfect answer/project for this specific case. It is important to stress that F5 Networks solutions can be installed on premise or can be offered in the format of services. The flexibility of our offerings is matched by the flexibility of our partners' service offerings and, at the end of the day, helps our customer to achieve all of their business and technical goals.
Q: F5 is a "Target Sponsor" of IT FORUM/BLACK HAT BRAZIL. Why is this particular conference such an important part of your marketing program?
Venancio: Black Hat events attract all levels of people - from technical people to C-level executives. The event has different kinds of tracking and experiences for every kind of target audiences, which is key for F5 Networks' marketing strategy. From comprehensive keynote speeches to hands-on technical sections, we hope no one who visits a Black Hat event will leave with the same level of knowledge they had when they arrived. F5 Networks decided to take part in this event to take the corporate message to reach all professional levels. At the C level, our goal is to strengthen our brand recognition and the kind of business results that our security solutions provide to worldwide enterprises. At the technical level, we aim to remind those professionals knowledge of the excellence of our technology and how to build complex projects adding F5 and other vendors' security solutions in a smooth way. It's also important for us to deliver our security message the same way across the globe and, for that reason, Black Hat is a great opportunity for F5 Networks.
Wolfgang Kandek, CTO at Qualys, Inc., discusses the key to finding - and preventing -- Backoff infections, and the challenges of remaining secure when it comes to the Internet of Things.
Q: Wolfgang, your CISO, Jonathan Trull, blogged about Backoff malware and how it's impacted as many as 1,000 U.S. businesses. What is the key to finding Backoff infections and, more importantly, to preventing them?
Wolfgang Kandek: Detection of malware is very challenging as cybercriminals have developed technology to mutate their malware to escape detection by the typical tools in use. The Backoff malware in use at Home Depot was different from the Backoff malware at Target; they merely belong to the same family. Organizations are better off to first invest in prevention -- upgrading to the latest patch level of applications and operating system, and running the latest version of the operating system family as they tend to have more built-in protections. In addition, configuring the computer systems for maximum resilience is important -- minimize running software and services, disable unnecessary capabilities such as Javascript in browsers and PDF readers, and installing additional security software such as EMET from Microsoft that serves as a watchdog for non-standard behavior that often is part of a cyber attack.
Q: I know you've spoken out on security and the Internet of Things - and the challenge it poses to organizations. What are your best recommendations to enterprises in order to stay secure?
Kandek: Internet of Things (IoT) is a technology wave that will bring similar challenges to IT as the whole mobile movement. We did not react well to mobile, often trying to simply ignore it or trying to forbid its use. In IoT, we need to avoid this type of reaction; we need to be in front of the technology. We need to acquire the devices that are coming out and gain an understanding of how they work, how they update, their attack surfaces, and the protocols they use to communicate. This will give us a chance to get a handle on the devices and their capabilities, and a basis to use them productively within the organization.
Q: Recently we saw the dark side of storing data on the cloud when attackers released photos stolen from iCloud accounts. I know Jonathan Trull has some recommendations for minimizing cloud vulnerabilities. Care to share a few?
Kandek: In general, mature SaaS providers bring an increased amount of security to organizations. The tools available and the centralized management capabilities translate to all but the most advanced enterprises to better control and secure their infrastructure. The recent photo leaks call attention to the need to improve authentication. Username and password can be adequate if used responsibly, meaning long passwords with more than 12 characters and non-dictionary words, but for many users that is too complicated. Use two-factor authentication (2FA) wherever necessary and possible, certainly in services that store your personal data. If 2FA is not available, you should opt for a long password and use a password manager to help you with the management.
Q: Qualys is an "Advance Sponsor" of IT FORUM/BLACK HAT BRAZIL � and is, in fact, a "sustaining partner" of all of the Black Hat conferences. Although Qualys doesn't have a Brazil office, apparently this particular regional conference is important to you. Why is that?
Kandek: Brazil has been a success story for Qualys and we've seen growing demand across all industry areas. We believe that this strong growth has to do with the general economic situation in Brazil plus the advanced, world-class use of computer technology in many areas, such as banking, insurance, and communications.
Richard Fortes, territory sales manager (Brazil) at WatchGuard Technologies, highlights the key network security takeaways from the Target breach, and why IT Forum/Black Hat Brazil is an important part of WatchGuard's marketing strategy.
Q: Richard, according to a 2014 Verizon Report, there's a strong correlation between a badly configured firewall and the likelihood of a security breach. Which is why, you say, you've added Policy Map, an interactive policy mapping capability for Unified Threat Management and Next-Generation Firewall appliances. Tell me how that solution solves the security breach problem.
Richard Fortes: We understand that data security should matter to the entire organization and a misconfiguration of security policies could impact companywide -- in some cases, leave companies to the point that cannot recover from data breach. Another point is "Visibility" which is the reason why we added Dimension Policy Map to our Unified Threat Management and Next-Generation Firewall appliances.
Policy Map is an interactive tool that enables policy audit, provides visual analysis of traffic flows through our Fireware XTM devices, and establishes visual baseline to quickly identify unusual network activities.
As a solution, Policy Map provides the functionalities to visualize:
Policy Map is definitely a tool that will help admins have more visibility of their security policies, and solve misconfigurations and security breach problem. Policy Map is part of WatchGuard Dimension which is free for all WatchGuard customers.
Q: You were recently recognized as a leader in Gartner's Magic Quadrant for Unified Threat Management for the fifth year in a row. Pretty impressive. What do you think WatchGuard did to earn that distinction?
Fortes: There are a series of factors. Network security is a very dynamic evolving sector that requires a best-in-class product line that delivers a stable and mature while cost-effective platform. WatchGuard has provided to our customers and partners best-of-breed security modules integrated into a single appliance and very cost-effective platform. In addition, we understand the security requirements for business's continuity and this is a reason we keep delivering a strong security platform full of features, visibility, manageability, and reporting that covers our customers' needs.
We are proud to be recognized by Gartner as an industry leader among our peers for the last five years. This recognition also belongs to:
Q: Corey Nachreiner, your director of security strategy and research, blogged that there are six key network security takeaways for retailers and businesses from the Target breach. What are one or two of the main ones?
Fortes: Even though each one is important, I would like to highlight these:
Q: WatchGuard will be an exhibitor at IT FORUM/BLACK HAT BRAZIL. Why have you made that conference an important part of your marketing strategy?
Fortes: Network security is a growing concern around the world. Brazil, as a leader of Latin America and its customers are facing many challenges in protecting their network and data integrity. IT Forum/Black Hat Brazil is the perfect platform to showcase WatchGuard products and solutions. Brazil's leading companies' experts and IT professionals will unite, discuss, evaluate, and find real solutions to combating threats to their networks. WatchGuard is very proud to participate in such a prestigious event.