The new attack vectors

Typical of attacks at this level were those launched on a number of major companies including credit card and finance companies as a revenge against these companies’ opposition to Wikileaks.

Some of these attacks used a tool called Slow Loris (after a sloth-like animal) and worked by starting up millions of dummy application sessions, making it impossible for genuine users to get through. This is a particularly hard-to-stop variant of a distributed denial of service (DDOS) attack, says Triebes.

A firewall working at the network level cannot detect the difference between a genuine attempt to access the application and a malicious dummy, says Triebes, who is visting NZ as part of an Australasian tour.

As part of its mission to improve the efficiency and agility of business networks, F5 makes it its business to identify network traffic at the session level, so as to spread the load for maximum efficiency – a discipline known as application delivery networking.

As an outgrowth of this capability F5’s specialist hardware and software can track sessions that aren’t really doing anything and may be malicious, and terminate them, leaving the way clear for genuine traffic, says Triebes.

The F5 hardware and software can also inherently manage very high concurrency in application access, he says.

“Most of the DDOS attacks we’ve seen in the past were very much focused on the network; they’d do things like flooding SYN packets. What really changes here is they started attacking applications quite directly.

“These attacks have been around for a long time, but the awareness level of the world when they saw the impact these were having [in the Wikileaks case] was amazing, because customers saw that traditional network-level firewalls weren’t able to cope and deal with the attack.”

F5’s products are also front-and-centre when it comes to dealing with the challenge of genuine access to applications from an increasing range of devices such as smartphones, many of them “bring-your-own” devices owned by employees partly for private purposes and therefore potentially vulnerable from a security point of view.

In 2010 F5 acquired uRoam, a company specialising in SSL virtual-private-network connectivity. The uRoam software “could identify what the client was, the type of operating system it was running, what antivirus software they had; basically to meet corporate compliance matters. Based on that, it could apply different types of permission to that user.

“Suppose a user wanted to read his email but could only do it from a kiosk at an airport. He could log in and could only see certain things and we could have a sandbox at the session level, which we could guarantee would be erased [afterwards]. He wouldn’t have to worry about leaving data on that computer.

“We took that technology and integrated it with our core products, We effectively do the same type of things with mobile devices as well; we have a client running in iOS, one in Windows Mobile one for Android; we cover the gamut of mobile devices as well as traditional devices. The benefit is now, with the age of BYOD, IT administrators can now set permissions for devices they weren’t [previously] able to manage.

“It allows you to establish a secure connection from a device that would otherwise be [unsafe] and there’s obviously the advantage that it increases productivity.”