In this post: Learn how FireEye and F5 can be proactive security measures for your organization.
Layering your physical and virtual security technologies is a critical science.
With today’s threat landscapes, you should be seeing an increasing need for multi-faceted security measures. But, even if you purchase the best defenses money can buy, you are not always guaranteed that each product suite will complement the other. That’s why it is essential that you do your due diligence and research compatibility to ensure seamless integration of security technologies.
For example, SSL traffic increases with every day that passes, leaving you blind to over 70% of your incoming traffic. To mitigate this lack of visibility, you decided to leverage the power of F5 Herculon hardware with SSL Orchestrator—an SSL traffic orchestration, encryption, and decryption platform. But, before that traffic is decrypted and directed to your servers, you need to establish an inline technology to detect and alert you to threats that could be cloaked within that encrypted traffic flow. And most importantly, you need the ability to block these types of threats inline while working cohesively with your F5 BIG-IP product line.
In short, you need to find a way to integrate your application delivery and decryption technologies with an advanced threat management platform.
FireEye: Dynamic Threat Intelligence
The detection and prevention pairing you’re looking for is found within FireEye technologies.
FireEye is a full ecosystem security operations platform that detects and alerts users to threats and blocks them before malware has a chance to take root. FireEye offers hardware solutions (FireEye Helix) and software services (VMs within hybrid and public cloud) that provide:
- File and system process checking
- Network traffic monitoring
- Analytics engines
- Incident response
- Troubleshooting tools
Here’s how to configure FireEye to become the perfect complement to the power of your F5 orchestration and decryption technologies.
The F5 Complement
After F5 Herculon hardware can perform high-speed decryption work on the front end using the SSL Orchestrator (SSLO) module, FireEye becomes the next step in your inline security service chain. F5 SSLO module proxies the SSL traffic from your F5 security applications to the FireEye device(s). The traffic is routed to any of FireEye’s detection and logging engines. Alerts and threat intelligence data is then sent to FireEye’s Dynamic Threat Intelligence (DTI) cloud. There, it can be scanned against FireEye’s threat database and security alert log for known and unknown threats. If a threat is detected at any point in this process, it is immediately quarantined or blocked. The DTI cloud updates its threat intelligence database and allows the remaining scanned (and threat-free) streams of traffic to continue to your servers. All of which is easily accomplished at wire-speed with the intense SSL processing power of F5 Herculon coupled with the F5 SSL Orchestration module.
You don’t need to sacrifice speed for security when you integrate FireEye with your existing Herculon hardware. For a full deep dive on configuration, see this recommended practices guide.
It’s All About Speed
What makes FireEye unique (and so highly effective) is the fact that it updates its DTI cloud every five minutes with Heuristic-based threat intelligence, Industry-leading Threat-Hunting intelligence, FireEye device threat intelligence alerts from other deployments across the world as well as threat remediation intelligence from Mandiant’s Incident Response efforts.
For instance, when a unit in Barcelona detects and thwarts a malicious strain of ransomware, that same detection and remediation data is immediately disseminated to every other FireEye device in operation. This real-time, global reporting system reduces false positives and is especially effective against zero-day web exploits, binaries, and multi-protocol callbacks.
These global metrics and analytics are only part of the security intelligence that is available from FireEye. We spoke earlier about the other intelligence sources. FireEye customers also benefit from the unprecedented knowledge base and security resources offered through corresponding services, iSIGHT, and Mandiant:
- iSIGHT – real-time, scalable, customizable, and proactive threat hunting and diagnostic services
- Mandiant – full-time access to compromise assessment and attack remediation experts
FireEye is always on, its technology platforms are constantly updated, and its engineering workforce is permanently established on the bleeding edge of defensive and proactive security protocols.
Why Integrate FireEye and F5?
When you pair the FireEye detection suite with your F5 orchestration platform, your environments will ultimately benefit from:
- Comprehensive SSL Visibility – The URL filtering and SSL orchestration of F5 Herculon appliance in congruence with the FireEye DTI cloud detection capabilities delivers enhanced visibility to potential threats traversing the network.
- Increased Performance, Scale, and Availability for High-Traffic Environments – Companies with heavy traffic loads can optimize their FireEye deployment through the health monitoring, load-balancing, and SSL offload capabilities of the F5 Herculon platform. Using the F5 to decrypt the traffic enables FireEye to scale and protect in even the most demanding application environments.
- Alert Fatigue Protection – With FireEye, you can be alerted to actual attacks and incidents instead of every single attempt that was thwarted or not. When you see a log alert in FireEye’s protection systems, you can be assured that it was an attack that you need to investigate and be made aware of. This approach is different than most other protection product suites and helps keep the information you view as the most relevant data that is important to you and your business.
- Enhanced Security Architecture – F5’s SSL Orchestrator’s SSL inspection and filtering capabilities, in congruence with FireEye integration, provides a more robust security foundation for growing companies. Because F5 and FireEye are both platforms that can be built upon, their capabilities and benefits can be automatically extended to other offerings within your environment (e.g. F5’s WAF, APM and ASM, and FireEye’s mail, cloud-based services, and intrusion prevention systems).
Through combining the SSL Offloading speed and flexibility of F5’s SSL Orchestrator on Herculon hardware with the real-time threat detection and remediation of FireEye services, you are guaranteed an extremely powerful and robust SSL processing solution that is always informed against all types of cyberattacks.
The Need for Security Reform
At ADAPTURE, we believe that the industry’s current defensive approach to security isn’t strong enough—we need to be more proactive if we are going to stay ahead of the onslaught of cyberattacks and breach attempts. However, by incorporating iSIGHT and Mandiant IR Services, the combined effectiveness of F5 and FireEye is the strongest combination we’ve seen yet.
The combination allows you to maintain speed, visibility, and security simultaneously.
