90 Seconds of Security: Phishing Trends for 2019

Phishing has become the number one attack vector for good reason - it requires a low amount of effort for a very high reward. 

F5 Labs (f5labs.com) released their 2019 Phishing and Fraud Report showing that there's no slowing down in the amount or number of phishing attacks. In fact, we expect phishing to occur year-round, not just around the holidays. Download the full report at: https://www.f5.com/labs/articles/threat-intelligence/2019-phishing-and-fraud-report

90 Seconds of Security: Breach Trends for 2019

F5 Labs Threat Intelligence team (f5labs.com) recently published their 2nd annual Application Protection Report and we take a look at some of the highlights. We cover PHP vulnerabilities, Formjacking, magecart attacks, and the relationship between breach causes and industry sectors. Get your copy at F5Labs.com

 

F5 Cloud Services Early Access Program

F5's Cloud Services Team is excited to share an opportunity for customers test two new technologies! Essential App Protect is an instant, out-of-the-box protection from common web exploits, malicious IPs and coordinated attack types. Bot Protect is a bot management SaaS solution that identifies bots’ intent and prevents attacks, while maintaining access for the good bots that help your business.

Visit: https://www.f5.com/preview to help shape our roadmap and influence feature development!

90 Seconds of Security: Malware Primer

My latest 90 Seconds covers the different types of #malware, how infections happen and what to do if you get infected. Slightly extended edition courtesy of #F5's Security Incident Response Team. https://f5.com/sirt




ps

90 Seconds of Security: vBulletin Zero-Day RCE Vulnerability

Learn about the vBulletin RCE zero-day exploit and how a 18-line python script and simple HTTP POST request to a vulnerable host allows full control of the popular web forum software.

F5's State of Application Services Survey

Since 2015, F5 has been surveying the tech industry to learn the key issues surrounding application deployment and delivery. Again for 2020, we’d love to understand your company’s current application architectures to help shape F5’s application services strategy. We will be taking responses until Oct 10, 2019.

If you are interested in taking the survey, please continue to this link:
https://f5.co1.qualtrics.com/jfe/form/SV_0JJY1SQZyiufT7v?URL_SOURCE=F5DevCentral

90 Seconds of Security: F5 SIRTs Top Tip for Keeping Your BIG-IP and Your Network Secure

Learn why locking down the Management Port is F5 SIRT’s Top Tip for keeping your BIG-IP and your network secure from intruders. From their SecOpsCave deep within F5 headquarters, the F5 SIRT (f5.com/sirt) monitors all kinds of attacks and shares the bad things that can happen, like a DDoS attack, if BIG-IP is not secure.

For more information about SIRT’s specialized service please visit: https://www.f5.com/sirt

90 Seconds of Security: F5 SIRT's Top Threat for Summer 2019

Find out what threats topped F5 Security Incident Response Team's (SIRT) emergency response list for Summer 2019. F5 SIRT sees all sorts of attacks against F5 devices and the services they protect. 

For more information about this specialized service visit: https://www.f5.com/sirt

90 Seconds of Security: F5 Security at Black Hat USA 2019

Learn about RedTunnel, how to explore internal networks via the DNS rebinding tunnel, and how we used the new SODA (Simulation of DDoS Attacks) tool to defend against rapidly morphing DDoS attacks. You can also download the sessions the F5 Security team delivered at #BHUSA by going to f5.com/blackhat.

Bot Management with F5'S Advanced WAF

Automated attacks are a huge threat to organizations. Half of internet traffic are bots and 30% of those are sending malicious payloads. Learn how F5's Adv. WAF helps protect your applications from automated attacks, optimizes your business intelligence and improves performance, availability, and infrastructure costs. Visit f5.com/bots to learn more.

90 Seconds of Security: Security Stories for July 2019

A 90 second recap of some of the recent security stories for July 2019. The F5 SIRT (f5.com/sirt) shares some of the security incidents that caught their attention in July. In this episode we cover recent GDPR enforcements, yet another Magecart attack on S3 buckets and Overwhelmed IT personnel.

90 Seconds of Security: Security Incidents for June 2019

A 90 second recap of some of the recent security incidents for June 2019. The F5 SIRT shares some of the security incidents that caught their attention in June. In this episode we cover the recent Mozilla vulnerability, the GandCrab decryptor and Linux Exim issue.

Grateful for 15 with F5

Today marks 15 years with F5. That’s 28.8% of my life and 50% of my professional career! And no, this is not a ‘thank you, goodbye’ note. In fact, the opposite.

As I write this, so many memories come to mind. Now, I could brag about the almost 500 F5 videos I’ve produced or the almost 1000 various articles and blog posts I’ve written over the years or the lost count of presentations, trade shows and other ‘speaker’ type engagements. And now that that’s out of the way, I’d really like to thank and recognize the many people who’ve helped me along this journey.

You can’t last anywhere for 15 years unless you’ve had help, direction, encouragement and support.

June 20, 2004, I flew from Honolulu to San Jose to secure an apartment and the following morning June 21, 2004, I flew to Seattle for my first day at F5. Officially, I was employee 651.

What you might not know is I interviewed for the first F5 BizDev SE position in February 2004. I didn’t get the job but apparently impressed some folks since I brought chocolate covered macadamias from the Islands. And, dressed in a suit. One of the less than 50 times that’s happened in my life. I kept in contact with HR (Rich James, if I remember correctly) and a couple months later, another opportunity opened. Initially it was to be the West Coast SE based in San Jose but during the interview process, John Bigelow called and said, ‘we’re starting a new security group, and you’ll be interviewing with me.’ Cool with me.

I had my technical interview with Ken Salchow. He was at Interop at the time and when he called, he told me that he had some challenges with some people at my previous company (Exodus) and hoped I wasn’t like them. He gave me the full ENE tech-out and while I did my best, there were certainly questions I didn’t know at the time like, what’s more secure – SSL or IPSEC. And I said so. I guess the honestly and follow up (sent all my missing answers in a thank you email) won him over. After emailing him, he told me that he told Bigelow that as much as he hated to do it, not hiring me would likely be the biggest hiring mistake he’d ever make. Ken is the Godfather of our daughter if you want to know how that relationship turned out. Above anyone, Ken has been a guiding light for me during my years at F5. He was also my boss for a few of those.

From 2004-06, I was a Security Systems Architect in F5’s original Security Business Unit. Ken and Charlie Cano were the other two. During this time, I was part of a handful of people sharing F5's first security story. Part of the NA security overlay for sales helping close security business deals. Back then, we were positioning our FirePass SSLVPN and why it was better than the IPSECs of the era…and talking about TrafficShield, our Web Application Firewall at the time. It was a fun time training folks on hacking techniques like Forceful Browsing, Parameter Tampering and SQL Injections. But really, I owe a lot to the San Jose PD team like James Goodwin, Igor Plotnikov, Serge Charapaev and many other developers who shared their expertise with me along with Joel Dujsik & Joe Taylor in Support. On the WAF front, folks like Tom Spector, John George & Ido Breger shared intrusion techniques that I then turned into WOW moments for customers. We were a small but tight crew and were on the bleeding edge at the time.

As security solutions became part of sales, the SBU eventually disbanded and the SE managers needed a headcount and asked if I would relinquish mine. I was thinking of moving into support or another role but had 30 days to find that. Ken had moved on to Marketing by then and became the first Technical Marketing Manager at F5. When my role was eliminated, he brought me on to his TMM team.

From 2006-13, I was the Security TMM. During this time, I was the primary spokesperson for F5's security solutions covering access, SSL-VPN, application security/WAF and other evolving security topics. Our TMM team included Ken (‘til 2011 when he started Certification) Lori MacVittie, Alan Murphy & soon after, David Freedel. I learned so much from them and their specialized areas. We blew out whitepapers by the dozens, presented at all our conferences/events and told technical stories that regular folks could understand.

This is when I also started writing articles, blogs and producing videos. YouTube started in 2005 and with my theater background, I thought it would be a good way to share F5 stories. You might remember my opening of, ‘ALOHA!’ Big thanks to my good buddy Jonathan George who for many years was my camera guy. I also need to thank Erik Giesa since it was in 2009 when one day, he said to me, ‘I want you writing on DevCentral.’ OK, cool. And another thanks to Ken, for believing in the video stuff back then when many wondered, why is he doing that? Soon, videos were part of all our campaigns and that’s when I also developed the ‘In 5 Minutes or Less’ series. Let’s walk through a configuration in 5 minutes. Wildly popular and even had competitors drop some ‘in 4 minutes’ stuff. Name that tune!

Something else happened in 2007. Our daughter was diagnosed with a rare genetic disorder called HI/HA GDH. She was only 10 months old and we were in the hospital for two weeks. I still remember getting an email from Dan Matte, SVP Marketing at the time, telling me to take as much time as I need to care for my family, work will be there when I return. Deeply touched and what solidified my commitment to the company. They cared. And when we wanted to move to SoCal from San Jose for family reasons in 2010, they were fully supportive.

Folks like Alane Moran and Christine Pomeroy were excellent mentors for ‘spokesperson’ type stuff. How to engage with analysts, press and other entities that I had no experience with up to that point. Thanks ladies - really appreciate your guidance.

From 2013-16 after a promotion to Sr. I was one of the primary technical spokespeople for all F5 solutions along with covering emerging technologies like IoT, Mobile, Identity Theft and cloud. This was an amazing time. Traveling monthly to various trade shows and interviewing bunches of smart folks about technology. It’s pretty cool that we have a video record of what F5 was sharing over the years at these events. How the booth changed, the signage, messaging and even the t-shirts and giveaways.

Probably one of my most memorable video interviews was with John McAdam, F5 CEO at the time, during MWC 2015. He was gracious, insightful and funny. Another was Jeremiah Grossman, Security Luminary and fellow Island Boy. For 5 years straight (2010-15) Jer was gracious enough to get on camera with me at RSA and talk security. Our RSA2015 editionwas probably the best of the bunch.

Around the 2013-14 timeframe, I was lucky to be on what was called the Marketing Architecture Team led by Dean Darwin. We were a group of tech folks with marketing backgrounds and we built out a bunch of Reference Architectures for various solutions. From DNS to Cloud to Federation to NFV and others. We designed topologies, deployment scenarios, presentations and architecture diagrams. From high level to deep in the weeds, we created some cool solutions.

Like anything, the official TMM team eventually faded and we all joined up with other groups, primarily in Marketing. I think there was a point in 2015/16 where I was the only one still with a TMM title. But that too would change.

Late 2015, while I was planning some cool career moves within F5, my boss at the time suddenly left. And I was left with no real path as to what I’d do now that my manager was gone. Luckily, Steven Webster, who was running Digital Marketing at the time suggested I join the DevCentral team. They needed someone but I was initially reluctant since many technical skills had dwindled or vanished. I wasn’t configuring boxes daily; I wasn’t deep in the hands-on weeds of this stuff. I knew the ins and outs, but high-level business value is a much different story than this is how you do it. All I wanted to do was keep writing, speaking and producing videos. I cried for about 20 minutes to purge all that and embraced the chance to join the DevCentral crew.

And I’m glad I did.

From 2016-2018, I was a Sr. Solution Developer and during this time, I was part of the DC Community helping F5 customers get into the guts of F5 technologies and ensuring they have a positive experience within the community. It was an excellent move going from outbound talk-story to working with those who already know it. Sometimes, better than I. I needed to get back into the weeds a bit to keep some tech skills while learning new ones. I even passed Certification’s Exam 101 - Application Delivery Fundamentals!

And one of my dreams came true. A home studio.

While many ‘guys’ want their man-cave or home theater or game room, whatever. I had always wished, ‘if I only had a studio in my house.’ Well, Tony Hynes, Community Director, wanted me to produce LightBoard Lessonslike the ones John Wagnon and Jason Rahm produced and asked if I had a space to set up a studio. Hell yes I do! And fortunately, my wife agreed. I turned one of our spare bedrooms into a video studio complete with backdrops, pro lights, acoustic panels, nice camera and a 4ft x 6ft pane of Starfire glass with frame. It took about a month to get it right, especially with the lighting, but I’ve been able to produce over 20 LightBoard Lessons covering topics like DDoS, HTTP, DNS, Proxy's, IoT, VDI, Bots, MQTT, SAML and many others. During my DC days, I was also the liaison for the DevCentral MVPs (fantastic group) and handled the Social Media accounts. Great fun, great group and while I love 'em all, Chase Abbott was always my favorite. Morning sunshine!

Which brings me to July 2018. And, my last article entry here on LinkedIn called Me:Recently. I can wait while you read that.

OK, cool? 😊

Basically, I got caught in a RIF and was essentially unemployed. I was stunned to say the least. The company offered those who wanted, 30 days to find something internal. I took that and suffice to say, it worked out or I wouldn’t be writing this now. Huge appreciation to Preston Hogue for saving my skin and longtime friend Steve McChesney for helping shepherd it along. Incredibly & eternally grateful.

Since August 2018, I’ve been on the Security Marketing Team continuing what I enjoy – telling stories about information security by writing, producing videos & evangelizing. It is also somewhat surreal that I’m back in the Security Business Unit some 15 years later. As Steven Wright says, ‘Right now I'm having amnesia and deja vu at the same time. I think I've forgotten this before.’ And my current boss Kristen Grant has been a wonderful manager.

While I’ve been spewing my F5 15, what you might not know is that my wife Judy & I’s 15-year wedding anniversary is also this month. We got married June 15, 2004, and as I mentioned at the top, 5 days later on June 20, 2004 I flew from Honolulu to San Jose and June 21, I flew to Seattle for my first day at F5. Judy stayed in Hawaii for the next month packing up our stuff and shipping it to SJC.

Last week I was in Seattle for our Global Services Tech Summit. In honor of both 15’s, I had this crazy idea to renew our vows (to my wife’s surprise) in the new F5 Tower to celebrate both. With the help of some great folks in Corp Ops, Internal Comms and of course Ken Salchow officiating, we pulled it off. F5 helped arrange a spot on the 33rd floor Hub overlooking Puget Sound for our Vow Renewal. What an incredible experience being able to celebrate our milestone(s) with the company that’s been part of our ‘ohana for 15 years.

I’ve been so fortunate to have worked with lots of special people, many now close friends. Like Cecile DeLeon, Jacque Allison & Cindy Borovick. Had to include them.

Lucky to have been able to travel and experience Tokyo, London, Barcelona, Vienna, Singapore, Shanghai, Paris, Rome, Edinburgh and of course, Seattle.  

Thankful for a fantastic career, thus far, with an amazing company.

I’m thrilled and humbled to say, I made it 15 years. 

Next goal: 20

ps

90 Seconds of Security: In the Wild Malware for April 2019

A 90 second recap of 'In the Wild' Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in April 2019.

Get the details at: https://www.f5.com/labs/articles/threat-intelligence/vulnerabilities--exploits--and-malware-driving-attack-campaigns-in-april-2019




ps

TLS 1.3 Enterprise Adoption

With the new TLS 1.3 specification published by the IETF in August 2018, many organizations are adopting plans for the new specification. F5, together with Enterprise Management Associates, conducted research to better understand how enterprises are impacted by the growing use of encryption.

Get your copy today at: https://interact.f5.com/TLS-13-adoption-in-enterprise.html

 

ps

How Malware Evades Detection

Malware loves encryption since it can sneak around undetected. F5Labs 2018 Phishing & Fraud Report explains how malware tricks users and evades detection. 

Let's light up how evasion happens & get your F5 Labs 2018 Phishing & Fraud Report today.

F5 at RSA 2019

A Preview of F5 activities at #RSAC19. You can visit F5 March 4-8 in Booth S643 and www.f5.com/rsac for more details. See you in San Francisco!

SSL Visibility with SSL Orchestrator

Are You Equipped to Decrypt?

Over 80% of page loads are encrypted with SSL/TLS and Attackers commonly use encryption to hide malicious payloads. If you’re not inspecting SSL/TLS traffic, you will miss attacks, and leave your organization vulnerable. I light up how SSL Orchestrator provides robust decryption/encryption of SSL/TLS traffic.



ps