Deploying F5’s Web Application Firewall in Microsoft Azure Security Center

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

Applications living in the Cloud still need protection. Data breaches, compromised credentials, system vulnerabilities, DDoS attacks and shared resources can all pose a threat to your cloud infrastructure. The Verizon DBIR notes that web application attacks are the most likely vector for a data breach attack. While attacks on web applications account for only 8% of reported incidents, according to Verizon, they are responsible for over 40% of incidents that result in a data breach. A 2015 survey found that 15% of logins for business apps used by organizations had been breached by hackers.

One way to stay safe is using a Web Application Firewall (WAF) for your cloud deployments.

Let’s dig in on how to use F5’s WAF to protect web applications deployed in Microsoft Azure. This solution builds on BIG-IP Application Security Manager (ASM) and BIG-IP Local Traffic Manager (LTM) technologies as a preconfigured virtual service within the Azure Security Center.

Some requirements for this deployment are:

• You have an existing web application deployed in Azure that you want to protect with BIG-IP ASM
• You have an F5 license token for each instance of BIG-IP ASM you want to use

To get started, log into your Azure dashboard and on the left pane, toward the bottom, you’ll see Security Center and click it.

Next, you’ll want to click the Recommendations area within the Security Center Overview.

And from the list of recommendations, click Add a web application firewall.

A list of available web applications opens in a new pane. From the application list, select the application you want to secure.

And from there click Create New. You’ll get a list of available vendors’ WAFs and choose F5 Networks.

A new page with helpful links and information appears and at the bottom of the page, click Create.

First, select the number of machines you want to deploy – in this case we’re deploying two machines for redundancy and high availability. Review the host entry and then type a unique password for that field. When you click Pricing Tier, you can get info about sizing and pricing. When you are satisfied, at the bottom of that pane click OK.

Next, in the License token field, copy and paste your F5 license token. If you are only deploying one machine, you’ll only see one field. For the Security Blocking Level, you can choose Low, Medium or High. You can also click the icon for a brief description of each level. From the Application Type drop down, select the type of application you want to protect and click OK (at the bottom of that pane).

Once you see two check marks, click the Create button.

Azure then begins the process of the F5 WAF for your application. This process can take up to an hour. Click the little bell notification icon for the status of the deployment.

You’ll receive another notification when the deployment is complete.

After the WAF is successfully deployed, you’ll want to test the new F5 WAF and finalize the setup in Azure including changing the DNS records from the current server IP to the IP of the WAF.

When ready, click Security Center again and the Recommendations panel. This time we’ll click Finalize web application firewall setup.

And click your Web application.

Ensure your DNS settings are correct and check the I updated my DNS Settings box and when ready, click Restrict Traffic at the bottom of the pane.

Azure will give you a notification that it is finalizing the WAF configuration and settings, and you will get another notification when complete.

And when it is complete, your application will be secured with F5’s Web Application Firewall.

Check out the demo video and rest easy, my friend.

ps

Related:

• The dirty dozen: 12 cloud security threats
• Why Companies in the Cloud get Hacked
• 15 per cent of business cloud users have been hacked, research finds
• Azure and F5 WAF in the cloud
• Azure Security Center - How to protect your Web Applications in Azure

Innovate, Expand, Deliver with F5 CEO Manny Rivelo

F5 President & CEO, Manny Rivelo, shares his vision of Innovate, Expand, Deliver at #F5Agility15. Always insightful, Manny discusses his new role as CEO, what hybrid application services means to organizations, how F5 has evolved from just a load balancing company, how organizations use F5 solutions across hybrid environments and how F5 is all about the software. He also shares some perspective on the new BIG-IP v12 and his favorite part of F5 Agility. Applications without constraints. Thanks Manny!

ps

Related:

• F5Agility15 - The Preview Video
• Welcome to F5 Agility 2015
• Innovate. Expand. Deliver. F5 Agility 2015.
• F5 Agility 2015
• F5 YouTube Channel

Technorati Tags: f5,agility,f5agility15,rivelo,silva,ceo,big-ip,video,v12

Connect with Peter:	Connect with F5:

TechEd2013 – The Video Outtakes

The bloops, cuts, laughs, mistakes and outtakes from #MSTechEd 2013. We’re all human.

ps

Related:

• TechEd2013 – Find F5
• TechEd2013 – Network Virtualization & Cloud Solutions
• TechEd2013 – Secure Windows Azure Access
• TechEd2013 – The Top 5 Questions
• TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock)
• TechEd2013 – Gimme 90 Seconds Betcha Didn’t Know Edition (feat. Simpson)
• TechEd2013 – That’s a Wrap
• F5® Scales and Optimizes Windows Server 2012 Hyper-V Network Virtualization and Cloud Environments
• F5 Bridges the Physical and Virtual Worlds at Microsoft Tech Ed
• F5's YouTube Channel
• In 5 Minutes or Less Series (23 videos – over 2 hours of In 5 Fun)
• Inside Look Series
• Life@F5 Series

Technorati Tags: f5,teched,microsoft,video,outtakes,bloopers,mistakes,humor,fun,silva

Connect with Peter:	Connect with F5:

TechEd2013 – That’s a Wrap

I wrap it up from the Microsoft TechEd North America 2013 Conference. Special thanks to Jeff Bellamy, Greg Coward, Ryan Korock and Phil Simpson along with my camera operators Courtney, Natasha and Robert. Reporting from New Orleans, thanks for watching!

ps

Related:

• TechEd2013 – Find F5
• TechEd2013 – Network Virtualization & Cloud Solutions
• TechEd2013 – Secure Windows Azure Access
• TechEd2013 – The Top 5 Questions
• TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock)
• TechEd2013 – Gimme 90 Seconds Betcha Didn’t Know Edition (feat. Simpson)
• F5® Scales and Optimizes Windows Server 2012 Hyper-V Network Virtualization and Cloud Environments
• F5 Bridges the Physical and Virtual Worlds at Microsoft Tech Ed
• F5's YouTube Channel
• In 5 Minutes or Less Series (23 videos – over 2 hours of In 5 Fun)
• Inside Look Series
• Life@F5 Series

Technorati Tags: f5,teched,microsoft,msteched,azure,nvgre,network virtualization,silva,video,trade show,Hyper-V

Connect with Peter:	Connect with F5:

TechEd2013 – Gimme 90 Seconds Betcha Didn’t Know Edition (feat. Simpson)

The coolest trade show game show is back! F5 Business Development Manager Phil Simpson tests his F5 knowledge in this special ‘Betcha Didn’t Know’ Edition. When people hear of the many BIG-IP capabilities their response is often, ‘I didn’t know you could do that!’ Let’s see if Phil can win the limited edition psilva autographed F5 ball by sharing some unique BIG-IP features that you may not have known about. These are always fun.

ps

Related:

• TechEd2013 – Find F5
• TechEd2013 – Network Virtualization & Cloud Solutions
• TechEd2013 – Secure Windows Azure Access
• TechEd2013 – The Top 5 Questions
• TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock)
• F5® Scales and Optimizes Windows Server 2012 Hyper-V Network Virtualization and Cloud Environments
• F5 Bridges the Physical and Virtual Worlds at Microsoft Tech Ed
• F5's YouTube Channel
• In 5 Minutes or Less Series (23 videos – over 2 hours of In 5 Fun)
• Inside Look Series
• Life@F5 Series

Technorati Tags: f5,teched,microsoft,msteched,azure,nvgre,network virtualization,silva,video,trade show,Hyper-V,big-ip

Connect with Peter:	Connect with F5:

TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock)

After resisting for over 3 years, F5 Technical Director Ryan Korock finally joins me on camera to discuss the new NVGRE solution. This new solution—along with F5’s broader solution set—aims to help customers assure reliable performance regardless of how individual organizations choose to architect their systems. Through integration with Microsoft’s System Center 2012 Virtual Machine Manager, the F5 solution will dynamically serve as a bridge between customers’ virtualized and non-virtualized environments. F5 solutions can augment Windows Server 2012 Hyper-V Network Virtualization environments, providing notable benefits for organizations deploying Microsoft and F5 technologies in concert, including cloud and service providers.

ps

Related:

• TechEd2013 – Find F5
• TechEd2013 – Network Virtualization & Cloud Solutions
• TechEd2013 – Secure Windows Azure Access
• TechEd2013 – The Top 5 Questions
• F5® Scales and Optimizes Windows Server 2012 Hyper-V Network Virtualization and Cloud Environments
• F5 Bridges the Physical and Virtual Worlds at Microsoft Tech Ed
• F5's YouTube Channel
• In 5 Minutes or Less Series (23 videos – over 2 hours of In 5 Fun)
• Inside Look Series
• Life@F5 Series

Technorati Tags: f5,teched,microsoft,msteched,azure,nvgre,network virtualization,silva,video,trade show,Hyper-V

Connect with Peter:	Connect with F5:

TechEd2013 – The Top 5 Questions

I review the top 5 questions being asked in booth 816 at #MSTechEd 2013. Azure, NVGRE and TMG all make the list. There is a surprise at #5 but not to those of us in the booth. :-)

ps

Related:

• TechEd2013 – Find F5
• TechEd2013 – Network Virtualization & Cloud Solutions
• TechEd2013 – Secure Windows Azure Access
• F5® Scales and Optimizes Windows Server 2012 Hyper-V Network Virtualization and Cloud Environments
• F5's YouTube Channel
• In 5 Minutes or Less Series (23 videos – over 2 hours of In 5 Fun)
• Inside Look Series
• Life@F5 Series

Technorati Tags: f5,teched,microsoft,msteched,azure,nvgre,silva,video,trade show,Hyper-V,tmg

Connect with Peter:	Connect with F5: