In an exclusive conversation with CXO News & APAC News Network , Pratik Shah, Managing Director, F5, India & SAARC outlines how AI-ready API security services are creating a unified view of all security insights.
What are the products and services currently in the F5 portfolio in India?
Today, as organizations grapple with growing IT complexity and a rapidly shifting threat landscape, F5’s mission is to make our customers’ jobs ea
Our suite of solutions helps empower our customers to create, secure and operate their applications at a lower cost,without compromising on performance and value. value. A game-changer in solving our customers’ complexity of multi-cloud networking would be the F5 Distributed Cloud Services, a suite of SaaS-based security, networking, and application management services, that enable customers to deploy, secure, and operate their applications in a cloud-native environment. This suite of solutions also provides deep packet inspection, Layer 3 firewalls, Layer 4 to Layer 7 Web Application Firewalls, bot protection with AI-based intelligence, DDoS protection on-prem and the cloud, API protection, and API gateways.
Recently, API code testing and telemetry analysis capabilities have been added to F5 Distributed Cloud Services, creating the industry’s most comprehensive and AI-ready API security solution. This will reduce complexities and enable our customers to protect their AI-powered applications. Additionally, the new F5 AI Data Fabric takes on insight analysis to the next level, by enabling the extraction of insights from vast amounts of data. From the data, organizations can perform analytics, and train and deploy ML models for inference, enhancing the security and optimization of applications.
How does F5 leverage AI/ML to gather and analyze real-time data on emerging threats?
Attackers are taking advantage of the fast-changing application landscape with new attack methods to exploit the introduced attack surfaces. According to a report by PwC, 135% increase in novel social engineering attacks using AI tools like WormGPT and FraudGPT in just one month. Unlike the previous security threats faced by enterprise customers, the new advanced sophisticated attacks typically bypass well-established security controls, such as firewalls, and web application firewalls.
At F5 we understand the need for organizations to have AI-ready solutions and are making AI pervasive across our solution portfolio to protect against AI-driven threats and simplify the protection of complex applications. As mentioned previously, the introduction of API code testing and telemetry capabilities to our F5 Distributed Cloud Services, helps organizations to secure and manage their AI-powered applications across multi-cloud environments. Additionally, our Distributed Cloud Web App and API protection (WAAP) services, leverage AI/ML to mitigate complex API attacks, and more. Additionally, with NGINX App Protect and BIG-IP Advanced WAF, F5 gives customers the ability to secure any app and any API, anywhere.
Further to offering AI-ready API security services, F5 is also expanding its focus on API security by “shifting left” to address the entire API lifecycle. This enhanced solution, powered by the Wib platform and F5 Distributed Cloud API Security, goes beyond just discovery and protection. New features include API code analysis to identify risks before deployment, API testing to validate vulnerabilities, API compliance analysis to ensure regulatory alignment, threat surface assessment to monitor public assets, and a security fusion engine to create a unified view of all security insights.
What are the verticals where F5 is witnessing maximum traction and what are the prevalent use cases? How many customers are there for managed security services and from which verticals?
In today’s evolving landscape, a holistic multi-cloud security strategy is important for organizations of all sizes and verticals. F5 has been catering to organizations across BFSI, Telecom, Government/Public Sector, Technology Services companies, Healthcare, E-Commerce, and Manufacturing. While working with organizations across these sectors, we have witnessed that app security, API security, cloud security, and multi-cloud networking are the most sought-after use cases.
The rise in demand for cybersecurity skills and the talent shortage in India’s cybersecurity workforce (an estimated gap of around 790,000 professionals in 2023), makes India a huge market for managed security services across verticals.
How does F5 today differentiate itself in the highly competitive cybersecurity solution provider landscape?
Most of the IT solutions or cybersecurity solutions providers operate in a commoditized space such as security for only on-premise or cloud. However, F5 offers solutions that secure applications and API across all kinds of environments.
F5 stands out in cybersecurity with a comprehensive approach, as we offer robust application security (WAFs, DDoS protection) alongside AI-powered threat detection for real-time defense. Our solutions integrate security and application delivery, simplifying IT infrastructure across multi-cloud environments. Our suite of solutions and customer-centric approach also differentiate us from the rest of the solution providers. F5 delivers customized solutions tailored to the specific needs of our customers. By providing detailed support and consulting services, F5 ensures that its solutions are effectively implemented and managed, which enhances customer satisfaction and loyalty.
How has the technology from Shape Security helped F5 in a typical manufacturing setup with IoT and RPA installations?
Shape Security has now converged to be part of F5 Distributed Cloud Services. F5 Distributed Cloud Bot Defense (an offering stemmed from Shape Security’s capability) helps to protect infrastructure & applications from IoT botnets and helps analyze traffic before IoT devices access specific datasets including URLs. With F5’s advanced algorithm and signatures, traffic generated by RBA and IoT can be protected against Layer 7 DDoS/API attacks. (e.g. Auto manufacturers have deployed these services to control & inspect traffic initiated from car infotainment devices while complying with government norms).
What challenges do CISOs face today in information overload and siloed and distributed data?
Chief Information Security Officers (CISOs) face numerous challenges today, particularly regarding information overload and siloed and distributed data. These challenges can significantly impact their ability to effectively manage and secure organizational data. Here are some of the key issues they encounter:
Managing Data Volume and Complexity: The exponential growth of data and increase in complexity creates a significant burden on CISOs making it difficult for them to distinguish between relevant security threats and benign data.
Integrating Disparate Security Tools: Organizations often use multiple security tools and platforms, each generating its own set of data and alerts. Integrating these tools to create a cohesive security strategy is challenging.
Ensuring Consistent Security Policies: Data siloes exist across different departments and locations within an organization, often resulting in inconsistent security policies and practices. It becomes challenging for CISOs to ensure that all departments adhere to uniform security standards and protocols.
Rapid Incident Response: In a distributed data environment, detecting and responding to security incidents promptly is challenging. Data silos can delay the identification of threats and hinder coordinated response efforts.
What are the key pillars on which the F5 GTM strategy rests in India? What are some of the key initiatives under this strategy?
As mentioned earlier, we at F5, focus on protecting any apps and APIs across multiple cloud environments and have been continuously working with the application owners, across ver
With AI driving growth in the volume of apps and APIs, the ability to consolidate tools and have a single end-to-end API security solution has become a need of the hour for organizations across sectors. This is where F5 steps in with its AI-powered portfolio which would serve as an intelligent partner to stretched IT and security teams of our customers.
What is the overall channel structure that F5 currently follows in India? How are these differentiated between distributors, MSPs, ISVs, and SIs?
F5 follows a three-tiered model in India which includes end customers, MSPs/re-sellers, distributors, and OEMs. In the tech channel, various players fulfill distinct needs. Distributors act as wholesalers, supplying products to resellers like value-added resellers (VAR) and managed service providers (MSP). MSPs focus on ongoing IT management for clients, potentially including hardware and software sales. ISVs develop and sell their own software solutions, while SIs integrate technologies from various vendors to create customized solutions for specific client requirements.
What are the best practices that you recommend for CISOs for focusing on proactive defense instead of in a perennial firefighting mode?
Organizations are increasingly using applications to reach their customers, which has opened the doors to advanced cyberattacks. This makes security a major concern for CISOs to be addressed so that they can create a seamless application experience. Organizations must have a cybersecurity strategy that not only meets their application security requirements but is also aligned with their IT infrastructure as a whole. Here are some best practices that have proven to be effective to ensure web application security:
- Adopting a cybersecurity framework
- Maintaining security during web application development
- Automating and integrating security tools
- Performing consistent, threat assessment and security testing
- Encrypting web application data
- Constantly updating security patches
- Applying authentication, role management, and access control
- Avoiding Security Misconfigurations
- Train stakeholders with application security training
- Regular scanning for security threats
- Onboarding security solutions such as WAF & WAAP
What are going to be F5’s key focus areas in the next 12-18 months?
Our primary focus will continue to be helping our customers provide a secure and simplified digital experience through new application delivery infrastructures that offer better visibility, control, and security. Empowering our customers and partners to manage multi-cloud complexity and leverage AI to increase automation and reduce complexity will also be our focus for the next 12 to 18 months.
Discussion about this post