What's New with NGINX Application Security Solutions
- 1. NGINX App Security Solutions Update DAPHNE WON ISAAC NOUMBA DANIEL EDGAR
- 2. | ©2021 F5 2 Agenda • NGINX App Security Solutions Overview • NGINX App Protect: New features for protection of modern apps • NGINX Controller App Security • Q&A
- 3. | ©2021 F5 NETWORKS 3 F5/NGINX is delivering on the promise of Adaptive Apps BIG-IP NGINX BIG-IP + NGINX + SHAPE BEACON & AI Simplifying traditional app delivery for multi-cloud environments Enabling modern app delivery at scale Securing every app anywhere Unlocking the value of app insights Web app firewall Secure access App/web server Anti-fraud & anti-bot Denial of service Ingress controller API gateway Load balancer APPLICATION SECURITY APPLICATION DELIVERY APPLICATION INSIGHTS TELEMETRY
- 4. | ©2021 F5 NETWORKS 4 Tackle Your Application Security Challenges Embed Security Policy Your Pipeline Integrate security controls directly into your pipeline with security as code. Secure Modern Apps Strong security controls for microservices, containers, APIs, and other modern topologies. Gain Security Insights Security tools that go beyond alerts with intelligent security insights about your apps and APIs.
- 5. | ©2021 F5 NETWORKS 5 Tackle your application security challenges Security policies and protections are optimized for DevOps workflow. Deploy and manage app security controls across distributed environments. NGINX & F5 Investments Embed Security Policy Into Your Pipeline Integrate security controls directly into your pipeline with security as code. Secure Modern Apps Strong security controls for microservices, containers, APIs, and other modern topologies. Gain Security Insights Security tools that go beyond alerts with intelligent security insights about your apps and APIs. Centralized visibility and insights dig into the root cause of application issues.
- 6. | ©2021 F5 NETWORKS 6 NGINX Controller App Security (Available Now for Controller ADC) (Coming soon for Controller API-Management)) NGINX App Security Offer Summary NGINX App Protect DOS NGINX App Protect WAF ModSecurity for NGINX Plus ModSecurity OSS à Compliance Requirements – Higher Performance – Easier Tuning à Individual App/ Infrastructure Emphasis Enterprise Emphasis w/ App Centric Controls and DevOps Ease of Use Free
- 7. | ©2021 F5 7 NGINX App Protect Update
- 8. | ©2021 F5 NETWORKS 8 NGINX Plus routes, hardens, and secures your apps and APIs. Decentralized, best-of-breed tools that developers need for agility. Deployed as specific “flavors” optimized for application, API, and Kubernetes environments. Microservices Control Plane Kubernetes Ingress Controller Service Mesh NGINX Ingress Controller NGINX Service Mesh CODE CUSTOMER Data Plane Web Server / Reverse Proxy API Gateway Load Balancer CDN NGINX Plus Bare Metal | Containers | VMs | Private Cloud | Public Cloud | Hybrid Cloud | Multi-Cloud App
- 9. | ©2021 F5 NETWORKS 9 Microservices Control Plane Kubernetes Ingress Controller Service Mesh NGINX Ingress Controller NGINX Service Mesh CODE CUSTOMER Data Plane Web Server / Reverse Proxy API Gateway Load Balancer CDN NGINX Plus Data Plane Security NGINX App Protect DoS WAF Bare Metal | Containers | VMs | Private Cloud | Public Cloud | Hybrid Cloud | Multi-Cloud App Adding in NGINX App Protect Strong app security Built for modern app architectures CI/CD Friendly
- 10. | ©2021 F5 10 Tools Recently Introduced for App Protect WAF CONFIDENTIAL Policy Converter Converts BIG-IP XML format ASM/AWAF security policy to App Protect JSON declarative format Policy Exporter Exports a fully-populated JSON policy with applied settings from the base template Signature Report Tool Exports signature metadata of the signatures installed on a system User-defined Signatures Converter Converts ASM/AWAF user-defined signatures to App Protect JSON format Repo of tools demo: https://github.com/aknot242/app-protect-tools
- 11. | ©2021 F5 11 Demo: Policy Conversion & Signature Report
- 12. | ©2021 F5 NETWORKS 12 API Security Features • JSON Schema Enforcement • OpenAPI/Swagger Enforcement • gRPC Protofile Enforcement
- 13. | ©2021 F5 13 Demo: Open API & gRPC Protection
- 14. | ©2021 F5 14 NGINX Controller App Security
- 15. | ©2021 F5 NETWORKS 15 NGINX Controller automates application infrastructure-as-code. Manages apps and APIs centrally to simplify operations and security… … accelerating time-to-market without introducing complexity. Simplify code to customer | Respond with intelligent insights | Empower with self-service
- 16. | ©2021 F5 NETWORKS 16 NGINX Controller App Security
- 17. | ©2021 F5 NETWORKS 17 App Security Add-on for Controller ADC F5/NGINX CONFIDENTIAL Multi-cloud, Multi-instance Management App-centric, Self-Service WAF Enablement App Protection App-centric Feedback Loop Visibility and Insights WAF Policy Tuning • Management across environments and clouds • Data plane type: customer managed-lifecycle instances on virtual machines • App (component) level WAF enablement via same declarative Controller ADC API and Controller UI • Lightweight WAF traffic service (NGINX App Protect) • Out–of-the-box default policy for protection for low false positives Using default policy: • OWASP Top 10 protection • Malformed cookie, JSON, XML • Response status code checks, file type checks • HTTP RFC compliance, evasion techniques • WAF outcome stats & WAF violation events using Controller Analytics API • Top WAF threats • WAF events and Metrics with WAF dimensions forwarding to Splunk, Datadog, syslog servers • Top signatures for false positives investigations • Blocking or monitor-only enforcement modes • Signature disabling at App Component (URIs)
- 18. | ©2021 F5 NETWORKS 18 F5/NGINX is delivering on the promise of Adaptive Apps BIG-IP NGINX BIG-IP + NGINX + SHAPE BEACON & AI Simplifying traditional app delivery for multi-cloud environments Enabling modern app delivery at scale Securing every app anywhere Unlocking the value of app insights Web app firewall Secure access App/web server Anti-fraud & anti-bot Denial of service Ingress controller API gateway Load balancer APPLICATION SECURITY APPLICATION DELIVERY APPLICATION INSIGHTS TELEMETRY F5 WAF Technology F5 WAF Technology F5 WAF Technology
- 19. | ©2021 F5 NETWORKS 19 “Bring You Own” Custom NGINX App Protect Policy Use Cases NGINX App Protect WAF migrates to Controller App Security 2 1 adds + Controller App Security NGINX App Protect migrating to Controller for simplified management and out of the box insights F5 Advanced WAF or ASM customers adding Controller for protecting modern apps F5 Advanced WAF
- 20. | ©2021 F5 NETWORKS 20 BYO NAP Policy: Pass Declarative JSON Policy To Controller F5/NGINX CONFIDENTIAL Custom NGINX App Protect Declarative JSON API GUI NGINX Controller App Security Add-on
- 21. | ©2021 F5 21 CONFIDENTIAL Controller BYO NGINX App Protect Policy Demo
- 22. | ©2021 F5 22 NGINX Controller App Security (Available Now for Controller ADC) (Coming soon for Controller API-Management)) NGINX App Security Offer Summary NGINX App Protect DOS NGINX App Protect WAF ModSecurity for NGINX Plus ModSecurity OSS à Compliance Requirements – Higher Performance – Easier Tuning à Individual App/ Infrastructure Emphasis Enterprise Emphasis w/ App Centric Controls and DevOps Ease of Use Free
- 23. | ©2021 F5 NETWORKS 23 Want to Learn More? NGINX App Protect 1. Request a free trial of NGINX App Protect https://www.nginx.com/free-trial-request/ 2. Learn more https://www.nginx.com/products/nginx-app-protect/ NGINX Controller (including Controller App Security) 1. Request a free trial of NGINX Controller https://www.nginx.com/free-trial-request-nginx-controller/ 2. Learn more https://www.nginx.com/products/nginx-controller/
- 24. | ©2021 F5 NETWORKS 24 Q&A
- 25. | ©2021 F5 25 Thank you