F5 Advanced WAF Playbook 2018 - Softchoice · F5 is uniquely positioned Application Protection |...

Overview Business DriversCapabilities &

Use Cases

Qualifying &

DiscoveryCompetition Sales Resources

Pricing and

Packaging

F5 Advanced WAF

Playbook 2018

April 2018


Use Cases

Qualifying &

DiscoveryCompetition

Pricing and

PackagingSales Resources

Mobile

Bot Mitigation

Credential Protection

App-Layer DoS

Hacker

Anti-bot

Mobile SDK

Bots

F5 Advanced WAF

Userscredentials

What is Advanced WAF Why Sell Advanced WAFMarket Opportunity Why Customers Buy

Protect against bots, credential attacks, and app-layer DoS

OverviewCapabilities &

Use Cases

Qualifying &


Pricing and

PackagingBusiness Drivers

$840

$941

$1,025

$1,100

$0

$200

$400

$600

$800

$1,000

$1,200

2018 2019 2020 2021

Total Market

High growth market fueled by proliferation of apps, APIs, and business

digital transformation

What is Advanced WAF Market Opportunity Why Sell Advanced WAF Why Customers Buy


Use Cases

Qualifying &


Pricing and


1%

2%

4%

5%

9%

11%

11%

14%

15%

0% 10% 20% 30% 40%

Denial of Service

Crimeware

Physical Theft and Loss

Payment Card Skimmers

Everything Else

Point of Sale

Miscellaneous Errors

Privilege Misuse

Cyber-Espionage

Web App Attacks 29%2017 Verizon Data

Breach

Investigations Report

”Web Application Attacks

remains the most

prevalent”

“Use of stolen credentials

against web applications

was the dominant hacking

tactic“

•Protecting apps is a hard problem to cost-efficiently solve

•Apps continue to be the #1 source of data breaches

•WAF deployment is leading practice – your customer is going to buy one

•Addresses a C-Level risk management concern



Use Cases

Qualifying &


Pricing and

Packaging

SENSITIVE DATA CLOUD

APPS

APIs

Half of applications remain vulnerable

APIs are being exploited and abused

Transformation createsoperational challenges

Web Application Firewalls are the fastest and most cost-effective way to address application vulnerabilities in production



Use Cases

Qualifying &


Pricing and

Packaging

Addresses Top Threat App Protections Advanced Protections

3%

11%

33%

53%

Other (VPN, PoS, infra.)

Physical

User / Identity

Web App AttacksWeb app attacks are the #1 single point of entry in successful data breaches…


Use Cases

Qualifying &


Pricing and

Packaging

Stop web attacks

Fix vulnerabilities

Risk & compliance

WAF

Technology

WAFs provide coverage

for OWASP Top 10

WAFs can be an

alternative to code review

WAFs fix vulnerabilities

promptly without

maintenance windows

WAFs don’t require

access to source code

or developers



Use Cases

Qualifying &


Pricing and

Packaging

Traditional WAF:

SSL/TLS InspectionSSL/TLS Inspection

ScriptingScripting

OWASP Top 10OWASP Top 10

Advanced WAF:

Malicious Bots

Credential Attacks

API Attacks

SSL/TLS Inspection

Scripting

OWASP Top 10



Use Cases

Qualifying &


Pricing and


Differentiation Bot Mitigation Credential Protection Application DoS OWASP Top 10API Security

F5 is uniquely positioned

Application Protection | Advanced WAF

• Mitigate bots for web and mobile apps

• Prevent credential theft and abuse

• Defend against application DoS

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from F5 Networks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Use Cases

Qualifying &


Pricing and


Automated attacks are increasing in frequency and sophistication

77% of web attacks are from bots

Mobile apps are a growing target

Malicious Bots

MobileProactive Bot Defense

Hacker

Anti-Bot

Mobile SDK

Bots

F5 Advanced WAF

Web

Advanced WAF | mitigate bots for web and mobile apps

✓ Proactive Bot Defense blocks web bots automatically

✓ F5 Anti-Bot Mobile SDK only allows trusted mobile users



Use Cases

Qualifying &


Pricing and


Hackers target credentials and sensitive data

3 billion credentials reported stolen in 2016

Credential Attacks

The victim is infected

with malware

Advanced WAF | prevent credential theft and abuse

✓ DataSafe encrypts and obfuscates sensitive data

✓ Brute Force Mitigation prevents credential stuffing



Use CasesBusiness Drivers

Qualifying &


Pricing and

Packaging

Application Denial of Service (DoS)

Advanced WAF | defend against application DoS

✓ Automated baseline and stress monitoring

✓ Behavioral analytics and machine learning

Application layer DoS has increased by 43%

Application layer DoS evades static security solutions



Use CasesBusiness Drivers

Qualifying &


Pricing and

Packaging

API Security

Unprotected APIs are being exploited

Modern application architectures leverage

Application Programming Interfaces (APIs)

Advanced WAF protects APIs:

✓ Rest API, JSON, SOAP, AJAX, XML, WSDL parsing

✓ Brute Force mitigation, attack signatures, L7 DoS



Use Cases

Qualifying &

DiscoveryCompetitionBusiness Drivers Sales Resources

Pricing and

Packaging

OWASP Top 10

A broad consensus on the most critical web application

security flaws

Advanced WAF protects from the OWASP Top 10:

✓ Mitigations for all well known persistent attacks

✓ Beyond OWASP: bots, credential theft, application DoS



Use Cases

Qualifying &


Pricing and


Qualifiers Key Stakeholders Discussion Questions Objection Handling

▪ New application initiatives

- Net new application deployments with budget

- Moving existing apps to cloud environments

- Business digital transformation projects

- Building new application APIs

▪ Compelling events

- Data breach

- Out of compliance / fines

- Failed audit

▪ Has competitive product

- Using Imperva, Barracuda, or other basic

WAF

▪ Few or limited applications

- No apps or apps are not a part of the business

model

- Low risk exposure for applications

- No application APIs

▪ No compelling event or initiative

- No pain

- No budget AND no pain

Qualifiers Disqualifiers

Check back in 3-6 months, things may have changed


Use Cases

Qualifying &


Pricing and


Stakeholder $ Top Concerns

CIO/CISO (or representative)Focus on business capacity and asset control

YesKeeping pace with business - Become an enabler of business and not an the bottle neck

Reducing business risk – Identification and implementation of risk mitigating controls

LOB/App Owner

Focus on speed to market/implementationYes

Business success - Leverage IT tools for business objectives, not deeply concerned with details of

deployment, just want to get it done. Don’t want to know the sausage ingredients, just want the finished

product

IT Ops/Director (Ops)Focus on availability, uptime, and resource

allocation

No Happy users / Operational success - Application availability, business as usual

Compliance Officer Focus on privacy and regulatory compliance

NoKeeping up to date – Regulatory & compliance laws: PCI-DSS, data protection.

Developing process - Implement technology and practices compliant with best practices

Director Risk ManagementFocus on implementation & awareness of risk

management

NoConsulting lines of business – provide education and training for risk management policy

Identify Risk Gaps – in business process and projects, escalate and work to resolution

Enterprise / Security ArchitectFocus on infrastructure, costs, and best

practices

No

Improving decision making - Technology strategy for enterprise operations.

Leading adoption - The identification, analysis, evaluation, and life-cycle management security

technologies



Use Cases

Qualifying &


Pricing and


Questions to Ask Follow-up Questions

How many web/mobile business apps do you

host?

Do you have the SecOps capacity to manage all of

your application security policies?

What are you doing to protect apps from

attacks?

What is the business impact of a an app outage or

breach? What about an app data breach?

How do you create and manage app security

policies?Are they efficient? How do you know?

How do you safeguard sensitive user data in

use by your applications?

What is the business impact of an app data breach?

If you could encrypt this data without impact to the

app or client, would you do it?

What percentage of your app traffic is from

bots? Do you have a solution in place to block

malicious bot traffic?

Would blocking bot traffic make your apps more

efficient? Reduce costs? How do you stop bot-

based fraud?



Use Cases

Qualifying &


Pricing and



Our customer have found that the Advanced WAF helps optimize efficiency and operational costs by using behavioral analytics to automatically generate and deploy optimal security policies. The added advanced features – for bot mitigation, credential protection, and data encryption have also been compelling drivers for our customers.

I already have a WAF, why should I care about F5 Advanced WAF?

I understand, basic WAFs are easy to use. However these only provide simple protections. With AWS you pay per rule and request. If you want to keep it simple, consider F5 managed rules for AWS WAF our managed service, Silverline. These provide simplicity and offer advanced protections created by F5 pros.

I’ll just use the AWS WAF


Use Cases

Qualifying &


Pricing and


Market Advantages Imperva

Bot Protection beyond signatures and reputation

✓ Web and mobile application protection

✓ Client fingerprinting

✓ Server performance monitoring

Account Takeover that stops credential theft and abuse

✓ Application Layer Encryption

✓ Obfuscation and evasion detection

✓ Comprehensive Brute Force mitigation including credential stuffing

Application DoS that adapts to changing apps

✓ Real-time application baselines

✓ Behavioral Denial of Service with machine learning

✓ Dynamic signatures with low false positives

Key F5 Advantages

✓ Bot Protection

✓ Account Takeover

✓ Application DoS


Use Cases

Qualifying &


Pricing and

Packaging

• Imperva lacks capabilities to defend against web and mobile bots, protect from data compromise, and mitigate application layer DoS.

• Imperva lacks bot protection for mobile apps, has no ability to protect from credential compromise, has limited ability to protect against client-side evasions, lacks server monitoring of mitigation effectiveness, lacks behavioral analysis or dynamic signature creation.

• There is serious performance degradation for SSL/TLS decryption for Perfect Forward Secrecy (PFS), content re-writing, and authentication.

• Imperva has a high TCO due to reliance on multiple subscriptions and requirements for Gateway and Management (MX) servers.

• There is no integration between SecureSphere and Incapsulsa (e.g. dynamic signaling), and Incapsula has a limited Security Operations Center (SOC) and customers become reliant on self-managed policies.

Market Advantages Imperva


Use Cases

Qualifying &


Pricing and

Packaging

Solution Components Platforms Upgrades and Migration Sample Orders

Standard WAF(ASM)

Anti-Bot

L7 DDoS

DataSafe

$ A.Bot M$ API Sec*

Base ADC

Upstream Signaling*

C. Device ID* (S)

Behavioral DoS Unlimited

Credential Stuffing DB*(S)

Threat Campaign* (S)

(S$) - Subscription ($) - Add On (I) – Advanced WAF

APP-LAYER

ENCRYPTION

BEHAVIORAL

DDOS

ANTI-BOT

MOBILE SDK

PROACTIVE

BOT DEFENSE

(*) – Coming soon


Use Cases

Qualifying &


Pricing and

Packaging

Th

rou

gh

pu

t

Virtual Editions (VEs)

• All F5 VEs

Cloud Platforms (Cal Q2)

• AWS

• Azure

• Google

Managed Services

• F5 Silverline

F5-BIG-AWF-i2800


$32,995

F5-BIG-AWF-i4800

F5-BIG-AWF-i7800

F5-BIG-AWF-i10800

$154,495


Use Cases

Qualifying &


Pricing and

Packaging

Customer Type What to Sell Available Add-ons

(At Launch)

New Customer Advance WAF

• Anti-bot mobile SDK

• DataSafe

• IP Intelligence

ASM stand-alone Upgrade to Advanced WAF


• DataSafe

• IP Intelligence

GBB (Best) Upgrade to Advanced WAF


• DataSafe

• IP Intelligence

LTM LTM Add-on for Advanced WAF


• DataSafe

• IP Intelligence



Use Cases

Qualifying &


Pricing and

Packaging


F5-BIG-AWF-I5800BIG-IP i5800 Advanced Web Application

Firewall (48 GB Memory, SSD, Max SSL, Max

Compression, vCMP)

BIG-IP Anti-Bot Mobile SDK Add-on License

for i5X00 Advanced Web Application Firewall

BIG-IP IP Intelligence License for

5250v/5050s/i5X00 (3-Year Subscription)

Installation BIG-IP Advanced Web Application

Firewall (per pair, standard hours)

BIG-IP Essentials Training (4 days)

F5-BIG-AWF-I10800BIG-IP i10800 Advanced Web Application

Firewall (128 GB Memory, SSD, Max SSL,

Max Compression, vCMP, Dual AC Power

Supplies)

BIG-IP Anti-Bot Mobile SDK Add-on License

for i10X00 Advanced Web Application Firewall

BIG-IP IP Intelligence License for

102XXv/10X5Xs/72XXv/705Xs/i7X00 (3-Year

Subscription)




F5-VPR-AWF-C4480-ACVIPRION 4480 Advanced Web Application Firewall

Chassis (4 x Slots, 4 x AC Power Supplies)

VIPRION 4450 Advanced Web Application Firewall

Blade NEBS (256 GB Memory, 6 x QSFP+ Ports, 2 x

QSFP28 Ports, NEBS Level 3 Certified)

VIPRION Anti-Bot Mobile SDK License for 4800

Chassis

VIPRION IP Intelligence License for 4800 Chassis (3-

Year Subscription)




Capabilities &

Use Cases

Qualifying &


Pricing and

PackagingOverview Business Drivers

Sales Motions Key ResourcesIncentives


Use Cases

Qualifying &


Pricing and

Packaging

Upsell Sales Motion Key ResourcesIncentives

Program Details:

• PIO opportunities must be created and closed between October 1, 2017 and September 30, 2018

• All qualified PIOs that include a qualifying WAF SKU above $10k will be eligible for rebate

• Maximum payout per opportunity is $20k USD

• List price is defined as the SKU price on F5’s price list

• Proof of Imperva displacement is required to earn kicker

• All qualifying PIO deals must be closed and booked at 100% in F5 systems on or before September 30, 2018

• Rebates will be paid at the end of every quarter for deals that closed in the previous quarter

• This rebate is stackable with other current F5 partner rebates and incentives; check Partner Central for additional information

F5 List Price Rebate

$10k - $50k $1000 USD

$50k - $100k $2500 USD

$100k + $4500 USD

Additional Kickers:

• 2x rebate when displacing an eligible Imperva product

• Additional $1000 for all ASM upgrade to Adv. WAF SKUs sold

WAF Rebate Program Offer details:

Sell any standalone, add-on ASM or WAF SKU (including Silverline) above $10k list price to earn a rebate. To qualify, it must be a Partner Initiated Opportunity (PIO) and meet the minimum list price target:

https://partners.f5.com/Program/Promotions/competitive-replacement-2000-to-15000-on-trade-ins

https://partners.f5.com/program/incentives


Use Cases

Qualifying &


Pricing and

Packaging

• Customer Deck

• Quick Reference Guide (QRG)

• Advanced WAF FAQ

• F5 Security Product Line Card

• Email Template

• Advanced WAF

• DataSafe

• Anti-bot SDK

• WAF Assessment Service

• IP Intelligence Service

• App Protect Library

• Gartner WAF Magic Quadrant

• OWASP Top 10 Webinar

• Case Studies

• F5 Labs

Upsell Sales Motion Key ResourcesIncentives

https://partners.f5.com/Solutions/AdvancedWAF





https://www.f5.com/pdf/products/F5_advanced_WAF_overview.pdf

https://www.f5.com/pdf/products/application-level_field_encryption_for_credential_and_data_protection.pdf

https://www.f5.com/pdf/products/integrate_F5_anti-bot_mobile_SDK_with_any_mobile_app.pdf

https://www.f5.com/pdf/professional-services/F5_Web_Application_Firewall_Assessment_Service.pdf

https://www.f5.com/pdf/products/ip-intelligence-service-ds.pdf

https://interact.f5.com/AppProtectLibrary

https://interact.f5.com/20170925.html

https://hive.f5.com/docs/DOC-46298

https://f5.com/solutions/customer-stories?tag=BIG-IP+ASM

https://f5.com/labs

F5 Advanced WAF Playbook 2018 - Softchoice · F5 is uniquely positioned Application Protection |...

Documents

Transcript of F5 Advanced WAF Playbook 2018 - Softchoice · F5 is uniquely positioned Application Protection |...