SafetyDetectives spoke with Angel Grant, Vice President of Security at F5, about emerging cybersecurity threats, how companies should evaluate their current security solutions, the positives and negatives of AI in cybersecurity, and more.
Hi Angel, Can you introduce yourself and your current role at F5?
I’m the Vice President of Security at F5. I have more than two decades of cybersecurity experience and have been actively involved in influencing the cybersecurity industry in many different ways, ranging from participating on the board of advisors for the PCI Council, NACHA and FS-ISAC, as well as engaging with the Federal Reserve Secure Payments Task Force.
I joined F5 about two years ago because I was incredibly impressed with the company’s vision and strategy to make our digital world a safer place and really lean into the cybersecurity offerings.
What are some of the specialties that make F5 stand out?
To start, it’s important to mention that around 85% of Fortune 500 organizations and many other global organizations rely on F5 to protect and enable applications and digital experiences that are vital to their digital transformation efforts and growth strategies. Interestingly, F5 exclusively caters to businesses, not consumers. Consequently, many people might not recognize our brand, despite interacting with our technology daily.
Our technology safeguards the most valued assets in users’ personal and professional lives. For instance, it secures the login processes for banking, medical records, shopping, travel bookings, and even government portal activities, such as receiving unemployment benefits.
We’ve been helping organizations for over 25 years, ensuring their apps and APIs are secure, available, and performing. We’ve evolved from being known as just a load balancing company to being recognized as a leading provider in cybersecurity, which was one of the reasons I joined F5. We are one of the few players that is 100% focused on application security, at a time when threats targeting organizations are rapidly growing.
We can securely optimize any app and API, no matter where they reside – on-premises, in the cloud, or at the edge. This is achieved through our diverse portfolio and distinctive capabilities that span across hardware, software, SaaS, and managed services. This comprehensive approach provides a unique perspective on how to help companies deliver an experience that keeps their customers returning, while simultaneously protecting them.
End user expectations continue to grow, and new regulations hold companies more accountable. Therefore, we’ve invested heavily in our distributed cloud platform, which is a hybrid and multi-cloud solution. This platform simplifies securing, delivering, and optimizing both traditional and modern apps. This past spring, we announced new security and multi-cloud networking capabilities that uniquely position F5 to make networking easier, by connecting and securing apps and APIs.
Our multi-cloud networking is not just about connecting clouds at the network and transport layer. Our approach includes integrated app security capabilities, including web application firewalls, API security lock management, and DDoS protection. Our distributed cloud services connect distributed environments, multiple cloud ecosystems, on-premises data centers, and the actual applications deployed in those environments.
In summary, three aspects make F5 stand out:
- We comprehensively protect what matters most to organizations – their apps, APIs, and underlying infrastructure – and we can easily integrate within their existing security ecosystems.
- We meet organizations where they’re at, rather than forcing them to invest in new tools.
- We help organizations struggling with resource and budget constraints by simplifying operations with consistent security across their entire digital fabric.
What are some of the emerging cybersecurity threats that organizations should be aware of and how can they be prepared to stop them or to block them?
I’ve been involved in the cybersecurity industry for almost two decades and learned that disruption invariably presents opportunities for disruptors. Currently, cybercrime, which amounts to the world’s third-largest economy at about $6 trillion, is being driven by two major disruptions: generative AI and the vast sprawl of shadow APIs and scripts.
Generative AI represents a significant cybersecurity threat. A KPMG survey indicated that 65% of executives believe generative AI will impact their organizations within the next three to five years. Yet, fewer than half of the respondents acknowledged that they didn’t possess the necessary technology, talent, and governance to succeed. Understandably, the complexity of establishing and operating these technical capabilities can be overwhelming, providing ample opportunities for criminals to exploit weaknesses in people, processes, and technology. For instance, we’ve seen AI used to accelerate attacks and commit fraud, such as socially engineering a person to bypass CAPTCHA, harvesting personal financial information through AI-aided chatbots, or impersonating individuals to conduct sophisticated phishing attacks.
APIs and third-party scripts represent another area of vulnerability. Our office of the CTO estimates that by 2030, there will be more than a billion APIs in production. The explosion of APIs is leaving organizations susceptible to attacks ranging from credential stuffing, business logic abuse, to DDoS attacks, all of which can lead to identity theft and fraud. Criminals are aware that many organizations struggle to manage, track, and secure the rapidly scaling pool of APIs and scripts, leading to potential security and privacy risks.
So, how do we counter these threats? The first step is to be aware of and understand the vulnerabilities. Then we need to develop and implement robust security strategies and systems, train and empower our people, and establish effective governance structures. It’s also important to keep up with regulations and compliance requirements, such as the recently released PCI DSS version 4, which has specific provisions to address the security needs for shadow APIs and scripts. We should also anticipate more focus on these areas from a regulatory perspective in the future.
So with that in mind, what considerations should companies keep in mind when evaluating their security solutions to ensure that they’re compatible to stop all of these advanced attacks?
When evaluating security solutions, I recommend that organizations consider their multi-cloud networking strategies. We’re already witnessing a shift towards multi-cloud. According to F5’s 2023 State of Application Security report, 85% of organizations plan to use hybrid architectures for the foreseeable future. This adds complexity and increases the attack surface.
Despite the complexity, cost, and vulnerability, hybrid IT and multi-cloud distributed environments are becoming the new norm. Therefore, when organizations are considering security solutions, they need to think about mitigating this complexity while enhancing the security and reliability of their apps and APIs. They need to ensure compatibility with their current infrastructure of apps, and also ensure that it’s extendable for future app development.
F5 is one of the few companies effectively tackling the issue of cloud complexity for application security and delivery through our offerings. We’re well-positioned to seamlessly support multi-cloud and hybrid environments by extending application security services across public clouds, hybrid Docker architectures, and edge sites.
When evaluating security solutions, it’s important to look at their multi-cloud strategy and consider how it can help future-proof their security strategy.
We’ve talked about the negative side of AI and machine learning, but how do you see their role in enhancing cybersecurity practices?
This is an exciting topic because the potential for AI to be used for good is enormous. There are very few technologies that have as much impact across all organizations and industries as AI. For those who fail to harness this game-changing technology, the risk of being left behind is real. Therefore, it’s crucial that the cybersecurity industry proactively adopt AI to combat AI-driven crime.
Security from the start is key. Traditionally, security was an afterthought in development, leading to a dramatic increase in cybercrime. However, as we become more digital, the complexity increases, leading to more vulnerabilities. Therefore, it’s crucial to think about security from the design stage and leverage AI in our cybersecurity strategies to be proactive against future threats.
Understanding how criminals use AI against us is the first step. They’re currently using AI as an accelerator, reducing the economic barriers to commit crime. Therefore, it’s crucial to consider how we can use AI to defend against malicious AI attacks. A good AI strategy should account for legal, ethical, and operational considerations to ensure security, privacy, and compliance from the start.
When leveraging AI in your security practice, consider the use cases where AI can provide the most significant benefit. Understand the necessary resources required to implement AI successfully. Establish the right governance framework to manage the safety of customer data and ensure compliance with privacy and copyright laws in every country you do business.
Practical ways organizations can enhance their cybersecurity practices with AI include fraud detection, understanding user intent, improving app code development, and addressing security staff shortages by automating tasks like monitoring security logs and responding to alerts. F5 has been using AI in our product strategy for several years now to help organizations rapidly defend against bots and retool their defenses as quickly as criminals retool their tactics.
As cybersecurity threats continue to evolve rapidly, how do you recommend organizations stay updated and continually enhance their security posture?
There are several steps organizations can take to continually enhance their security posture and keep up with the rapidly evolving threat landscape. To begin with, establishing a baseline is essential. This involves setting strategic objectives and adapting as quickly as criminals do to stay updated and improve security.
A crucial part of creating this baseline is conducting security strategy assessments. These assessments should evaluate risk and compliance, and assess existing security governance – including data privacy, third party risks, and regulatory compliance. Frameworks like the NIST cybersecurity framework can be invaluable in this process.
During these assessments, organizations should look for vulnerabilities in people, processes, and technologies to understand potential areas of compromise. For the ‘people’ aspect, organizations should ensure they have appropriate access controls and have properly trained their staff. This could involve adopting principles like zero trust and risk-based security, such as least privilege access control and risk-based authentication.
When assessing ‘processes’, organizations need to ensure they have clearly documented policies for certifying, engaging, monitoring, and alerting. An inventory and audit of APIs and scripts can be useful here, as can a process for continuously monitoring and protecting API endpoints to detect changes and compromises.
On the ‘technology’ front, organizations need to ensure they have the right tools to detect and react when their sites are being compromised. This includes the ability to respond to changing life cycles, and importantly, to automate responses. By centralizing the location where teams can quickly review API and script changes and alerts, organizations can automate responses more efficiently.
By doing all these things, organizations can continuously enhance their security posture by building on a strong baseline. Regular re-evaluations will ensure they stay up to date with the ever-changing security landscape.