F5 exec explores AI’s role in data security

A futuristic robot with a security guard hat, standing imposingly with its arms crossed, guarding a data vault.
Image created by DALL·E 3.

Network visibility has been a crucial component of enterprise security, particularly as hackers exploit organisations’ blind spots. Yet, new data challenges are complicating the threat landscape.

In this exclusive Frontier Enterprise interview, Aditya Sood, Senior Director of Threat Research and Security Strategy, Office of the CTO at F5, outlined the current complexities in data security and discussed the huge potential impact of AI in this regard.

Where is F5 currently in terms of application performance and application security?

Our product focus is on three main areas. First, we’re delving into the big IP space, encompassing DNS security and load balancing. Second, our primary focus is on API security. Third, we’re going into bot management. These areas are all supported by our distributed cloud, which offers several solutions. Currently, we see a lot of interest in API security, largely due to the concept of data exchange. This exchange is akin to handshakes happening at an exponential rate – from device to device, peer-to-peer, client to server, and server to server. With the rise of mobility, the concept of authorisation boundary is rapidly evolving, as data moves from one network to another.

One of the biggest challenges organisations face is gaining visibility into network traffic. This isn’t just standard traffic; it’s about understanding various protocols. It’s also about how clients are communicating through SaaS applications.

Aditya Sood, Senior Director of Threat Research and Security Strategy, Office of the CTO, F5. Image courtesy of GovWare.

We’ve seen that customers are interested in updating their visibility. This means they should know which API endpoints their clients are hitting, giving them the necessary insight for policy enforcement. Without this visibility, it’s almost impossible to effectively enforce security controls, because you don’t know what’s going on. F5 is addressing this by providing advanced API detection in the environment, including shadow APIs, and proper analytics. This gives our clients a clearer view of their network’s posture, showing them what we’re seeing.

And apart from that, we’re focusing on API security, particularly the protection of web applications and APIs at the server side. This includes e-commerce websites and various verticals where SaaS applications are deployed in the cloud, functioning like a dedicated host. So, at that point, they provide solutions for API protection. These solutions can take various forms, such as an app, NGINX, AppProtect, or even a more traditional deployment method.

We are seeing a lot of these things, primarily because HTTP remains the dominant protocol. In this context, risks and threats are escalating at the protocol layer, with other protocols also becoming increasingly susceptible to similar threats.

In addition, we’re also seeing a lot of interest in the enhancements to our big IP capabilities, notably in load balancing and, importantly, reverse proxies which facilitate local traffic management and analysis. F5 is also addressing significant issues in e-commerce platforms, where fraud and scams are increasingly prevalent. For example, organisations or e-commerce portals may pursue a particular product, but they face threats from malicious bots. These bots might hoard products when released on the website, quickly grabbing them “on the fly,” and then do black market selling later. To combat this, F5 provides proper bot management solutions, including scam detection, credential-stuffing attack prevention, and more. This niche is where we’re currently playing, and it’s gaining a lot of good traction.

With network visibility and load balancing issues existing for quite some time now, where are the new challenges coming from?

I think the major focus right now is at the application layer space. But stepping back, it’s also closely related to data security and sanctity. I’m saying data security and sanctity because while cybersecurity has always been important, it has increasingly become a data-centric problem. With the exponential generation of data by devices, the key questions are how to mine this data and derive prescriptive insights from it. This shift is leading us more towards AI systems, which require hardware acceleration to process large-scale data for better insights and outcomes. This is where I believe organisations are facing challenges.

It’s like a double-edged sword. The challenge isn’t just cost. The bigger problem is identifying indicators of compromise in such vast data sets. The critical task is to devise a method to process data generated from countless devices, spanning all directions – north to south, east to west. Mapping this data back is one of our most significant challenges, and it’s only going to intensify. This is because data generation won’t slow down. From a cybersecurity perspective, this is a major hurdle. This challenge extends beyond cybersecurity to other applications as well, like analytics. In these areas, understanding how to manage and interpret data from various verticals becomes crucial.

Another side effect of this scenario is the rapid obsolescence of data. With such a high volume of data being produced, it becomes outdated quickly. If policies, procedures, mechanisms, or frameworks aren’t updated to include an effective feedback system, incorporating new data sets, solutions will become obsolete rapidly. Systems may be running AI algorithms, but these are reliant on data. It’s essential to find ways to continuously feed new data back into these systems at rapid intervals. Without this, systems risk becoming obsolete, leading to data confusion and model decay. You might implement certain security checks, but the challenge is that attackers are constantly evolving, employing new techniques and models. So that new data needs to be fed into your algorithms. It’s a big challenge, and it remains to be seen how we’ll tackle it.

What is F5 currently working on?

We’re working on a couple of things currently. The first is internal: We are mapping our products. In exploring ways to extend this, we’re incorporating generative AI. Additionally, we are deeply involved in threat research specifically related to AI. There’s a widespread misunderstanding about AI at the moment. For instance, many think ChatGPT is AI, but it’s not; it’s an interface. The actual AI is a whole different ball game.

The next step is ensuring we have a structured model to accurately understand AI risks. We are developing this model, along with another that examines the quality, newness, and quantity of data and its impact on AI. Our initial goal is to comprehend these aspects thoroughly. Following that, we plan to use this understanding to enhance the productivity of our tool sets at F5, and add more functionality that people can use. For example, in the future, using an F5 product could mean accessing specific AI capabilities, like clearly defined large language models. The idea is to increase overall productivity, strengthen system integrity, and streamline data retrieval and analysis processes. We’re focused on building a complete risk-modelling approach for AI, customised based on F5’s data sets. I’m not sure if it’s going to be open source, but we are taking steps in that direction.