F5 Labs

When someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom.

In just four short years, encryption estimates have gone from almost non-existent (in the low single digits before 2013) to just over 50% by the end of 2016. How much of a victory is this?

One of the pillars of DevOps is automation. Along with that comes orchestration, which some might guess to be automation at a higher level of abstraction.

Hi. I’m Mike Convertino, CISO of F5 Networks, and I want to welcome you to an experiment we’re conducting here at F5. We’ve laid the foundation of this CISO to CISO portal on an idea that has traditionally been somewhat controversial in the security community: openness.

I’ve mentioned before how important strong risk management is to a CISO. When it comes to risk, the applications our users depend on are a big concern. In F5's 2016 State of Application Security survey, a majority of respondents cited security around applications as an area of great concern.

So far, we’ve seen IoT DDoS attacks on a Death Star scale. What's next for those of us that may be caught in the blast?

TrickBot, the latest arrival to the banking malware scene and successor to the infamous Dyre botnet, is in constant flux.

A new DDoS attack vector that leverages LDAP for reflection-amplification attacks is seeing increased usage.

We’ve all seen after-the-fact security camera footage of a wide variety of crimes splashed across social media and news sites. This visibility is a critical component of any judicial system, as it helps identify who did what and provides crucial, objective evidence of what actually happened.

Recently there have been several reports of a financial malware named TrickBot; this malware's code looks similar to Dyre.

According to DARPA, it takes an average of 312 days for security pros to discover software vulnerabilities such as viruses, malware, and other attacks. In hacker time, that’s a virtual eternity in which bad actors can wreak havoc.

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.

The Mirai botnet has infected hundreds of thousands of Internet of Things (IoT) devices, specifically security cameras, by using vendor default passwords for Telnet access.

F5 Labs analysts discovered a target pattern in the IBAN number formats as well as weekly changes to the script injection content. In May 2016, the F5 Security Operations Center (SOC) detected a generic form grabber and IBAN (International Bank...

F5 CISO Mike Convertino on things to keep in mind when developing a security approach to overcome the lack of visibility in the cloud. When Securing Your Applications, Seeing is Believing

HEIST is an example of how risk and threat are different, and why the distinction matters.

Malicious actors and eavesdroppers are forcing Internet communication into a single cryptographic protocol: SSL.

Customer engagement drives web application design, but user-generated content brings inherent security challenges.

Some of you may remember a time when national security was a question of the Army’s defence against international threats. Today, that picture looks very different. If anything,...

And we're watching Dridex. Here's the latest in this malware's evolution.