Speaking at IP EXPO Europe, Ray Pompon, principal threat researcher at F5, said that applications are now at the center of business, the reason people use the internet and the gateway to data. Pompon said F5 research showed that 34% of web apps are considered mission critical, with 765 web apps used in the average organization.
However, “most of our security problems are happening at the app layer,” he added, and by applying threat intelligence to application security we can “know what is going to happen before the bad guys.”
Pompon argued that security problems arise around applications because they are all too often thought of as single devices, when they are actually ‘colony creatures’ made up of five tiers: services, access, TLS/SSL, DNS and network.
“All of these layers are integral to making an app work,” he said, “but attacks can target each of these tiers,” (see image 1) so it is vital to consider each of these tiers when approaching application security.