F5 Extends Security Reach to Large Language Models
F5 has extended and added support for web application scanning that is capable of identifying vulnerabilities in large language models (LLMs) to its application delivery and security platform (ADSP).
Additionally, F5 has added support for instances of its implementation of the NGINIX application delivery controller (ADC) running on Azure, in addition to extending the application programming interface (API) discovery capabilities provided to include any application using the F5 BIG-IP ADC.
Finally, F5 is adding support for Payment Card Industry Data Security Standard (PCI DSS) v4.0, the latest revision of a framework for securing credit card data that now requires client-side protections to thwart malicious scripts.
Chuck Herrin, Field CISO for F5, said these latest extensions to the F5 ADSP platform are part of an ongoing effort to unify the management of multiple cybersecurity workflows via a single platform that serves to both improve response times while also helping to reduce the total cost of cybersecurity.
That’s critical because in the age of artificial intelligence (AI), the amount of sensitive data being exposed has exponentially increased. For example, a survey of more than 600 IT professionals conducted by F5 finds that 96% are now deploying AI models, up from a quarter in 2023. As the number of AI models being deployed increases, the number of APIs being invoked increases by a factor of five, noted Herrin.
Half of those respondents are using AI gateways to connect applications to AI tools, and another 40% expect to be doing so in the next 12 months. Most are using those AI gateways to protect and manage AI models (62%), provide a central point of control (55%), and protect their company from sensitive data leaks (55%).
More than half (51%) are planning to use models across both cloud and on-premises environments for the foreseeable future.
In general, the report also finds 94% of respondents work for organizations that are deploying applications across multiple environments — including public clouds, private clouds, on-premises data centers, edge computing and colocation facilities. A full 79% also report their organization has recently repatriated at least one application from the public cloud back to an on-premises or colocation environment, citing cost control, security concerns and predictability.
Of course, hybrid IT environments present their own unique set of challenges, with inconsistent delivery policies (53%) and fragmented security strategies (47%) being the top challenges, the survey finds. One of the issues that F5 is trying to alleviate is the need to master a separate set of security frameworks for each application environment, said Herrin.
Each cybersecurity team will need to determine for itself how best to secure what have become highly distributed computing environments made up of a wide range of diverse platforms. Unfortunately, too many cybersecurity teams are still dependent on manual processes to secure an attack surface that only continues to expand, noted Herrin.
The one certain thing is that while cybersecurity teams are being held accountable for securing those environments, even though the overall size of the budget being made available to achieve that goal is not growing nearly as fast as the number of applications and platforms being deployed.
