Not only has cybersecurity become a joint public/private sector undertaking, but it’s also setting the pace for developers as they create digital products.

With the share of distributed computing companies at around 85%, emerging signals indicate the need for coherent application security across hybrid environments.

“The current state of RSA and the customer conversations that we’ve had is that more of them are trying to solve the security problem for their apps and their application programming interfaces as they distribute their applications around a variety of different infrastructures,” said Michael Rau (pictured, left), senior vice president and general manager of distributed cloud platform and security services at F5 Inc. “Most of the concerns we’re seeing from customers relate to consistently securing all of that and protecting both applications and APIs.”

Rau and Brian McHenry (right), vice president of product management for web applications and API security at F5, spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the need to secure apps at the API layer, given the dominance of distributed computing. (* Disclosure below.)

Securing the entire end-to-end network

The network is the one source of truth, both for coders creating business-critical applications and malicious actors looking to infiltrate. The existence of on-premises infrastructures, public cloud and hybrid cloud deployments have added extra complications to the tasks of keeping the network layer tight-knit and gapless.

In response, F5 recently announced its set of multicloud security solutions aimed at making distributed environments much easier to manage and secure, according to Rau.

“We’ve launched a secure multicloud solution based on our distributed cloud platform that’s specifically targeted at being able to provide consistent end-to-end security policy, no matter where the app is running,” he explained. “Customers are really resonating with the idea of one policy accompanying their apps wherever they go.”

Artificial intelligence and machine learning exist to simplify vastly complex tasks, and F5 set the technology to work powering web application firewalls and API security in its platform, McHenry added.

“We’ve gotten good at 5-tuple ACLs, but application security and API security have been far too complex to effectively secure at a massive scale,” he said. “Thousands of policies for web app firewalls or API security can be very onerous to operate. But when you get AI and ML involved, you can do the analysis not only of the application, but also of potentially malicious user intent.” 

In addition to protecting APIs when attacks happen, the embedded AI/ML systems are also designed to assess risk factors and preempt potential attacks even before they happen, according to Rau.

“When we look at AI and ML, it’s about protecting for things that haven’t happened yet or are happening to you the first time by looking at behavioral characteristics,” he said. “We use all of the AI and ML for the discovery of vulnerabilities based upon behavior. The other thing we use it for is API path discovery for an application for visibility but also an understanding of what’s normal behavior for that application.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: F5 Inc. sponsored this segment of theCUBE. Neither F5 nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE