Back to all videos

Bringing Security Operations to the Network: F5 and CrowdStrike Together

By F5 DevCentral Community

Network SecurityCybersecurity PlatformsThreat IntelligenceCloud Security
Share:

Key Concepts

  • Adversary Tradecraft: The methods, techniques, and procedures (TTPs) used by cyber-attackers.
  • Lateral Movement: The process by which an attacker moves through a network after gaining an initial foothold.
  • Machine Speed: The necessity for security systems to operate at the speed of automated AI-driven attacks.
  • Single-Agent Architecture: A unified software agent used to collect telemetry and enforce security across diverse environments (endpoints, cloud, network devices).
  • Mean Time to Resolution (MTTR): A key performance metric measuring the average time required to resolve a security incident.
  • Telemetry: The automated process of collecting and transmitting data from remote sources for monitoring and analysis.

1. Strategic Partnership: F5 and CrowdStrike

The video highlights a first-of-its-kind collaboration between F5 and CrowdStrike. By integrating CrowdStrike’s security platform directly into F5 BIG-IP devices, the companies have enabled:

  • Enhanced Visibility: Direct monitoring of the control plane on network appliances.
  • Unified Security Operations: Security teams can manage network device security within the same Security Operations Center (SOC) workflow used for endpoints and cloud workloads.
  • Proactive Defense: The ability to detect and alert on nefarious behavior occurring within network infrastructure, which is often a target for attackers seeking a foothold for lateral movement.

2. The Evolving Threat Landscape

Chris Katchkin provided critical insights into the current state of cyber threats:

  • Increased Velocity: The "breakout time"—the time it takes for an adversary to move laterally after landing on a device—has plummeted from 58 seconds to 27 seconds in the last year.
  • AI Augmentation: Adversaries are increasingly utilizing AI to accelerate their attack cycles, necessitating a shift toward AI-augmented defensive tooling.
  • Targeting Non-Traditional Assets: Attackers are specifically targeting network devices and non-traditionally managed infrastructure as entry points to bypass standard security perimeters.
  • Adversary Tracking: CrowdStrike currently tracks over 284 distinct adversary groups, including nation-states and organized crime syndicates.

3. The "Platform" Philosophy

CrowdStrike defines its platform through a specific architectural approach:

  • Standardization: Using a single agent across all workloads (laptops, servers, cloud containers, and network appliances) to ensure uniform telemetry and data reporting.
  • Operational Efficiency: By providing a consistent "look and feel" across the entire IT estate, security analysts require less training and can respond to threats more effectively, even when resources are stretched thin.
  • SaaS-Based Centralization: All data is funneled into a single SaaS location, allowing for a cohesive view of the entire fleet.

4. Methodology: Combating Machine Speed

To counter the speed of modern adversaries, the speakers emphasized:

  • AI-Augmented Defense: Organizations must adopt AI-driven security tools to match the "machine speed" of attackers.
  • Process Augmentation: The goal is to empower human analysts to do more with existing resources by automating detection and response processes.
  • Closing Attack Paths: By securing network devices (like F5 BIG-IP), the partnership effectively shuts down specific "tradecraft" paths that attackers rely on to establish persistence.

5. Notable Quotes

  • "The fastest time that we saw an adversary land on a device or endpoint and start moving laterally... shrunk from 58 seconds down to about 27 seconds this year." — Chris Katchkin
  • "It’s no longer just... remote code exploitation, but things like identities and other stuff come into play." — Chris Katchkin
  • "We’re seeing our customers... having to basically fall back to using AI-augmented tooling... to keep up at machine speed with the adversaries." — Chris Katchkin

Conclusion

The collaboration between F5 and CrowdStrike represents a significant shift in network security, moving away from siloed appliance management toward a unified, platform-centric model. As adversaries leverage AI to cut breakout times to under 30 seconds, the integration of security telemetry directly into network infrastructure is no longer optional. The primary takeaway is that organizations must prioritize unified visibility and AI-augmented response capabilities to maintain parity with the speed and sophistication of modern cyber-adversaries.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "Bringing Security Operations to the Network: F5 and CrowdStrike Together". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video