SCIENCE
F5's Enhanced BIG-IP Security Solutions Thwart Multilayer Cyber Attacks
F5 Networks announced
powerful enhancements to its application and data security solutions, providing
customers with comprehensive security strategies to prevent loss of service and
data. F5's new BIG-IP version 11 software--along with BIG-IP Application
Security Manager (ASM), BIG-IP Access Policy Manager (APM), BIG-IP Global
Traffic Manager (GTM), and BIG-IP Edge Gateway--delivers a unified platform
that helps protect Web 2.0 applications and data, secure DNS infrastructures,
and establish centralized application access and policy control. BIG-IP v11
continues to deliver on F5's vision of a dynamic data center, giving IT staff
the agility needed to innovate and drive business. It enables organizations to
deploy high-performance, scalable services on demand while keeping applications
and data secure.
Network Firewalls Alone Are
Inadequate Protection for Today's Cyber Attacks
As cyber attacks change and
their frequency continues to rise, IT departments are finding it increasingly
difficult to effectively address security concerns. Traditional point solutions
such as network firewalls, antivirus software, and intrusion
detection/prevention systems focus on solving specific security issues and are
often deployed on individual devices. This static approach hinders IT's ability
to enforce an integrated security policy and protect applications, users, and
data.
Modern security attacks are
sophisticated and multilayered, using several attack vectors that target the
network as well as underlying applications and data. An attack might begin at
the network layer with a denial of service (DoS) attack and then proceed to
target application vulnerabilities through a web browser. Point solutions, such
as traditional network firewalls, are simply inadequate to defend against these
types of multilayer attacks because they offer no cross-layer visibility,
detection, or protection capabilities.
"The latest rash of
security attacks is catching many organizations by surprise because they
mistakenly believe their siloed security solutions, such as network firewalls
or IPS systems, offer enough protection," said Karl Triebes, CTO and SVP
of Product Development at F5. "While the attacks themselves cannot be prevented,
most of the security breaches that result from these attacks can unquestionably
be stopped. Defending against such multilayer attacks requires an integrated
approach that combines network security, application security, and access
control. This type of strategy will be even more critical as organizations
begin to move their applications and data into the cloud."
Details
F5(R) BIG-IP v11
enhancements enable enterprises to create a dynamic data center environment for
managing and protect the network, data, and applications--whether deployed in
physical, virtual, or cloud environments. A dynamic data center environment is
highly scalable and ensures that applications are always available and running
at peak performance. Version 11 enhancements to BIG-IP products and associated
modules provide advanced security services, including:
-- Protection for
Interactive Web 2.0 Applications
With F5's web application
firewall, BIG-IP Application Security Manager (ASM), organizations can protect
interactive web 2.0 applications, such as a real-time stock site that
continuously updates pricing information. BIG-IP ASM secures the application
and displays an alert in the event of a policy violation. The alert, in the
form of a unique blocking page, includes a support ID so the user can contact
the network administrator to resolve the issue.
-- Unified and Dynamic
Access Control
With a growing number of
users accessing corporate resources from personal smartphones, tablets, and
laptops, IT is now challenged to enforce common access and security policies
across a vast range of devices, locations, and applications. BIG-IP Access
Policy Manager (APM) and v11 put IT back in control by providing enhanced
support for endpoint inspection, multiple authentication methods, single
sign-on, and external access control lists. With BIG-IP APM, administrators
receive detailed information about users, applications, and the network,
providing them the context they need to create network and application access
policies--and the solution gives them a single point of control from which to
enforce those policies globally. This centralized management capability can
dramatically reduce IT costs and increase the productivity of users who are now
able to access a much broader range of domains and applications.
-- Enhanced Management and
Reporting Capabilities
To provide
application-level security and ensure adequate response time for users,
administrators need powerful visibility and reporting tools. BIG-IP APM
provides both, with its built-in and customizable reporting features and the
industry's first contextual user visibility tools. Now administrators can track
information, such as who is online and when, what type of device and network
they are using, and which applications and other resources they are accessing.
-- Scalable DNS
Infrastructure with DDoS Attack Mitigation
When DoS or DDoS attacks
occur, DNS is just as vulnerable as the web application or service that is
being targeted. To withstand attacks, it's critical to have the ability to
protect and scale the DNS infrastructure, and new features in BIG-IP Global
Traffic Manager (GTM) provide both capabilities. With DNS Express, a high-speed
authoritative DNS delivery solution, DNS query response performance can be
improved as much as tenfold. DNS Express offloads existing DNS servers and
absorbs the flood of illegitimate requests during attacks--all while supporting
legitimate queries. With this significant offload capability, customers can
consolidate their DNS infrastructures by up to seventy percent.
With v11, BIG-IP GTM also
integrates IP anycast, enabling queries to be received by multiple global
traffic management devices that use the same IP address. This functionality
provides linear performance scalability for BIG-IP GTM and DNS services with
each F5 device that is added. Performance gains are even more pronounced now
that BIG-IP GTM is able to take advantage of F5's clustered multiprocessing
technology.
-- Flexible Application
Security Across all IT Environments
With the introduction of
v11, BIG-IP ASM will be available as a virtual edition (VE), providing
organizations with more flexible deployment options. Using BIG-IP ASM VE,
customers can test applications in virtualized and cloud environments before
deploying them in production. BIG-IP ASM VE also automatically updates all
synced pool members whenever policy changes occur. This can significantly
reduce IT's management burden by eliminating the need to manually update
devices in multiple locations.