F5’s Enhanced BIG-IP Security Solutions Thwart Multilayer Cyber Attacks
New BIG-IP® v11 software release provides dynamic security services for centralized application access and policy control; improves attack protection for network, applications, and data.
F5 Networks, Inc. (NASDAQ:FFIV), the global leader in Application Delivery Networking (ADN), today announced powerful enhancements to its application and data security solutions, providing customers with comprehensive security strategies to prevent loss of service and data. F5’s new BIG-IP® version 11 software—along with BIG-IP Application Security Manager™ (ASM™), BIG-IP Access Policy Manager™ (APM™), BIG-IP Global Traffic Manager™ (GTM™), and BIG-IP Edge Gateway™—delivers a unified platform that helps protect Web 2.0 applications and data, secure DNS infrastructures, and establish centralized application access and policy control. BIG-IP v11 continues to deliver on F5’s vision of a dynamic data center, giving IT staff the agility needed to innovate and drive business. It enables organizations to deploy high-performance, scalable services on demand while keeping applications and data secure.
Network Firewalls Alone Are Inadequate Protection for Today’s Cyber Attacks
As cyber attacks change and their frequency continues to rise, IT departments are finding it increasingly difficult to effectively address security concerns. Traditional point solutions such as network firewalls, antivirus software, and intrusion detection/prevention systems focus on solving specific security issues and are often deployed on individual devices. This static approach hinders IT’s ability to enforce an integrated security policy and protect applications, users, and data.
Modern security attacks are sophisticated and multilayered, using several attack vectors that target the network as well as underlying applications and data. An attack might begin at the network layer with a denial of service (DoS) attack and then proceed to target application vulnerabilities through a web browser. Point solutions, such as traditional network firewalls, are simply inadequate to defend against these types of multilayer attacks because they offer no cross-layer visibility, detection, or protection capabilities.
“The latest rash of security attacks is catching many organizations by surprise because they mistakenly believe their siloed security solutions, such as network firewalls or IPS systems, offer enough protection,” said Karl Triebes, CTO and SVP of Product Development at F5. “While the attacks themselves cannot be prevented, most of the security breaches that result from these attacks can unquestionably be stopped. Defending against such multilayer attacks requires an integrated approach that combines network security, application security, and access control. This type of strategy will be even more critical as organizations begin to move their applications and data into the cloud.”
F5® BIG-IP v11 enhancements enable enterprises to create a dynamic data center environment for managing and protect the network, data, and applications—whether deployed in physical, virtual, or cloud environments. A dynamic data center environment is highly scalable and ensures that applications are always available and running at peak performance. Version 11 enhancements to BIG-IP products and associated modules provide advanced security services, including:
- Protection for Interactive Web 2.0 Applications
With F5’s web application firewall, BIG-IP Application Security Manager (ASM), organizations can protect interactive web 2.0 applications, such as a real-time stock site that continuously updates pricing information. BIG-IP ASM secures the application and displays an alert in the event of a policy violation. The alert, in the form of a unique blocking page, includes a support ID so the user can contact the network administrator to resolve the issue.
- Unified and Dynamic Access Control
With a growing number of users accessing corporate resources from personal smartphones, tablets, and laptops, IT is now challenged to enforce common access and security policies across a vast range of devices, locations, and applications. BIG-IP Access Policy Manager (APM) and v11 put IT back in control by providing enhanced support for endpoint inspection, multiple authentication methods, single sign-on, and external access control lists. With BIG-IP APM, administrators receive detailed information about users, applications, and the network, providing them the context they need to create network and application access policies—and the solution gives them a single point of control from which to enforce those policies globally. This centralized management capability can dramatically reduce IT costs and increase the productivity of users who are now able to access a much broader range of domains and applications.
- Enhanced Management and Reporting Capabilities
To provide application-level security and ensure adequate response time for users, administrators need powerful visibility and reporting tools. BIG-IP APM provides both, with its built-in and customizable reporting features and the industry’s first contextual user visibility tools. Now administrators can track information, such as who is online and when, what type of device and network they are using, and which applications and other resources they are accessing.
- Scalable DNS Infrastructure with DDoS Attack Mitigation
When DoS or DDoS attacks occur, DNS is just as vulnerable as the web application or service that is being targeted. To withstand attacks, it’s critical to have the ability to protect and scale the DNS infrastructure, and new features in BIG-IP Global Traffic Manager (GTM) provide both capabilities. With DNS Express™, a high-speed authoritative DNS delivery solution, DNS query response performance can be improved as much as tenfold. DNS Express offloads existing DNS servers and absorbs the flood of illegitimate requests during attacks—all while supporting legitimate queries. With this significant offload capability, customers can consolidate their DNS infrastructures by up to seventy percent.
With v11, BIG-IP GTM also integrates IP anycast, enabling queries to be received by multiple global traffic management devices that use the same IP address. This functionality provides linear performance scalability for BIG-IP GTM and DNS services with each F5 device that is added. Performance gains are even more pronounced now that BIG-IP GTM is able to take advantage of F5’s clustered multiprocessing technology.
- Flexible Application Security Across all IT Environments
With the introduction of v11, BIG-IP ASM will be available as a virtual edition (VE), providing organizations with more flexible deployment options. Using BIG-IP ASM VE, customers can test applications in virtualized and cloud environments before deploying them in production. BIG-IP ASM VE also automatically updates all synced pool members whenever policy changes occur. This can significantly reduce IT’s management burden by eliminating the need to manually update devices in multiple locations.
“The most significant breaches of late have been through exploiting web applications. Web application firewalls have seen great advances, but single-layer solutions are no longer enough to fend off today’s sophisticated attacks,” said Greg Young, Research VP at Gartner. “It’s vital for organizations to take a dedicated approach to security—one that protects both the network and the applications.”
“The integration of F5 BIG-IP Access Policy Manager with Oracle Access Manager 11g can give customers a holistic enterprise architecture that helps simplify authentication and reduces infrastructure costs,” said Marc Boroditsky, VP of Product Management, Oracle Identity Management. “With the new version of BIG-IP, Oracle Access Manager 11g customers can also benefit from layered security services that provide additional protection for applications and data.”
“When it comes to delivering secure applications, confidentiality, integrity, availability, and privacy are vital requirements for any organization,” said David Lesser, President and CTO of Nexum, Inc. “For years, F5 has embraced application security and control through BIG-IP’s comprehensive layered security architecture. Nexum has tested the new BIG-IP v11 release and its many security-related features—from DNS DDoS and interactive web 2.0 application attack protection to unified access control with a dynamic architecture for single sign-on. We’re pleased to see firsthand how F5 continues to stand out in the market by enforcing application security and delivery through one centralized control point. By protecting applications, networks, and data throughout the delivery lifecycle, BIG-IP v11 ensures applications are protected from multilayer attacks, highly available, and running at peak performance.”
“Our managed mobility offerings already deliver secure provisioning, as well as data protection and management,” said Chris Hagios, CEO at Airloom. “With v11 and the BIG-IP Edge Gateway product, we’re able to extend those services to include secure network access. Edge Gateway delivers the functionality we need to easily integrate advanced network connectivity into the SilverbackMDM product, a secure management solution for endpoint devices. Now we can meet our customers’ most stringent needs, ensuring that their data is secure and accessible—from the endpoint to the network to core enterprise applications.”
BIG-IP version 11 software and virtual editions of F5’s BIG-IP Global Traffic Manager, Application Security Manager, and WAN Optimization Manager™ products will be available in the third quarter of calendar year 2011.
- BIG-IP v11 Information Page
- BIG-IP v11 DevCentral Page
- iApps Page on DevCentral
- Application Security in the Cloud with BIG-IP ASM – White Paper
- High-Performance DNS Services in BIG-IP Version 11 – White Paper
- Secure, Optimized Global Access to Corporate Resources – White Paper
About F5 Networks
F5 Networks, Inc., the global leader in Application Delivery Networking (ADN), helps the world’s largest enterprises and service providers realize the full value of virtualization, cloud computing, and on-demand IT. F5® solutions help integrate disparate technologies to provide greater control of the infrastructure, improve application delivery and data management, and give users seamless, secure, and accelerated access to applications from their corporate desktops and smart devices. An open architectural framework enables F5 customers to apply business policies at “strategic points of control” across the IT infrastructure and into the public cloud. F5 products give customers the agility they need to align IT with changing business conditions, deploy scalable solutions on demand, and manage mobile access to data and services. Enterprises, service and cloud providers, and leading online companies worldwide rely on F5 to optimize their IT investments and drive business forward. For more information, go to www.f5.com.
You can also follow @f5networks on Twitter or visit us on Facebook for more information about F5, its partners, and technology. For a complete listing of F5 community sites, please visit www.f5.com/news-press-events/web-media/community.html.
F5, BIG-IP, Application Security Manager, ASM, Access Policy Manager, APM, Global Traffic Manager, GTM, DNS Express, Edge Gateway, WAN Optimization Manager, and DevCentral are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. Oracle and Java are registered trademarks of Oracle and/or its affiliates. All other product and company names herein may be trademarks of their respective owners.
This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors, including those identified in the company's filings with the SEC.
Source(s) : F5 Networks, Inc.
- Efficient Power Conversion (EPC) Introduces ...
- Citrix: Data Provides Insight into Mobile ...
- Silver Spring Networks Expands Smart City ...
- IXcellerate Whitepaper Explains How to ...
- ZTE Wins Best Optical Product - 100G Award
- Infonetics: Doubling Year-over-Year, ...
- DataFluidics, Intel and Mellanox collaborate ...
- QAD Enterprise Applications Supports ...
- C7 Data Centers Completes Premier 65,000 ...
- Research and Markets: Global Secure Socket ...