F5’s Enhanced BIG-IP Security Solutions Thwart Multilayer Cyber Attacks
As cyberattacks change and their frequency continues to rise, IT departments are finding it increasingly difficult to effectively address security concerns. Traditional point solutions such as network firewalls, antivirus software and intrusion detection/prevention systems focus on solving specific security issues and are often deployed on individual devices. This static approach hinders IT’s ability to enforce an integrated security policy and protect applications, users and data.
“Modern security attacks are sophisticated and multilayered, using several attack vectors that target the network as well as underlying applications and data,” said Robert Edinger, CISSP & Network Security Practice Manager, Milestone Systems. “An attack might begin at the network layer with a denial of service attack and then proceed to target application vulnerabilities through a web browser. Point solutions, such as traditional network firewalls, are simply inadequate to defend against these types of multilayer attacks because they offer no cross-layer visibility, detection or protection capabilities.”
F5 Networks is providing customers with comprehensive security strategies to prevent loss of service and data with powerful enhancements to its application and data security solution. F5’s new BIG-IP version 11 software — along with BIG-IP Application Security Manager (ASM), BIG-IP Access Policy Manager (APM), BIG-IP Global Traffic Manager (GTM), and BIG-IP Edge Gateway — delivers a unified platform that helps protect web 2.0 applications and data, secure DNS infrastructures, and establish centralized application access and policy control. BIG-IP v11 continues to deliver on F5’s vision of a dynamic data center, giving IT staff the agility needed to innovate and drive business. It enables organizations to deploy high-performance, scalable services on demand while keeping applications and data secure.
F5 BIG-IP v11 enhancements enable enterprises to create a dynamic data center environment for managing and protecting the network, data and applications — whether deployed in physical, virtual or cloud environments. A dynamic data center environment is highly scalable and ensures that applications are always available and running at peak performance. Version 11 enhancements to BIG-IP products and associated modules provide advanced security services, including:
• Protection for Interactive Web 2.0 Applications
With F5’s web application firewall, BIG-IP Application Security Manager (ASM), organizations can protect inter- active web 2.0 applications. BIG-IP ASM secures the application and displays an alert in the event of a policy violation. The alert, in the form of a unique blocking page, includes a support ID so the user can contact the network administrator to resolve the issue.
• Unified and Dynamic Access Control
With a growing number of users accessing corporate resources from personal smartphones, tablets and laptops, IT is now challenged to enforce common access and security policies across a vast range of devices, locations and applications. BIG-IP Access Policy Manager (APM) and v11 put IT back in control by providing enhanced support for endpoint inspection, multiple authentication methods, single sign-on and external access control lists.With BIG-IP APM, administrators receive detailed information about users, applications and the network, providing them the context they need to create network and application access policies — and the solution gives them a single point of control from which to enforce those policies globally. This centralized management capability can dramatically reduce IT costs and increase the productivity of users who are now able to access a much broader range of domains and applications.
• Enhanced Management and Reporting Capabilities
To provide application-level security and ensure adequate response time for users, administrators need powerful visibility and reporting tools. BIG-IP APM provides both with its built-in and customizable reporting features and the industry’s first contextual user-visibility tools. Now administrators can track information, such as who is online and when, what type of device and network they are using, and which applications and other resources they are accessing.
• Scalable DNS Infrastructure with DDoS Attack Mitigation
When DoS or DDoS attacks occur, DNS is just as vulnerable as the web application or service that is being targeted. To withstand attacks, it’s critical to have the ability to protect and scale the DNS infrastructure, and new features in BIG-IP Global Traffic Manager (GTM) provide both capabilities. With DNS Express, a high-speed authoritative DNS delivery solution, DNS query response performance can be improved as much as tenfold. DNS Express offloads existing DNS servers and absorbs the flood of illegitimate requests during attacks — all while supporting legitimate queries. With this significant offload capability, customers can consolidate their DNS infrastructures by up to 70 percent.
With v11, BIG-IP GTM also integrates IP Anycast, enabling queries to be received by multiple global traffic management devices that use the same IP address. This functionality provides linear performance scalability for BIG-IP GTM and DNS services with each F5 device that is added. Performance gains are even more pronounced now that BIGIP GTM is able to take advantage of F5’s clustered multiprocessing technology.
• Flexible Application Security Across all IT Environments
With the introduction of v11, BIG-IP ASM will be available as a virtual edition (VE), providing organizations with more flexible deployment options. Using BIG-IP ASM VE, customers can test applications in virtualized and cloud environments before deploying them in production. BIG-IP ASM VE also automatically updates all synced pool members whenever policy changes occur. This can significantly reduce IT’s management burden by eliminating the need to manually update devices in multiple locations.
To discuss what F5 can do for you, call the F5 integrator with the most experience: Milestone Systems, Inc. 877-771-9510
