F5 Networks Inc., a provider of Application Delivery Networking (ADN), announced Monday enhancements to its application and data security solutions, providing customers with comprehensive security strategies to prevent loss of service and data. F5’s new BIG-IP version 11 software, along with BIG-IP Application Security Manager (ASM), BIG-IP Access Policy Manager (APM), BIG-IP Global Traffic Manager (GTM), and BIG-IP Edge Gateway, to deliver a unified platform that helps protect Web 2.0 applications and data, secure DNS infrastructures, and establish centralized application access and policy control.
BIG-IP v11 continues to deliver on F5’s vision of a dynamic data center, giving IT staff the agility needed to innovate and drive business. It enables organizations to deploy high-performance, scalable services on demand, while keeping applications and data secure.
As cyber attacks change and their frequency continues to rise, IT departments are finding it increasingly difficult to address security concerns. Traditional point solutions such as network firewalls, anti-virus software, and intrusion detection / prevention systems focus on solving specific security issues and are often deployed on individual devices. This static approach hinders IT’s ability to enforce an integrated security policy and protect applications, users, and data.
Modern security attacks are sophisticated and multi layered, using several attack vectors that target the network as well as underlying applications and data. An attack might begin at the network layer with a denial of service (DoS) attack and then proceed to target application vulnerabilities through a web browser. Point solutions, such as traditional network firewalls, are inadequate to defend against these types of multi layer attacks as they offer no cross-layer visibility, detection, or protection capabilities.
“The latest rash of security attacks is catching many organizations by surprise because they mistakenly believe their siloed security solutions, such as network firewalls or IPS systems, offer enough protection,” said Karl Triebes, CTO and SVP of Product Development at F5. “While the attacks themselves cannot be prevented, most of the security breaches that result from these attacks can unquestionably be stopped. Defending against such multilayer attacks requires an integrated approach that combines network security, application security, and access control. This type of strategy will be even more critical as organizations begin to move their applications and data into the cloud.”
F5 BIG-IP v11 enhancements enable enterprises to create a dynamic data center environment for managing and protect the network, data, and applications—whether deployed in physical, virtual, or cloud environments. A dynamic data center environment is highly scalable and ensures that applications are always available and running at peak performance.
Version 11 enhancements to BIG-IP products and associated modules provide advanced security services. With F5’s web application firewall, BIG-IP Application Security Manager (ASM), organizations can protect interactive web 2.0 applications, such as a real-time stock site that continuously updates pricing information. BIG-IP ASM secures the application and displays an alert in the event of a policy violation. The alert, in the form of a unique blocking page, includes a support ID so the user can contact the network administrator to resolve the issue.
With a growing number of users accessing corporate resources from personal smartphones, tablets, and laptops, IT is now challenged to enforce common access and security policies across a vast range of devices, locations, and applications. BIG-IP Access Policy Manager (APM) and v11 put IT back in control by providing enhanced support for endpoint inspection, multiple authentication methods, single sign-on, and external access control lists.
With BIG-IP APM, administrators receive detailed information about users, applications, and the network, providing them the context they need to create network and application access policies—and the solution gives them a single point of control from which to enforce those policies globally. This centralized management capability can reduce IT costs and increase the productivity of users who are now able to access a broader range of domains and applications.
To provide application-level security and ensure adequate response time for users, administrators need powerful visibility and reporting tools. BIG-IP APM provides both, with its built-in and customizable reporting features and the industry’s first contextual user visibility tools. Now administrators can track information, such as who is online and when, what type of device and network they are using, and which applications and other resources they are accessing.
When DoS or DDoS attacks occur, DNS is just as vulnerable as the web application or service that is being targeted. To withstand attacks, it’s critical to have the ability to protect and scale the DNS infrastructure, and new features in BIG-IP Global Traffic Manager (GTM) provide both capabilities. With DNS Express, a high-speed authoritative DNS delivery solution, DNS query response performance can be improved as much as tenfold. DNS Express offloads existing DNS servers and absorbs the flood of illegitimate requests during attacks, while supporting legitimate queries. With this offload capability, customers can consolidate their DNS infrastructures by up to seventy percent.
With v11, BIG-IP GTM also integrates IP anycast, enabling queries to be received by multiple global traffic management devices that use the same IP address. This functionality provides linear performance scalability for BIG-IP GTM and DNS services with each F5 device that is added. Performance gains are more pronounced now that BIG-IP GTM is able to take advantage of F5’s clustered multiprocessing technology.
With the introduction of v11, BIG-IP ASM will be available as a virtual edition (VE), providing organizations with more flexible deployment options. Using BIG-IP ASM VE, customers can test applications in virtualized and cloud environments before deploying them in production. BIG-IP ASM VE also automatically updates all synced pool members whenever policy changes occur. This can significantly reduce IT’s management burden by eliminating the need to manually update devices in multiple locations.
“The most significant breaches of late have been through exploiting web applications. Web application firewalls have seen great advances, but single-layer solutions are no longer enough to fend off today’s sophisticated attacks,” said Greg Young, Research VP at Gartner. “It’s vital for organizations to take a dedicated approach to security—one that protects both the network and the applications.”
“The integration of F5 BIG-IP Access Policy Manager with Oracle Access Manager 11g can give customers a holistic enterprise architecture that helps simplify authentication and reduces infrastructure costs,” said Marc Boroditsky, VP of Product Management, Oracle Identity Management. “With the new version of BIG-IP, Oracle Access Manager 11g customers can also benefit from layered security services that provide additional protection for applications and data.”
“When it comes to delivering secure applications, confidentiality, integrity, availability, and privacy are vital requirements for any organization,” said David Lesser, president and CTO of Nexum. “For years, F5 has embraced application security and control through BIG-IP’s comprehensive layered security architecture. Nexum has tested the new BIG-IP v11 release and its many security-related features—from DNS DDoS and interactive web 2.0 application attack protection to unified access control with a dynamic architecture for single sign-on. We’re pleased to see firsthand how F5 continues to stand out in the market by enforcing application security and delivery through one centralized control point. By protecting applications, networks, and data throughout the delivery lifecycle, BIG-IP v11 ensures applications are protected from multilayer attacks, highly available, and running at peak performance.”
“Our managed mobility offerings already deliver secure provisioning, as well as data protection and management,” said Chris Hagios, CEO at Airloom. “With v11 and the BIG-IP Edge Gateway product, we’re able to extend those services to include secure network access. Edge Gateway delivers the functionality we need to easily integrate advanced network connectivity into the SilverbackMDM product, a secure management solution for endpoint devices. Now we can meet our customers’ most stringent needs, ensuring that their data is secure and accessible—from the endpoint to the network to core enterprise applications.”
BIG-IP version 11 software and virtual editions of F5’s BIG-IP Global Traffic Manager, Application Security Manager, and WAN Optimization Manager products will be available in the third quarter of this year.