F5 Networks (NASDAQ: FFIV), a global leader in application delivery networking, today announced that the latest release of the F5BIG-IP product family has been certified by ICSA Labs as a network firewall, helping customers protect their public-facing Web sites from today's massive cyber attacks.
The newly certified solution handles eight times more traffic at the same cost of the closest competitor's solution.
“F5 provides an entirely new and more intelligent approach for defending public-facing Web properties and DNS services against harmful attacks,” said Mark Vondemkamp, Director of Product Management at F5.
“Many of the world's largest and most prestigious brands are leveraging F5's BIG-IP solution to protect Web properties that have substantial traffic levels and are frequent targets of malicious attacks. An added benefit of our solution is that it delivers dramatically better price/performance than traditional firewalls.”
F5's approach is unique in that the security capabilities noted above can be deployed on BIG-IP Application Delivery Controllers (ADCs) - best known for providing industry-leading intelligent traffic management and optimisation capabilities. This firewall solution is part of F5's comprehensive security architecture that enables customers to apply a unified security strategy. For the first time in the industry, organisations can secure their networks, data, protocols, applications and users on a single, flexible and extensible platform: BIG-IP.
Details
The repeated failure of traditional network firewalls is a primary cause of outages and data leaks, which can profoundly impact revenue, degrade corporate reputations and jeopardise regulatory compliance.
Traditional security solutions attempt to piece together point products such as network firewalls, DDoS appliances, DNS appliances, Web application firewalls and basic ADCs. This point product approach not only increases complexity, it also contributes to network latency and adds multiple points of failure. Worse, these divergent solutions have no ability to integrate information from different attack vectors, leaving potential gaps in protection and making it impossible for organisations to deliver a unified defence.
“Many organisations are finding that their network firewalls operating at layer 3 or 4 in the TCP/IP stack are having problems protecting against application layer attacks because the traffic is encrypted by SSL,” said Jeff Wilson, Principal Security Analyst at Infonetics.
“Lacking the visibility and intelligence to inspect the entire protocol stack, traditional firewalls can't protect against today's increasingly sophisticated and massively distributed attacks. In addition, many network firewalls have only a fraction of the connection capacity required to handle the millions of requests per second that typify modern DDoS attacks.”
A better way to help protect applications, services
BIG-IP solutions reach well beyond the limitations of traditional network firewalls, enabling customers to:
* Reducehardware and operating costs by as much as 50%
* Perform comprehensive inspection services to defend against 30+ types of network and application layer DDoS attacks
* Respond rapidly to new security threats for which a patch does not yet exist, reducing the window of exposure
* Significantly limit revenue loss and damage to corporate credibility caused by malicious cyber attacks
The BIG-IP version 11.1 platform, which includes multiple modules that can be deployed as standalone or layered solutions, provides enhanced protection for DNS servers, as well as highly scalable Web access management capabilities and single sign-on services. In addition, it enables customers to dynamically create application security policies using context derived from leading vulnerability scanning tools.
The following characteristicsput F5's firewall solution in a class by itself:
Scalable Performance - BIG-IP devices support 2.8 million connections per second - eight times that of the closest competitor's solution, with only 360 000 connections per second.
Extensible and Adaptable Platform - Using F5's event-driven scripting language, iRules, application, security and network teams can quickly build new services that inspect, transform and direct application traffic.
Vulnerability Assessment - BIG-IP Application Security Managerintegrates with leading Web application scanning tools, including WhiteHat Sentinel, IBM Rational AppScan, Qualys QualysGuard WAS, and Cenzic Hailstorm, to help assess and mitigate vulnerabilities.
DNS Protection - BIG-IP Global Traffic Manager provides security, scalability, performance and control to help protect the DNS infrastructure from attacks (such as DDoS, DNS response hijacking and cache poisoning) that can cause DNS outages and reduce productivity.
High Performance and Flexible Access - BIG-IP Access Policy Manager on the F5 VIPRION high performance chassis takes advantage of the world's fastest ADC, delivering endpoint inspection, multifactor user authentication, L3-L7 access controls, and single sign-on capabilities.
Context Awareness - Because BIG-IP is fluent in application protocols, it can detect unusual application behaviour and block traffic accordingly.
Industry Certification - Customers worldwide rely on the independent, objective evaluation and product assurances of ICSA Labs, which specialises in certifying security solutions. Customers can be confident that ICSA-certified BIG-IP products meet specific and objective test criteria and deliver strong security protections.
Engaged Community - F5's DevCentral online community - with over 90 000 application developers, network professionals and IT architects worldwide - offers practical, real-world solutions to help bridge the gap that has traditionally existed between functional teams.
Today's news, which builds on F5's vision of the dynamic data centre, ties back to the BIG-IP version 11 announcement that focused on helping customers protect their Web 2.0 applications, secure their DNS infrastructures, and control application access and policies in a centralised manner. This new network firewall certification - the first of its kind available on an ADC - rounds out F5's existing ICSA Labs' certifications for its BIG-IP Web application firewall and SSL VPN solutions.
Supporting quotes:
“We cater to numerous industries - including energy, financial services, government, healthcare and retail - and virtually all our customers' top priorities include defence strategies against the increasing number of Web, network, DdoS and DNS attacks,” said Dan Thormodsgaard, VP of Solutions Architecture at FishNet Security. “BIG-IP gives us a common platform to deliver applications and rapidly respond to evolving threats, providing better value to our customers. The unification of high-performance data centre firewall services with an advanced platform, ADC is a smart combination to effectively address the new wave of aggressive attacks.”
“Our customers tell us that attacks on applications, DNS and their Web properties are among their primary security concerns,” said Alastair Broom, Solutions Director at leading global IT security provider Integralis. “Delivering high-performance data centre firewall services as part of the BIG-IP Application Delivery Controller platform is likely to generate strong interest in F5 from a market keen to put effective countermeasures in place to protect themselves against today's aggressive cyber attacks.”
“F5's most recent certification of BIG-IP as a network firewall demonstrates the company's commitment to being a security leader in the Application Delivery Controller space,” said Brian Monkman, Technology Programmes Manager at ICSA Labs.
Availability:
The BIG-IP data centre firewall solution is available today with the newest release of BIG-IP software, version 11.1. The solution is built on BIG-IP Local Traffic Manager (LTM) and may be extended to include multiple BIG-IP software modules, depending on customer requirements. To help organisations provide additional protection for DNS infrastructures, BIG-IP LTM can also be deployed with a DNS Services module, along with F5's other bundled ADC offerings.
The BIG-IP product family is ICSA Labs network firewall-certified and encompasses multiple products, including BIG-IP LTM, Global Traffic Manager, Access Policy Manager, Application Security Manager, WebAccelerator, and WAN Optimization Manager. These products are all currently available and can be deployed in concert.
Supporting resources:
F5 BIG-IP Data Centre Firewall - Overview
BIG-IP Data Centre Firewall Solution - SlideShare Presentation
High Performance Firewall for Data Centres - Solution Profile
The New Data Centre Firewall Paradigm - White Paper
Vulnerability Assessment with Application Security - White Paper
F5 Security Vignette: Hacktivism Attack - Video
F5 Security Vignette: DNSSEC Wrapping - Video
Share
ICSA Labs
ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security and health IT products, as well as network-connected devices, to measure product compliance, reliability and performance for many of the world's top security vendors. ICSA Labs is an ISO/IEC 17025:2005 accredited and 9001:2008 registered organisation. Visit http://www.icsalabs.com and http://www.icsalabs.com/blogs for more information.
F5 Networks
F5 Networks, the global leader in Application Delivery Networking (ADN), helps the world's largest enterprises and service providers realise the full value of virtualisation, cloud computing and on-demand IT. F5 solutions help integrate disparate technologies to provide greater control of the infrastructure, improve application delivery and data management, and give users seamless, secure and accelerated access to applications from their corporate desktops and smart devices. An open architectural framework enables F5 customers to apply business policies at “strategic points of control” across the IT infrastructure and into the public cloud. F5 products give customers the agility they need to align IT with changing business conditions, deploy scalable solutions on demand, and manage mobile access to data and services. Enterprises, service and cloud providers, and leading online companies worldwide rely on F5 to optimise their IT investments and drive business forward. For more information, go to www.f5.com.
You can also follow @f5networks on Twitter or visit the company on Facebook for more information about F5, its partners and technology. For a complete listing of F5 community sites, please visit www.f5.com/news-press-events/web-media/community.html.
F5, F5 Networks, iRules, DevCentral, BIG-IP, Access Policy Manager, Application Security Manager, Global Traffic Manager, Local Traffic Manager, LTM, WAN Optimization Manager, WebAccelerator, and VIPRION are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.
This press release may contain forward-looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as 'may', 'will', 'should', 'expects', 'plans', 'anticipates', 'believes', 'estimates', 'predicts', 'potential', or 'continue', or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.
Editorial contacts