Embed Size (px)
DESCRIPTION
F5’s certified firewall protects against large-scale cyber attacks on public-facing websites. F5 solution delivers significantly better price and performance than traditional firewalls. ICSA Labs certifies BIG-IP Application Delivery Controllers to defend against DDoS and multilayer attacks.
Citation preview
BIG-IP Data Center Firewall Solution
© F5 Networks, Inc.
2
F5® BIG-IP® product family has been certified by ICSA Labs as a network firewall
Performs and scales substantially better than competitor solutions
Defends against 30+ types of network and application layer DDoS attacks
Responds rapidly to new security threats for which a patch does not yet exist, reducing the window of exposure
Significantly limits risk of revenue loss and damage to corporate credibility caused by malicious cyber attacks
Announcement Highlights
© F5 Networks, Inc.
3
The world’s fastest and most extensible
Data Center Firewall
© F5 Networks, Inc.
4
The Current DC Security Model is Broken
InternetWeb Servers
LoadBalancer
DNS Security
Network DDoS
Web Application Firewall
Web AccessManagement
LoadBalancer
& SSL
1. Lack of performance and scale
2. Inability respond to changing threats
3. Failure to extend new services
4. Complexity and cost of multiple vendors
Application DDoS
Firewall
© F5 Networks, Inc.
5
Traditional ApproachUnified Security Architecture
FIREWALL
DDOS
PROTECTIONWEB APP
FIREWALL
LOAD BALANCER
ACCESS
MANAGEMENT
DNS
SECURITY
© F5 Networks, Inc.
6
What Has Been Missing?BIG-IP Now Certified as Network Firewall
UserAccess
App
Security
DataProtection
Network
Security
© F5 Networks, Inc.
7
iRULES
iCONTROLiAPPS
TMO
S
TMO
S
TMO
S
NETWORK FIREWALLNETWORK FIREWALL
SSL TERMINATIONSSL TERMINATION
PROTOCOL SECURITYPROTOCOL SECURITY
DDoS PROTECTIONDDoS PROTECTION
DYNAMIC THREAT DEFENSEDYNAMIC THREAT DEFENSE
GTM ASM APMMODULE SECURITY
DNS WEB ACCESS
DN
S
WEB
ACCE
SS
LTM
© F5 Networks, Inc.
8
Slash Response Times
Help neededDevCentralrequest
One hour laterF5 validates and posts fix
One week laterApache releasesfix
One week later… testing and rollout still need to take place.
Extensibility delivers protection sooner
One hour later… the customer deployed and validated the fix.
A user asks for help to avoid an exploit on Apache.
© F5 Networks, Inc.
9
Server
Server
Server
Server
Server
Server
Server
Server
VIPRION
Single DevCentral iRule mitigates vulnerability for all back end services
Staff can schedule patches for back-end services on their own timeline
HashDos – Post of Doom
“HashDos – Post of Doom” vulnerability affects all major web servers and application platforms
© F5 Networks, Inc.
10
Use Case: Internet Data Center Perimeter FirewallPerimeter Firewall with Load Balancer
Today
Load Balancer
Overview• Traditional firewall• Standalone load balancer
Limitations• DDoS protection• Connections• Scale• Device management• Defense methods
© F5 Networks, Inc.
11
Internet Data Center Perimeter FirewallPerimeter Firewall with Load Balancer
With BIG-IP
BIG-IP LTM with ASM
Overview• Consolidated Device• Firewall Service• Application Delivery• Web Application Firewall
Benefits• Application fluency• SSL visibility• DDoS protection 30+ types• Dynamic defense methods• Best price to performance class• OWASP top 10 protection
© F5 Networks, Inc.
12
Customer Website
Integrated Vulnerability ScanningEnhanced Integration: BIG-IP ASM and Vulnerability Scanner
Vulnerability Scanner
• Finds a vulnerability• Virtual-patching with
one-click on BIG-IP ASM
BIG-IP Application Security Manager
• Verify, assess, resolve and retest in one UI• Automatic or manual creation of policies• Discovery and remediation in minutes
• Vulnerability checking, detection and remediation
• Complete website protection
• Qualys• IBM• WhiteHat• Cenzic
© F5 Networks, Inc.
13
BIG-IP data center firewall solution is based on the new release of BIG-IP, v11.1 and is available today
Industry certification ‒ Customers are assured that ICSA-certified BIG-IP products meet specific and objective test criteria, helping them to comply with regulatory requirements
Scalable performance – BIG-IP supports up to 72 Gbps of throughput, 2.8M conn/sec, and 48M concurrent connections on a single device
Vulnerability assessment – Solution integrates with leading web application scanning tools, including WhiteHat Sentinel, IBM Rational AppScan, Qualys QualysGuard WAS, and Cenzic Hailstorm
Extensible and adaptable – Our DevCentral community of nearly 90,000 members and Threat Analysis team are able to quickly offer virtual patches to address newly published vulnerabilities
BIG-IP Data Center Firewall SolutionNews Summary
© 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries
