Cloud Computing Economics - There Is No Free Service

Cloudonomics Journal

Subscribe to Cloudonomics Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloudonomics Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

F5 Networks on Tuesday announced that the latest release of the F5 BIG-IP product family has been certified by ICSA Labs as a network firewall, helping customers protect their public-facing websites from today’s massive cyber attacks. The newly certified solution handles eight times more traffic at the same cost of the closest competitor’s solution.

“F5 provides an entirely new and more intelligent approach for defending public-facing web properties and DNS services against harmful attacks,” said Mark Vondemkamp, Director of Product Management at F5. “Many of the world’s largest and most prestigious brands are leveraging F5’s BIG-IP solution to protect web properties that have substantial traffic levels and are frequent targets of malicious attacks. An added benefit of our solution is that it delivers dramatically better price/performance than traditional firewalls.”

F5’s approach is unique in that the security capabilities noted above can be deployed on BIG-IP Application Delivery Controllers (ADCs)—best known for providing industry-leading intelligent traffic management and optimization capabilities. This firewall solution is part of F5’s comprehensive security architecture that enables customers to apply a unified security strategy. For the first time in the industry, organizations can secure their networks, data, protocols, applications, and users on a single, flexible, and extensible platform: BIG-IP.


The repeated failure of traditional network firewalls is a primary cause of outages and data leaks, which can profoundly impact revenue, degrade corporate reputations, and jeopardize regulatory compliance.

Traditional security solutions attempt to piece together point products such as network firewalls, DDoS appliances, DNS appliances, web application firewalls, and basic ADCs. This point product approach not only increases complexity, it also contributes to network latency and adds multiple points of failure. Worse, these divergent solutions have no ability to integrate information from different attack vectors, leaving potential gaps in protection and making it impossible for organizations to deliver a unified defense.

“Many organizations are finding that their network firewalls operating at layer 3 or 4 in the TCP/IP stack are having problems protecting against application layer attacks because the traffic is encrypted by SSL,” said Jeff Wilson, Principal Security Analyst at Infonetics. “Lacking the visibility and intelligence to inspect the entire protocol stack, traditional firewalls can’t protect against today’s increasingly sophisticated and massively distributed attacks. In addition, many network firewalls have only a fraction of the connection capacity required to handle the millions of requests per second that typify modern DDoS attacks.”

A Better Way to Help Protect Applications and Services

BIG-IP solutions reach well beyond the limitations of traditional network firewalls, enabling customers to:

  • Reduce hardware and operating costs by as much as 50%
  • Perform comprehensive inspection services to defend against 30+ types of network and application layer DDoS attacks
  • Respond rapidly to new security threats for which a patch does not yet exist, reducing the window of exposure
  • Significantly limit revenue loss and damage to corporate credibility caused by malicious cyber attacks

The BIG-IP version 11.1 platform, which includes multiple modules that can be deployed as standalone or layered solutions, provides enhanced protection for DNS servers, as well as highly scalable web access management capabilities and single sign-on services. In addition, it enables customers to dynamically create application security policies using context derived from leading vulnerability scanning tools.

The following characteristics put F5’s firewall solution in a class by itself:

  • Scalable Performance – BIG-IP devices support 2.8 million connections per second—eight times that of the closest competitor’s solution, with only 360,000 connections per second.
  • Extensible and Adaptable Platform ‒ Using F5’s event-driven scripting language, iRules®, application, security, and network teams can quickly build new services that inspect, transform, and direct application traffic.
  • Vulnerability Assessment BIG-IP Application Security Managerintegrates with leading web application scanning tools, including WhiteHat Sentinel, IBM Rational AppScan, Qualys QualysGuard WAS, and Cenzic Hailstorm, to help assess and mitigate vulnerabilities.
  • DNS ProtectionBIG-IP Global Traffic Manager provides security, scalability, performance, and control to help protect the DNS infrastructure from attacks (such as DDoS, DNS response hijacking, and cache poisoning) that can cause DNS outages and reduce productivity.
  • High Performance and Flexible AccessBIG-IP Access Policy Manager® on the F5 VIPRION® high performance chassis takes advantage of the world’s fastest ADC, delivering endpoint inspection, multifactor user authentication, L3–L7 access controls, and single sign-on capabilities.
  • Context Awareness – Because BIG-IP is fluent in application protocols, it can detect unusual application behavior and block traffic accordingly.
  • Industry Certification – Customers worldwide rely on the independent, objective evaluation and product assurances of ICSA Labs, which specializes in certifying security solutions. Customers can be confident that ICSA-certified BIG-IP products meet specific and objective test criteria and deliver strong security protections.
  • Engaged Community – F5’s DevCentral online community—with over 90,000 application developers, network professionals, and IT architects worldwide—offers practical, real-world solutions to help bridge the gap that has traditionally existed between functional teams.

Today’s news, which builds on F5’s vision of the dynamic data center, ties back to the BIG-IP version 11 announcement that focused on helping customers protect their Web 2.0 applications, secure their DNS infrastructures, and control application access and policies in a centralized manner. This new network firewall certification—the first of its kind available on an ADC—rounds out F5’s existing ICSA Labs’ certifications for its BIG-IP web application firewall and SSL VPN solutions.

More Stories By Liz McMillan

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.