18. Next Steps
• Visit us online at www.F5.com/security and for more information on F5
security solutions.
• Contact your F5 solution expert to discuss effective security solutions that
meet specific needs of your organization and those you do business with.
Edifício Berrini Plaza
Rua Samuel Morse, 134 - 10º andar
Brooklin - São Paulo SP
Tel: +55 11 5054.4480
CEP: 04576-060
E-mail: info@cylk.com.br
Hinweis der Redaktion
Key Points:
IT challenges are growing at exponential rates
Most of these challenges are external forces pushing in on IT
The challenges are a mix of both apps and infrastructure – mobile apps and BYoD tax both the app and network infrastructure
However the solutions are typically siloed, focused on solving very specific issues without addressing the larger problems as a whole
These technology shifts, many of which are creating market transitions. Creating a great opportunity for solutions. For example,
Users no longer work from the office. Today, they work for anywhere, at any time, one any device, and corporations needs solutions for a mobile work force
The rise of the Cloud and Software Define Data Center….means that applications are equally portable and require a new set of solutions to ensure they’re fast, secure and available
With such changes, there are new forms or threats…from simple FW solutions, to DDoS (volumetric and application centric), to malware, fraud and much more
Lets not forget Software Defined “Everything”, customer want a much more agile infrastructure and orchestration and manageability. At a push of a button they want to orchestrate the whole stack.
Clearly, there will be more devices and traffic. Demanding more diameter signaling, security and QoE
And last, let not forget the HTTP is the new TCP. HTTP is the web protocol and therefore your network infrastructure needs to be aware of the session flows and messages, which requires intelligence beyond the traditional layer 3 solutions
All these solutions are having dramatic implications on applications an the users that access them.
451 Research Diversifying into WAFs: ASM #1 most deployed WAF. https://informationsecurity.451research.com/?p=5684
Add-On Module for BIG-IP Family (For new BIG-IP platforms, e.g. 3600, 3900, 6900, 6900 FIPS, 8900, 8950 and 11050. Available as an add-on module for BIG-IP LTM.)
Access Profile for Local Traffic Virtual Servers (Very simple configuration to add an Access Policy to an LTM Virtual. Just select an Access Profile from the pulldown menu under the LTM Virtual configuration page. The rest of the Access Policy is configured under the Access Control left-hand menu, where AAA servers are configured, ACLs and ACEs are defined, and VPE is used to create the visual policy.)
APM Policy Engine (This is the advanced policy engine behind APM add-on for BIG-IP)
Industry Leading Visual Policy Editor (VPE) (See screenshot. Next generation of visual policy editor which has been a big selling point for FirePass. Others, e.g. Cisco, and started trying to copy, but years behind in this area).
VPE Rules (TCL-based) for Advanced Policies (Ability to edit the iRules-like TCL rules behind the VPE directly, for advanced configurations, or to create all new rules for custom deployments. Tight integration between the VPE rules and TMM iRules – e.g. ability to drive Access Policies via TMM iRules, Access Policy creating new iRules events, etc.).
Endpoint Security
More than a dozen different endpoint security checks available (Large number of agents available, e.g. Virtual Keyboard, AV and firewall checks, process, file, and registry checks, extended Windows info, client and machine certificates, etc.)
Manage endpoints via Group Policy enforcement and Protected Workspace (Endpoint remediation capabilities like Protected Workspace and Full Armor-based AD Policy enforcement, in addition to Cache Cleaner, redirects to remediation pages, and message and decision boxes).
Authentication and Authorization
Flexible authentication and authorization capabilities via client cert, AD, LDAP, RADIUS, RSA SecurID agents (Broad array of authentication, authorization, and accounting capabilities – including RADIUS accounting).
Access Control
High-Performance Dynamic Layer 4 and Layer 7 (HTTP/HTTPS) ACLs (Role/User-based Access Control engine built directly into TMM, via hudfilters. Supports dynamic assignment and enforcement of layer 4 ACL/firewall capabilities, as well as now supporting dynamic layer-7 HTTP/HTTPS URL-based access controls. High-performance as built directly into dataplane.)