More Related Content Similar to BIG-IP Data Center Firewall Solution (20) More from F5 Networks (20) BIG-IP Data Center Firewall Solution2. 2
Announcement Highlights
F5® BIG-IP® product family has been certified by ICSA Labs as
a network firewall
Performs and scales substantially better than competitor
solutions
Defends against 30+ types of network and application layer
DDoS attacks
Responds rapidly to new security threats for which a patch
does not yet exist, reducing the window of exposure
Significantly limits risk of revenue loss and damage to
corporate credibility caused by malicious cyber attacks
© F5 Networks, Inc.
4. 4
The Current DC Security Model is Broken
1. Lack of performance and scale
2. Inability respond to changing threats
3. Failure to extend new services
4. Complexity and cost of multiple vendors
Application Web Access
Firewall Network DDoS
DDoS Management
Web Servers
Internet
Load Load
Balancer Balancer
& SSL
Web Application
DNS Security Firewall
© F5 Networks, Inc.
5. 5
Unified Security Architecture
Traditional Approach
DDOS WEB APP
PROTECTION FIREWALL
LOAD
BALANCER
FIREWALL
DNS
SECURITY
ACCESS
MANAGEMENT © F5 Networks, Inc.
6. 6
What Has Been Missing?
BIG-IP Now Certified as Network Firewall
© F5 Networks, Inc.
7. 7
DNS WEB ACCESS
LTM
© F5 Networks, Inc.
8. 8
Slash Response Times
Extensibility delivers protection sooner
Help needed One hour later One week later
DevCentral F5 validates Apache releases
request and posts fix fix
One hour later… the One week later…
A user asks for help testing and rollout still
customer deployed
to avoid an exploit on need to take place.
and validated the fix.
Apache.
© F5 Networks, Inc.
9. 9
HashDos – Post of Doom
“HashDos – Post of Doom” vulnerability
affects all major web servers and
application platforms
Single DevCentral iRule mitigates
vulnerability for all back end services
Staff can schedule patches for back-end
services on their own timeline
© F5 Networks, Inc.
10. 10
Use Case: Internet Data Center Perimeter Firewall
Perimeter Firewall with Load Balancer
Today
Overview
• Traditional firewall
• Standalone load balancer
Limitations
• DDoS protection
• Connections
• Scale
• Device management
• Defense methods
Load Balancer
© F5 Networks, Inc.
11. 11
Internet Data Center Perimeter Firewall
Perimeter Firewall with Load Balancer
With BIG-IP
Overview
• Consolidated Device
• Firewall Service
• Application Delivery
• Web Application Firewall
Benefits
• Application fluency
• SSL visibility
• DDoS protection 30+ types
• Dynamic defense methods
• Best price to performance class
• OWASP top 10 protection
BIG-IP LTM with ASM
© F5 Networks, Inc.
12. 12
Integrated Vulnerability Scanning
Enhanced Integration: BIG-IP ASM and Vulnerability Scanner
Customer Website Vulnerability Scanner
• Finds a vulnerability
• Virtual-patching with
one-click on BIG-IP ASM
• Vulnerability checking,
detection and remediation BIG-IP Application Security Manager
• Complete website protection
• Qualys
• IBM
• WhiteHat
• Cenzic
• Verify, assess, resolve and retest in one UI
• Automatic or manual creation of policies
• Discovery and remediation in minutes
© F5 Networks, Inc.
13. 13
BIG-IP Data Center Firewall Solution
News Summary
BIG-IP data center firewall solution is based on the new release of BIG-IP,
v11.1 and is available today
Industry certification ‒ Customers are assured that ICSA-certified BIG-IP
products meet specific and objective test criteria, helping them to comply
with regulatory requirements
Scalable performance – BIG-IP supports up to 72 Gbps of throughput,
2.8M conn/sec, and 48M concurrent connections on a single device
Vulnerability assessment – Solution integrates with leading web
application scanning tools, including WhiteHat Sentinel, IBM Rational
AppScan, Qualys QualysGuard WAS, and Cenzic Hailstorm
Extensible and adaptable – Our DevCentral community of nearly 90,000
members and Threat Analysis team are able to quickly offer virtual patches
to address newly published vulnerabilities
© F5 Networks, Inc.
14. © 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS,
and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries