WEB SECURITY NEW GENERATION
BIG-IP Application Security Manager
The most dangerous threats to IT infrastructure are related to attacks targeting application vulnerabilities. Conventional security measures such as firewalls and intrusion detection systems have great difficulty detecting such intrusions.
Application Security Manager (ASM) provides full protection for Web applications and XML-based services. Using an application firewall provides customers with major benefits, including: protection against application attacks, regulatory compliance (including PCI DSS), and passing security audits without interfering with application code.
An auto-adaptive approach to protecting Web applications enables the creation and maintenance of security policies based on observation of traffic patterns, so a positive security model is used. Any traffic that does not comply with the created policy is rejected, so that the company’s resources are protected not only from known but also unknown types of attacks. The second major advantage of this approach is that it minimizes the administrative time required to configure the ASM system.
Application Security Manager is available as a separate system and as a license module for the BIG-IP family of devices.
Based on extensive experience in developing Application Delivery Controller solutions, F5 Networks proposes a combination of high security and application availability to protect server and data center infrastructure.
BIG-IP AFM (Application Firewall Manager).
forms the core of F5’s Application Delivery Firewall solution, combining a firewall with traffic management, application security, user access management and DNS security. By consolidating the security functions of several BIG-IP modules onto a single platform, management complexity is reduced while maintaining high performance and scalability.
Unlike traditional firewalls, BIG-IP AFM is built on a full-proxy architecture, which means it fully inspects incoming connections and checks them for threats, and in the next step forwards them to the appropriate server. In the reverse direction, for server-client communications, by using a proxy in conjunction with AFM, it is possible to check data to protect against the leakage of sensitive information, such as credit card numbers or social security numbers.
F5 AFM facilitates a number of security-related functionalities that were already previously available in BIG-IP, while their implementation was associated, for example, with the need to create appropriate rules (iRule).
A special feature of F5 AFM is that security rules are assigned to a given Virtual Server (VSS) – so that before traffic is allowed to enter the resource to which the VSS is assigned, it is checked for security by a series of predefined rules. Also noteworthy is an enhanced reporting and logging module, providing statistics and information on all attempts to violate security rules.
BIG-IP Web Accelerator
solution provides features to optimize performance and eliminate problems on the side of web browsers, application platforms or WAN latency. The use of a single WA system can increase application performance by 2X to 10X by using, among other things. mechanisms: dynamic content control, SSL Offload, intelligent cross-browser referencing, dynamic compression and caching, bandwidth management and more.
MetaDefender ICAP Server
MetaDefender ICAP Server uses the Internet Content Adaptation Protocol (ICAP) to integrate with network devices to protect against advanced threats on network traffic and storage devices. It uses industry-leading multiple scanning, vulnerability scanning and data cleansing – also known as “content disarmament and reconstruction” (CDR). In addition, it performs vulnerability assessments and prevents data loss (DLP).
Protect Reverse Proxies
By integrating MetaDefender’s ICAP server with the servers of the so-called. Reverse proxies such as loadbalancers, application controllers and firewalls (WAFs) we can raise the security status of applications to the maximum level. With ICAP, all applications behind the network device are protected. Together, F5 and OPSWAT offer a compelling and integrated security solution to reduce the application attack surface and and ensure network security.
OPSWAT’s MetaDefender cybersecurity platform scans files with 30+ leading antivirus engines, and cleans up data (Disarm and Reconstruction). The F5 BIG-IP platform is a smart evolution of application controller technology. It offers the superior intelligence that administrators require to ensure application availability in a fast and secure manner