BIG-IP Data Center Firewall Solution

6,874 views

Published on

F5’s certified firewall protects against large-scale cyber attacks on public-facing websites. F5 solution delivers significantly better price and performance than traditional firewalls. ICSA Labs certifies BIG-IP Application Delivery Controllers to defend against DDoS and multilayer attacks.

Published in: Technology
1 Comment
3 Likes
Statistics
Notes
  • Defending against 30+types of network and application layer DDos attack is very interesting.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
6,874
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
347
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

BIG-IP Data Center Firewall Solution

  1. 1. BIG-IP Data Center Firewall Solution
  2. 2. 2Announcement HighlightsF5® BIG-IP® product family has been certified by ICSA Labs asa network firewall Performs and scales substantially better than competitor solutions Defends against 30+ types of network and application layer DDoS attacks Responds rapidly to new security threats for which a patch does not yet exist, reducing the window of exposure Significantly limits risk of revenue loss and damage to corporate credibility caused by malicious cyber attacks © F5 Networks, Inc.
  3. 3. 3The world’s fastest and most extensibleData Center Firewall © F5 Networks, Inc.
  4. 4. 4The Current DC Security Model is Broken1. Lack of performance and scale2. Inability respond to changing threats3. Failure to extend new services4. Complexity and cost of multiple vendors Application Web Access Firewall Network DDoS DDoS Management Web ServersInternet Load Load Balancer Balancer & SSL Web Application DNS Security Firewall © F5 Networks, Inc.
  5. 5. 5 Unified Security Architecture Traditional Approach DDOS WEB APPPROTECTION FIREWALL LOAD BALANCER FIREWALL DNS SECURITY ACCESSMANAGEMENT © F5 Networks, Inc.
  6. 6. 6What Has Been Missing?BIG-IP Now Certified as Network Firewall © F5 Networks, Inc.
  7. 7. 7DNS WEB ACCESS LTM © F5 Networks, Inc.
  8. 8. 8Slash Response Times Extensibility delivers protection sooner Help needed One hour later One week later DevCentral F5 validates Apache releases request and posts fix fix One hour later… the One week later… A user asks for help testing and rollout still customer deployed to avoid an exploit on need to take place. and validated the fix. Apache. © F5 Networks, Inc.
  9. 9. 9HashDos – Post of Doom“HashDos – Post of Doom” vulnerabilityaffects all major web servers andapplication platformsSingle DevCentral iRule mitigatesvulnerability for all back end servicesStaff can schedule patches for back-endservices on their own timeline © F5 Networks, Inc.
  10. 10. 10Use Case: Internet Data Center Perimeter FirewallPerimeter Firewall with Load Balancer Today Overview • Traditional firewall • Standalone load balancer Limitations • DDoS protection • Connections • Scale • Device management • Defense methods Load Balancer © F5 Networks, Inc.
  11. 11. 11Internet Data Center Perimeter FirewallPerimeter Firewall with Load Balancer With BIG-IP Overview • Consolidated Device • Firewall Service • Application Delivery • Web Application Firewall Benefits • Application fluency • SSL visibility • DDoS protection 30+ types • Dynamic defense methods • Best price to performance class • OWASP top 10 protection BIG-IP LTM with ASM © F5 Networks, Inc.
  12. 12. 12 Integrated Vulnerability Scanning Enhanced Integration: BIG-IP ASM and Vulnerability Scanner Customer Website Vulnerability Scanner • Finds a vulnerability • Virtual-patching with one-click on BIG-IP ASM• Vulnerability checking, detection and remediation BIG-IP Application Security Manager• Complete website protection • Qualys • IBM • WhiteHat • Cenzic • Verify, assess, resolve and retest in one UI • Automatic or manual creation of policies • Discovery and remediation in minutes © F5 Networks, Inc.
  13. 13. 13BIG-IP Data Center Firewall SolutionNews SummaryBIG-IP data center firewall solution is based on the new release of BIG-IP,v11.1 and is available todayIndustry certification ‒ Customers are assured that ICSA-certified BIG-IPproducts meet specific and objective test criteria, helping them to complywith regulatory requirementsScalable performance – BIG-IP supports up to 72 Gbps of throughput,2.8M conn/sec, and 48M concurrent connections on a single deviceVulnerability assessment – Solution integrates with leading webapplication scanning tools, including WhiteHat Sentinel, IBM RationalAppScan, Qualys QualysGuard WAS, and Cenzic HailstormExtensible and adaptable – Our DevCentral community of nearly 90,000members and Threat Analysis team are able to quickly offer virtual patchesto address newly published vulnerabilities © F5 Networks, Inc.
  14. 14. © 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries

×