F5 bolsters Big-IP security features

Big-IP can protect against automated bots that scan for known vulnerabilities

New features in Big-IP version 10.1 are aimed at helping companies address Web application threats and ensure compliance with security regulations such as PCI.

The latest release of F5’s Big-IP application delivery software pays a lot of attention to security.

New features in Big-IP version 10.1 are aimed at helping companies address Web application threats and ensure compliance with security regulations such as the Payment Card Industry’s Data Security Standard (PCI DSS).

Built into Big-IP Global Traffic Manager is a new security signing policy, for instance, that’s designed to ensure end users receive legitimate DNS responses. This can protect against attacks such as DNS cache poisoning, whereby hackers hijack Web traffic and redirect it to bogus sites without end users knowing it.

Another upgrade adds to the reporting capabilities in the Big-IP Application Security Manager (ASM) software module. Specifically, users can get PCI compliance reports that summarize their conformance status. Users can validate whether they are in compliance with PCI DSS 1.2, and if not, Big-IP ASM provides the steps required to become compliant.

Big-IP ASM also now provides better protection against automated scanners and bots that scan for known vulnerabilities. It protects against Web scraping, which is a common technique for capturing sensitive business and customer data.

“Enterprises must seek an optimal balance that blends security features with application acceleration capabilities,” said Jon Oltsik, a senior analyst with Enterprise Strategy Group, in a statement. “F5 has a deep understanding of the network layer and recognizes the constant pressure enterprises are under to accelerate the ‘good stuff’ and keep everything else out.”

To keep track of attacks, F5 built a new Attack Expert System into ASM. It explains every Web site attack and details what ASM did to protect against them. Geolocation data lets companies pinpoint the country where an attack originated, along with the violation, severity, IP address and other details. The geolocation capabilities also can help companies determine where users are located for the purposes of complying with trade restrictions, for instance.

"Geolocation is a must-have for enterprises seeking best-in-class fraud detection," said Avivah Litan, vice president and distinguished analyst at Gartner. "New types of attacks will join ones that have already plagued infrastructures, and geolocation provides an important data point in fending off these attacks."

F5 is using technology from Quova to power its location-based capabilities. The two vendors have a new partnership and OEM agreement, announced this week.

Quova’s technology maps IP addresses and other data to geographic locations. With these capabilities, F5 can enforce download and access restrictions based on locality. In addition, customers can use location data to set default language pages and customize content for specific regions.

Quova's continent, country, and state-level geolocation data also will enable Big-IP to provide more accurate and more granular geographic traffic management, F5 says.

“Using the combined power of the F5 iRules scripting language and Quova’s superior IP geolocation data, customers will be able to make more intelligent, context-aware traffic management decisions on the application delivery controller,” said Mark Vondemkamp, director of product management for security at F5.

BIG-IP version 10.1 and its associated product modules are available today.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10