F5’s $29 million cash purchase of application firewall vendor Magnifire WebSystems adds a layer of Web security to F5's product line.
Magnifire's TrafficShield appliance will be sold as a standalone device in the near term, with the goal of integrating the software onto F5's Big-IP platforms to create a load-balancing, traffic-management, security gateway for Web applications, the company says.
TrafficShield sits between the Internet and Web application servers where it examines packets, identifies flows and sessions and enforces security policies. For example, it can enforce a rule that users can log in to applications only from a log-in screen, not from another user account. If allowed, this log-in vulnerability would allow users to randomly access resources authorized for other users.
F5 says it is developing a new version of the operating system for its Big-IP traffic management platform due out in September that is more modular and that will enable adding content-filtering software more readily. For instance, the new software, called Big-IP version 9, will be able to support TrafficShield as well as FirePass, the SSL remote access platform F5 acquired with the purchase of uRoam.
F5 says it also plans to develop an appliance called Application Security Gateway that will support just FirePass and TrafficShield without the traffic management and load-balancing capabilities of Big-IP.
Code-named Buffalo Jump, version 9 will also come with a new Big-IP hardware platform designed to reach gigabit throughput, F5 says.
Many application firewall vendors such as ISS, iPolicy and NetScreen have developed operating systems that support different content filters to Web traffic, says Richard Steinnon, an analyst with Gartner. These filters are then sold as separate software modules that scan for different types of exploits. "This allows you to adapt to the changing threat-scape," Steinnon says.
Adding more filtering just in front of Web servers makes sense, says Joel Conover, an analyst with Current Analysis. "You've already paid the performance penalty," by terminating sessions and examining packets, he says, so the device might as well apply multiple filters to the packets all at once.
TrafficShield crawls Web pages to determine a baseline of normal content and flow of data and automatically develops policies that define and support allowable use. Administrators then review the suggested policies and accept or reject them. Or these policy recommendations can be put in monitoring mode to determine what traffic would be filtered out by them.
Filtering for attacks would be unnecessary if application developers wrote secure code, says Conover, but that cannot be relied on, so devices like these will be needed for the foreseeable future.
F5 has also announced that staff from its uRoam and Magnifire acquisitions will be combined into a security business unit that will have its own research and development and sales teams as well as a professional services unit, F5 says.
Magnifire was based in Israel and opened U.S. sales offices last year. It had received $9.1 million in venture funding.